SSH without password

A small how-to for public key based authentication for CentOS/Red Hat/etc...

On the SSH client:

ssh-keygen # Accept all defaults, do not enter a password.
ssh-copy-id USER@SERVER_IP
restorecon -R ~/.ssh

On the SSH server:

# Login to the server normally (with password)
restorecon -R ~/.ssh

Public key based authentication should now work.

These problems (which are usually permissions related) are much more easily debugged from the server side. I recommend that you start another sshd in debug mode with: /usr/sbin/sshd -d -p 2222 which will start another sshd on port 2222, then run ssh -p 2222 user@sshserver on the client side. Watch what comes out of the sshd when your client tries to authenticate.

Permissions problems don't have to be just /home/$USER/.ssh. it could also be a problem with /, /home, or /home/$USER. If any of those are group writable it can be a problem.

Another common problem is that you mis-paste and put linebreaks in the middle of your key in the authorized_keys file

serverA# ls -lah /root
serverA# ls -lah /root/.ssh
serverA# selinuxenabled 
serverA# echo $?

serverB# ls -lah /root
serverB# ls -lah /root/.ssh
serverB# senlinuxenabled
serverB# echo $?

If that doesn't show you the problem, try the following. ServerA is the client and serverB the ssh server.

On serverB, edit /etc/ssh/sshd_config. Find the line that looks like:

LogLevel INFO

Change it to:

LogLevel VERBOSE

Then:

serverB# /etc/init.d/sshd restart

On serverA:

serverA# ssh -vvv root@serverb

You can now reivew the /var/log/secure file on serverB for clues.

As a final tip, please review:

http://www.ibm.com/developerworks/library/l-keyc/index.html

Check your permissions, they should be

drwx------

for your .ssh directory and

-rw-------

for your authorized_keys file.

So, to set the permissions properly, try this:

chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys