Common Practice
Easiest way:$ ssh-copy-id remotehostname
Sometimes, we may encounter
/usr/bin/ssh-copy-id: ERROR: No identities found
In that case, do:
$ ssh-copy-id -i ~/.ssh/id_rsa.pub remotehostname
If known_hosts has offending key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
.
.
.
Offending key in /root/.ssh/known_hosts: 6
.
.
do:
$ sed -i '6d' ~/.ssh/known_hosts
Also, make sure that /etc/ssh/sshd_config is properly configured. In particular:
PermitRootLogin yes
RSAAuthentication yes
PubkeyAuthentication yes
At this stage, usually we should be able to ssh to the remote server without password.
Occasionally, we may still need to change the permission of the /root/.ssh/authorized_keys.
$ chmod 600 authorized_keys
$ chmod 600 .ssh
$ chmod 550 /root
Debugging further problems
On remote server, in /etc/ssh/sshd_config, change:LogLevel INFO
to
LogLevel DEBUG
On client server,
$ ssh -vvv remoteserver
On remote server,
$ tail -n 50 /var/log/secure
If you see on remote server:
debug1: trying public key file /root/.ssh/authorized_keys
debug1: Could not open authorized keys '/root/.ssh/authorized_keys': Permission denied
Probably SELinux is preventing sshd to open the file. Do
$ restorecon -FRvv ~/.ssh
No comments:
Post a Comment