Good job, useful information. Thanks -----Original Message----- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Thang Pham Sent: Wednesday, January 05, 2011 9:19 AM To: LINUX-390@vm.marist.edu Subject: Re: EXTERNAL: Re: RHEL6 SSH key
I found that it was the SELinux attributes on the authorized_keys. Restoring the SELinux defaults (# restorecon -R -v /root/.ssh) made everything work with SELinux enabled. ------------------------------------- Thang Pham IBM Poughkeepsie Phone: (845) 433-7567 e-mail: thang.p...@us.ibm.com From: "Hodge, Robert L" <robert.l.ho...@lmco.com> To: LINUX-390@vm.marist.edu Date: 01/05/2011 11:13 AM Subject: Re: EXTERNAL: Re: RHEL6 SSH key Sent by: Linux on 390 Port <LINUX-390@vm.marist.edu> It works for me with SELinux enabled. The selinux config file on my RHEL 6 server contains "SELINUX=enforcing" -----Original Message----- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Thang Pham Sent: Wednesday, January 05, 2011 9:01 AM To: LINUX-390@vm.marist.edu Subject: EXTERNAL: Re: RHEL6 SSH key I found the problem, it was SELinux that was causing the password prompt. If I disabled SELinux, it works and there are no password prompts. Thank you for the help, ------------------------------------- Thang Pham IBM Poughkeepsie Phone: (845) 433-7567 e-mail: thang.p...@us.ibm.com From: Richard Troth <vmcow...@gmail.com> To: LINUX-390@vm.marist.edu Date: 01/05/2011 10:39 AM Subject: Re: RHEL6 SSH key Sent by: Linux on 390 Port <LINUX-390@vm.marist.edu> Check the ownership of the authorized_keys file. Also check permission bits on the file. Also check permission bits on all directories along the path to that file. Finally, see if the target system allows root logon (via SSH ... or at all). But see below. Regarding that last point, I STRONGLY urge you to NOT allow root logon, but instead to require authorized administrators to sign on with their own IDs and then 'su' to root. You get better security, a more thorough audit trail, and yet you do not lose the ability to automate privileged operations. But ... oh, yeah ... RHEL6. Brad and others will not appreciate this: You might have SELinux in the way. You could turn it off and be much happier, especially at a development shop. (You indicated POK.) The latest RedHat offerings rabidly employ SELinux, which breaks all kinds of traditional Unix tools and methods. -- R; <>< Rick Troth Velocity Software http://www.velocitysoftware.com/ On Wed, Jan 5, 2011 at 10:16, Thang Pham <thang.p...@us.ibm.com> wrote: > Hi, > > I have two Linux virtual servers, one running SLES11 SP1 and the other > running RHEL6. I am trying to setup the SSH key between them, so that when > I SSHed into the RHEL6 server, I do not get prompted for a password. I put > the id_rsa.pub key of my SLES11 SP1 server in /root/.ssh/authorized_keys > file on my RHEL6 server, but when I SSH into the RHEL6 server, I get > prompted for a password. Is this a bug? > > I tested this same procedure on a RHEL5.5 server, and it works fine. I > even tried the other way around and setup the SSH keys on the RHEL6 server, > so that when I SSHed into my SLES11 SP1 server from my RHEL6 server, I do > not get prompted for a password. This works. It appears that RHEL6 does > not accept a public key and always prompts for a password. > > Regards, > ------------------------------------- > Thang Pham > IBM Poughkeepsie > Phone: (845) 433-7567 > e-mail: thang.p...@us.ibm.com > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
