Passwordless SSH + Wrong Chmod

[RobinVossen]

Well I have a application server running.
And I want to get the apps of there using SSH. And the ofc passwordless else its really annoying to put it on.
so I did read http://gentoo-wiki.com/SECURITY_SSH_without_a_password
I tryed the first time with passwords. That worked fine. (but was annoying as hell)
So on the localbox I have a user called john_doe with as username john. (So john is for the system important)
On the appserver I made a user called _sxb (has a meaning inside the company (_s is the users Task in the company, x is it Department and b is the number of user in that department. (B = 11)))
Anyhow I did read that Security_ssh_without_a_password article. And I try the ssh-installkeys tool since If I have to do it by hand for about 100 pcs I will be wasting lots of time.
So, I did do:

[downer]

How does .ssh look on the remote host? Maybe it's there the proble lies?


//D
_________________
HP dv6500 (dv6501eo) Laptop and Dell Latitude E6420 work puter;
both running Gentoo x86_64 quite successfully.

[RobinVossen]

I think you want to know the /home/_sxb/.ssh folder?
I do

[Anarcho]

The executive bit is missing on both .ssh directories!

[RobinVossen]

Thanks..!
I did get premissions are wrong. But the script fixed it for me
Tryed and I get permission denied. But I think thats since of the /etc/ssh file.
lets check..
Nope..

Well ill find this out myself.. I have to take a proper look

Thanks again
_________________
Server Unplugged!

[RobinVossen]

Ok I did EXACTLY what the tutorial said.
didnt work.
So I did rm -rf * when I was in the .ssh folder on Johns PC.
I test it with ssh -l _sxb 192.168.1.1 and I get:

[Anarcho]

You only allow authentication using private/public key, which is a good idea.

But, as you already guessed, there needs to be a authorized_keys file or else noone can connect.

Generaly

1. Generate Keys:
ssh-keygen -t dsa

This will create 2 files, most probably in the ~/.ssh/ folder: id_dsa and id_dsa.pub

2. Put the content of id_dsa.pub in the ~/.ssh/authorized_keys file of the server

3. Put both files id_dsa and id_dsa.pub in the ~/.ssh folder of the client machine

Then you should be able to connect using publickey.
_________________
...it's only Rock'n'Roll, but I like it!

[RobinVossen]

So basically that Tool "ssh-installkeys" is Worthless?
Since I have to do this on about 100 computers.

So, is there a easier way like the installkeys tool?
_________________
Server Unplugged!

[Anarcho]

[RobinVossen]

Ah well what do you think takes the least work?
Your (Classic) way for 100+ Systems?
or the figuring out how the tool works and then run that for 100+ Systems?

I guess you have lots of Knowledge of this so I just ask you
_________________
Server Unplugged!

[Anarcho]

As far as I understand the text in the WIKI this script should be working when you enable password login on the ssh server.

To go with a clean start I would delete the .ssh directories on both home dirs, enable password login on the server (if it is disabled) and then start the ssh-installkeys script. From what I read this should then create your keypair and install the public key on the server. Then you can disable the password authentication again on the server.
_________________
...it's only Rock'n'Roll, but I like it!

[RobinVossen]

Done exacly as you said.
I am as john on his box in his home folder when i execute:

[Anarcho]

Could you please give me the output of

"ls -ld / /home /home/john /home/john/.ssh"
_________________
...it's only Rock'n'Roll, but I like it!

[RobinVossen]

Will do Monday. Since its after work.. I cant access the PC now..
Thanks anyhow, Ill reply as soon as posbile
_________________
Server Unplugged!

[RobinVossen]

[Anarcho]

[RobinVossen]

I got the exact same output. And both users account UIDs are 1001.
However I did play around this for two days now and I did found a nice Solution.
I made a authorized_keys that is linked to id_dsa.pub
Then I did use NFS to mount johns home to the _sxb home.
That does just work And I can make it a Cron-Job to change the SSH Key.
The only problem is that NFS keeps failing. So I have done that dirty now. (See: http://www.linuxforums.org/forum/linux-networking/109897-openvz-network-filesystem.html)

Thanks for everything.
But I still dont get why It didnt work.. So, well if you can explain that anyhow Id love to hear that. (Since Ill learn and gain Knowledge )


Cheers, (or in your native language Auf Wiederseen (I really hope I did write that correct))

~ Robin
_________________
Server Unplugged!

[Anarcho]

[RobinVossen]

Well, thanks for all the Effort anyhow

Thanks for correcting my German. Tomorrow Ill go to German Dusseldorf Airport..


Cheers,
Robin
_________________
Server Unplugged!

[Anarcho]

[RobinVossen]

Ah, cool.
the Airport? I am well Excited..
I am going to Pick My girlfriend up.
We didn't see each other in Person for a Month..!


Cheers,
Robin
_________________
Server Unplugged!

[Anarcho]

[RobinVossen]

My girlfriend is from the Glorious United Kingdom. I am Dutch myself.
And tickets to Eindhoven (Closed to me within the Netherlands) did cost about 50 pounds more..
And Dusseldorf is even closer then Eindhoven. So, well why not
In case you didn't notice yet I am your Neighbor. A Dutch guy
_________________
Server Unplugged!

[Anarcho]