Ping a Specific Port

Question

mik

Asked: 2012-07-21 14:34:26 +0800 CST2012-07-21 14:34:26 +0800 CST 2012-07-21 14:34:26 +0800 CST

SSH autologin works sporadically

772

I am installing 20 servers.

On each, with a specific user I created a dsa key.

I did cat key.pub from each server onto ~/.ssh/authorized_keys of the first server

I verified all servers can log in without password to the first server.

Using puppet, I copied the .ssh/authorized_key from the first server to all the other servers.

Permissions are the same, 600

I can't log in automatically; it still works from the servers to the first - but not to any other. I log in as the user, ssh to the other servers - and it asks me for password.

I restarted sshd service, but to no avail. /etc/ssh/sshd_config is the same on the first server and all the others.

This is RHEL6.

Any ideas? Did I do something wrong?

This is the puppet file; it works now -- i had the root as 775

file {"/home/user":
    owner   => user,
    group   => user,
    ensure  => directory,
    mode    => 755,
}

file {"/home/user/.ssh":
    owner   => user,
    group   => user,
    ensure  => directory,
    mode    => 700,
}

file {"/home/user/.ssh/authorized_keys":
    owner   => user,
    group   => user,
    ensure  => file,
    mode    => 600,
    source => "puppet://puppet/files/user_sshkeys.txt";
}

3 Answers

Voted

ewwhite · Answer 1 · 2012-07-22T07:49:06+08:00

Best Answer

ewwhite

2012-07-22T07:49:06+08:002012-07-22T07:49:06+08:00

The permissions of the ~/.ssh directory should be 700. The permissions of the ~/.ssh/authorized_keys file should be 600. You probably want to limit write permission on the user's home directory to the user.

chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Instead of using cat, try the ssh-copy-id command, as it takes care of these permissions.

Can you show us what your Puppet file directives look like? This can probably be corrected there.

2

n2deep · Answer 2 · 2012-07-21T15:01:13+08:00

n2deep

2012-07-21T15:01:13+08:002012-07-21T15:01:13+08:00

What you are trying to setup is called "Host Based Authentication". Do web search for this and you will find what you need. It's an advanced SSH topic, that is easy to do, once you have done it.

0

SW. · Answer 3 · 2013-04-11T15:17:21+08:00

SW.

2013-04-11T15:17:21+08:002013-04-11T15:17:21+08:00

Puppet (as I write this, version 3.1.1) has a type called ssh_authorized_key. Using this you can simply push your key out to your machine(s) and it will take care of permissions and such for you.

Here is what I have in my config:

ssh_authorized_key { 'root pub key':
    ensure  => present,
    key     => "yourkeyhere",
    name    => "name@server",
    user    => "user",
    type    => "ssh-rsa",

You can view the relevant documentation here.

Otherwise there are modules that have been written by others that do much the same thing but give some additional options since there are a few limitations with what the ssh_authorized_key type does.

0

SSH autologin works sporadically

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?