The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Ssh Help!!!!

Discussion in 'General Discussion' started by cguimont, Mar 9, 2005.

  1. cguimont

    cguimont Well-Known Member

    Joined:
    Jul 13, 2004
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    Hello,
    I want to use rsync, and I have a little problem setting keys:
    I tryed many tutorials to set SSH key and none of them seemed to work:
    ex:http://www.jdmz.net/ssh/#note1

    Could anyone help to tell me what I am doing wrong?
    Is there something I may have forgotten?
    Could anyone help me?

    Here is the Host I am trying to cneect to config:
    Code:
    #       $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $
    
    # This is the sshd server system-wide configuration file.  See
    # sshd_config(5) for more information.
    
    # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
    
    # The strategy used for options in the default sshd_config shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented.  Uncommented options change a
    # default value.
    
    #Port 22
    #Protocol 2,1
    #ListenAddress 0.0.0.0
    #ListenAddress ::
    
    # HostKey for protocol version 1
    #HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    #HostKey /etc/ssh/ssh_host_rsa_key
    #HostKey /etc/ssh/ssh_host_dsa_key
    
    # Lifetime and size of ephemeral version 1 server key
    #KeyRegenerationInterval 3600
    #ServerKeyBits 768
    
    # Logging
    #obsoletes QuietMode and FascistLogging
    #SyslogFacility AUTH
    SyslogFacility AUTHPRIV
    #LogLevel INFO
    
    # Authentication:
    
    #LoginGraceTime 120
    #PermitRootLogin yes
    #StrictModes yes
    
    RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile      .ssh/authorized_keys
    
    # rhosts authentication should not be used
    #RhostsAuthentication no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes
    # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no
    
    # To disable tunneled clear text passwords, change to no here!
    #PasswordAuthentication yes
    #PermitEmptyPasswords no
    
    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes
    
    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    
    #AFSTokenPassing no
    
    # Kerberos TGT Passing only works with the AFS kaserver
    #KerberosTgtPassing no
    
    # Set this to 'yes' to enable PAM keyboard-interactive authentication 
    # Warning: enabling this may bypass the setting of 'PasswordAuthentication'
    #PAMAuthenticationViaKbdInt no
    
    #X11Forwarding no
    X11Forwarding yes
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PrintMotd yes
    #PrintLastLog yes
    #KeepAlive yes
    #UseLogin no
    #UsePrivilegeSeparation yes
    #PermitUserEnvironment no
    #Compression yes
    
    #MaxStartups 10
    # no default banner path
    #Banner /some/path
    #VerifyReverseMapping no
    #ShowPatchLevel no
    
    # override default of no subsystems
    Subsystem       sftp    /usr/libexec/openssh/sftp-server
    [root@74 home]# tail -n100 /etc/ssh/sshd_config 
    #       $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $
    
    # This is the sshd server system-wide configuration file.  See
    # sshd_config(5) for more information.
    
    # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
    
    # The strategy used for options in the default sshd_config shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented.  Uncommented options change a
    # default value.
    
    #Port 22
    #Protocol 2,1
    #ListenAddress 0.0.0.0
    #ListenAddress ::
    
    # HostKey for protocol version 1
    #HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    #HostKey /etc/ssh/ssh_host_rsa_key
    #HostKey /etc/ssh/ssh_host_dsa_key
    
    # Lifetime and size of ephemeral version 1 server key
    #KeyRegenerationInterval 3600
    #ServerKeyBits 768
    
    # Logging
    #obsoletes QuietMode and FascistLogging
    #SyslogFacility AUTH
    SyslogFacility AUTHPRIV
    #LogLevel INFO
    
    # Authentication:
    
    #LoginGraceTime 120
    #PermitRootLogin yes
    #StrictModes yes
    
    RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile      .ssh/authorized_keys
    
    # rhosts authentication should not be used
    #RhostsAuthentication no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes
    # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no
    
    # To disable tunneled clear text passwords, change to no here!
    #PasswordAuthentication yes
    #PermitEmptyPasswords no
    
    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes
    
    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    
    #AFSTokenPassing no
    
    # Kerberos TGT Passing only works with the AFS kaserver
    #KerberosTgtPassing no
    
    # Set this to 'yes' to enable PAM keyboard-interactive authentication 
    # Warning: enabling this may bypass the setting of 'PasswordAuthentication'
    #PAMAuthenticationViaKbdInt no
    
    #X11Forwarding no
    X11Forwarding yes
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PrintMotd yes
    #PrintLastLog yes
    #KeepAlive yes
    #UseLogin no
    #UsePrivilegeSeparation yes
    #PermitUserEnvironment no
    #Compression yes
    
    #MaxStartups 10
    # no default banner path
    #Banner /some/path
    #VerifyReverseMapping no
    #ShowPatchLevel no
    
    # override default of no subsystems
    Subsystem       sftp    /usr/libexec/openssh/sftp-server
    

    THanks for your help!!
     
