[CentOS] Passwordless ssh

Gregory P. Ennis PoMec at PoMec.Net
Tue Feb 2 03:27:52 UTC 2010

On Mon, 2010-02-01 at 19:49 -0700, Warren Michelsen wrote:
> On Mac OS, in order to allow ssh using dsa keys, I would copy 
> ~/.ssh/id_dsa.pub from my machine into ~/.ssh/authorized_keys of the 
> target machine. I've created .ssh directories in my account home as 
> well as in /root and copied the respective keys to authorized_keys 
> files in each.
> Strangely, I can now ssh as root with no password but my own user 
> account still prompts for a password. What might be wrong?
> Interestingly, passwordless root ssh log-in worked while 
> 'PermitRootLogin' in /etc/ssh/sshd_config was just 'yes' and before I 
> changed it to 'without-password'.
> _______________________________________________


You should be able to achieve what you are wanting to do.  Some
principles that need to be followed are :

#1. If you change anything in sshd_config you must restart sshd before
your changes will become active.  You can do this in the root account
easily by entering :

service sshd restart

#2. If you are connecting from one account to another account in
different machines you must have id_dsa.pub
in /home/user/.ssh/authorized_keys file of the account you are
connecting with.

ie if you are logged on as root in one machine and you connect to
another machine to the root account then id_dsa.pub of the original
account has to be in /root/.ssh/authorized_keys of the machine you are
connecting to.  

#3. if you are are connecting to an account of a remote machine to an
account different than the one you are on you must have the id_dsa.pub
of your logged on account in the authorized_keys of the remote account.

ie if you are on the root account of one machine and you want to log
onto the warren account of a remote machine you must
have /root/.ssh/id_dsa.pub in /home/warren/.ssh/authorized_keys

The command for this connection would be

"ssh warren at remote.com"  or "ssh -l warren remote.com" 

Make sure these things are in place, and if it does not work after
checking these things let me know.

Greg Ennis

More information about the CentOS mailing list