The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ssh keys on cPanel server

Discussion in 'General Discussion' started by sh4ka, Jul 14, 2006.

  1. sh4ka

    sh4ka Well-Known Member

    Joined:
    May 12, 2005
    Messages:
    442
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    US
    cPanel Access Level:
    DataCenter Provider
    Hello there,

    I'm trying to use ssh keys instead of passwords but i am not able to do it :S
    So, followed all steps by eth0's guide, until i connect to the remote server, take a look at the logs:

    Code:
    esteban@machine:~/.ssh$ ssh -v -p 20899 root@XX.XX.XX.XX
    OpenSSH_4.2p1 Debian-7ubuntu3, OpenSSL 0.9.8a 11 Oct 2005
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Connecting to XX.XX.XX.XX [XX.XX.XX.XX] port 20899.
    debug1: Connection established.
    debug1: identity file /home/esteban/.ssh/identity type -1
    debug1: identity file /home/esteban/.ssh/id_rsa type 1
    debug1: identity file /home/esteban/.ssh/id_dsa type 2
    debug1: Remote protocol version 2.0, remote software version OpenSSH_3.6.1p2
    debug1: match: OpenSSH_3.6.1p2 pat OpenSSH_3.*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.2p1 Debian-7ubuntu3
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'XX.XX.XX.XX' is known and matches the RSA host key.
    debug1: Found key in /home/esteban/.ssh/known_hosts:9
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/esteban/.ssh/identity
    debug1: Offering public key: /home/esteban/.ssh/id_rsa
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Offering public key: /home/esteban/.ssh/id_dsa
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Next authentication method: keyboard-interactive
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Next authentication method: password
    root@XX.XX.XX.XX's password:
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    Permission denied, please try again.
    root@XX.XX.XX.XX's password:
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    Permission denied, please try again.
    root@XX.XX.XX.XX's password:
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: No more authentication methods to try.
    Permission denied (publickey,password,keyboard-interactive).
    esteban@machine:~/.ssh$
    
    

    Sshd configurations are:

    Code:
    # Authentication:
    
    #PermitRootLogin yes
    PermitRootLogin without-password
    
    #RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile .ssh/authorized_keys
    
    Any ideas ?
     
    #1 sh4ka, Jul 14, 2006
    Last edited: Jul 14, 2006
  2. LiNUxG0d

    LiNUxG0d Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    206
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Gatineau, Quebec, Canada
    Hey there,

    Well, I'm not 100% on what you're doin', but if you'd like, you can follow steps I personally use to create and send a key to another box in order to log in passwordless. I - of course - assume you have basic SSH knowledge and shell skills. ;)

    Step 1: Create an RSA key

    Create an RSA key in a shell as the user you so desire using the ssh-keygen command, it'll looks something like this. I've padded it with [enter] to know when I hit enter:

    PHP:
    root@hifi [~]# ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/root/.ssh/id_rsa): [enter]
    Enter passphrase (empty for no passphrase): [enter]
    Enter same passphrase again: [enter]
    Your identification has been saved in /root/.ssh/id_rsa.
    Your public key has been saved in /root/.ssh/id_rsa.pub.
    The key fingerprint is:
    e5:73:d4:bd:8f:f6:e3:64:03:dd:67:99:a5:f1:a8:73 root@hifi
    Step 2: Propogate the key to the remote server

    - Open the id_rsa.pub file using pico, nano, vi or whathaveyou.
    - Copy and paste that key to a notepad (no wordwrap).
    - Log into the server that you want to be able to auto-log into as the user you want being accessible using this key.
    - Edit the /home/username/.ssh/authorized_keys file on the destination server. (if not created, create it)
    - Paste the key from your notepad to the open editor.
    - Save it.
    - chmod the /home/username/.ssh/authorized_keys to 700 and that's it!

    You should now be able to SSH to from one to the other sans password. :)

    Hope this helps.

    Take care!

    Jamie
     
Loading...

Share This Page