  2. DigitalN

    DigitalN Well-Known Member

    Joined:
    Sep 23, 2004
    Messages:
    420
    Likes Received:
    1
    Trophy Points:
    18
    How to setup ssh keys


    Server with rsync scripts

    # ssh-keygen -t dsa

    Accept the defaults by pressing <enter> until the key has been created.

    Now copy the public key to the other box, and place it in the authorized keys file.

    Login to the server that you are trying to login with no password (123.123.123.123 eg)

    # mkdir /root/.ssh

    # chmod 700 /root/.ssh


    Now back on the server hosting the rsync script, that you set the keys up on

    # scp /root/.ssh/id_dsa.pub 123.123.123.123:/root/.ssh/authorized_keys

    (123.123.123.123 is the box you are trying to login to with your script)

    Now login to 123.123.123.123

    # ssh 123.123.123.123

    You should get there with no password.

    If you want to allow only ssh key access and disable root password logins altogether (good security move) then

    in /etc/ssh/sshd_config

    Change

    #PermitRootLogin yes

    To

    PermitRootLogin without-password

    and restart sshd

    That will allow only key authenticated access to root, make sure your keys work first :)
     
  3. cguimont

    cguimont Well-Known Member

    Joined:
    Jul 13, 2004
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    WoN't work at all.. I tryed it dozens of time...
     
  4. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    What errors do you get? That howto should work flawlessly. If not then you have other issues that need to be sourced out. The more info the better.
     
  5. cguimont

    cguimont Well-Known Member

    Joined:
    Jul 13, 2004
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    I have no errors at all...
    it is just when I type ssh IP,
    it is still asking for a password
    and it shouldn't I guess

    thanks
     
  6. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    I suspect then that this command may not have worked correctly

    scp /root/.ssh/id_dsa.pub 123.123.123.123:/root/.ssh/authorized_keys

    Verify that the contents of id_dsa.pub do actually exist in the authorized_keys file on the destination server.
     
  7. cguimont

    cguimont Well-Known Member

    Joined:
    Jul 13, 2004
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    YEp, I compared authorized_keys with id_dsa.pub
    and it's exactly the same thing.
    dgbaker, would you mind taking a look at it?
    I wouldN't mind giving you access so you can have a look at it!

    Thanks,
    What is your msn?

    THanks
     
  8. DigitalN

    DigitalN Well-Known Member

    Joined:
    Sep 23, 2004
    Messages:
    420
    Likes Received:
    1
    Trophy Points:
    18
    What do you have in /var/log/secure or /var/log/messages after trying to login?
     
  9. checksoft

    checksoft Well-Known Member

    Joined:
    Mar 16, 2002
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Good try, but very confusing and inaccurate in part.

    scp /root/.ssh/id_dsa.pub 123.123.123.123:/root/.ssh/authorized_keys
    is not the same as
    scp /root/.ssh/id_dsa.pub root@<Old server IP>:/root/.ssh/authorized_keys which works.
     
  10. shammi1234

    shammi1234 Member

    Joined:
    Jul 26, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Boss you forgot one simple thing.

    First of all, nobody is using dsa rt now, in the world. You shld use rsa.

    So the command shld be

    shh-keygen -t rsa

    SECOND BIGGEST THING IS, you shld change the permission of the authorized_keys file, it shld be
    600
     
  11. rhenderson

    rhenderson Well-Known Member

    Joined:
    Apr 21, 2005
    Messages:
    785
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Oklahoma
    cPanel Access Level:
    Root Administrator
    Wow this is a 3 year old thread lol, but I do it the same way as above and it works fine.
     
  12. checksoft

    checksoft Well-Known Member

    Joined:
    Mar 16, 2002
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Thanks guys. You've added a lot to this olde thread :D Never know when some poor soul will be searching this forum for the same info.
     
Loading...

Share This Page