Re: [CentOS] CONNECTING VIA SSH BETWEEN CENTOS 4 AND 5
Chris Geldenhuis wrote: Stephen John Smoogen wrote: On Wed, Apr 16, 2008 at 1:32 PM, Chris Geldenhuis <[EMAIL PROTECTED]> wrote: Hi, I am trying to set up an automatic connection between CentOS 4 system (server) and a CentOS 5 DomU VM (client) via ssh to enable my to back up development files on the server to the client with a cron process. I generate they key pair without a pass phrase on the client and copy the public key to the same user's .ssh directory on the server as authorized_keys2. When I try to ssh to the Server from the Client, I am still asked for the user's password on the client. If I do the same with CentOS 5 for both Client and Server, I can login without providing a password. The versions of ssh on the two systems are: Client (CentOS 5): OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006 Server (CentOS 4): OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 Does anyone on the list know whether these versions are compatible or how to get them to work together without requiring a password. It is not an option to change to CentOS5 on the server side as that system is serving as a development system for a client running RedHat ES 4 and has to have the identical configuration and be binary compatible. I know this works between the entire CentOS family. The main problems I have seen are that the users home directory or .ssh permissions are not secure enough for ssh to do its thing. ssh -v -v -v will tell you more than you want on where it is having problems.. but the quick fix I use are the following: su - root chown $user $user_homedir # fill in $user and $user_home correctly as in dude and /nfs/home/d/dude chmod 0750 $user_homedir chown $user $user_homedir/.ssh chmod 0700 $user_homedir/.ssh chmod 0600 $user_homedir/.ssh/authorized_keys If that doesn't fix the problem the -v -v -v will tel what else might be the cause. Thanks - changing the permissions fixed the problem . Thanks also to Daniel for his suggestions. Yes, if StrictModes is set to yes in /etc/ssh/sshd_config (which is the default), then the correct permissions *must* be set on ~/.ssh and ~/.ssh/authorized_keys. It is also documented in the Wiki article here: http://wiki.centos.org/HowTos/Network/SecuringSSH#head-9c5717fe7f9bb26332c9d67571200f8c1e4324bc Regards, Ned ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CONNECTING VIA SSH BETWEEN CENTOS 4 AND 5
Stephen John Smoogen wrote: On Wed, Apr 16, 2008 at 1:32 PM, Chris Geldenhuis <[EMAIL PROTECTED]> wrote: Hi, I am trying to set up an automatic connection between CentOS 4 system (server) and a CentOS 5 DomU VM (client) via ssh to enable my to back up development files on the server to the client with a cron process. I generate they key pair without a pass phrase on the client and copy the public key to the same user's .ssh directory on the server as authorized_keys2. When I try to ssh to the Server from the Client, I am still asked for the user's password on the client. If I do the same with CentOS 5 for both Client and Server, I can login without providing a password. The versions of ssh on the two systems are: Client (CentOS 5): OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006 Server (CentOS 4): OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 Does anyone on the list know whether these versions are compatible or how to get them to work together without requiring a password. It is not an option to change to CentOS5 on the server side as that system is serving as a development system for a client running RedHat ES 4 and has to have the identical configuration and be binary compatible. I know this works between the entire CentOS family. The main problems I have seen are that the users home directory or .ssh permissions are not secure enough for ssh to do its thing. ssh -v -v -v will tell you more than you want on where it is having problems.. but the quick fix I use are the following: su - root chown $user $user_homedir # fill in $user and $user_home correctly as in dude and /nfs/home/d/dude chmod 0750 $user_homedir chown $user $user_homedir/.ssh chmod 0700 $user_homedir/.ssh chmod 0600 $user_homedir/.ssh/authorized_keys If that doesn't fix the problem the -v -v -v will tel what else might be the cause. Thanks - changing the permissions fixed the problem . Thanks also to Daniel for his suggestions. ChrisG ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CONNECTING VIA SSH BETWEEN CENTOS 4 AND 5
On Wed, Apr 16, 2008 at 1:32 PM, Chris Geldenhuis <[EMAIL PROTECTED]> wrote: > Hi, > > I am trying to set up an automatic connection between CentOS 4 system > (server) and a CentOS 5 DomU VM (client) via ssh to enable my to back up > development files on the server to the client with a cron process. > > I generate they key pair without a pass phrase on the client and copy the > public key to the same user's .ssh directory on the server as > authorized_keys2. > > When I try to ssh to the Server from the Client, I am still asked for the > user's password on the client. > > If I do the same with CentOS 5 for both Client and Server, I can login > without providing a password. > > The versions of ssh on the two systems are: > > Client (CentOS 5): OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006 > > Server (CentOS 4): OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 > > Does anyone on the list know whether these versions are compatible or how > to get them to work together without requiring a password. > > It is not an option to change to CentOS5 on the server side as that system > is serving as a development system for a client running RedHat ES 4 and has > to have the identical configuration and be binary compatible. I know this works between the entire CentOS family. The main problems I have seen are that the users home directory or .ssh permissions are not secure enough for ssh to do its thing. ssh -v -v -v will tell you more than you want on where it is having problems.. but the quick fix I use are the following: su - root chown $user $user_homedir # fill in $user and $user_home correctly as in dude and /nfs/home/d/dude chmod 0750 $user_homedir chown $user $user_homedir/.ssh chmod 0700 $user_homedir/.ssh chmod 0600 $user_homedir/.ssh/authorized_keys If that doesn't fix the problem the -v -v -v will tel what else might be the cause. -- Stephen J Smoogen. -- CSIRT/Linux System Administrator How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CONNECTING VIA SSH BETWEEN CENTOS 4 AND 5
On Wed, Apr 16, 2008 at 9:32 PM, Chris Geldenhuis <[EMAIL PROTECTED]> wrote: > I generate they key pair without a pass phrase on the client and copy the > public key to the same user's .ssh directory on the server as > authorized_keys2. Why not 'authorized_keys'? 'authorized_keys2' has become deprecated ever since SSH switched to version 2 of the protocol by default. Take care, Daniel PS. You can use the '-v' flag to ssh to debug things better. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CONNECTING VIA SSH BETWEEN CENTOS 4 AND 5
Hi, I am trying to set up an automatic connection between CentOS 4 system (server) and a CentOS 5 DomU VM (client) via ssh to enable my to back up development files on the server to the client with a cron process. I generate they key pair without a pass phrase on the client and copy the public key to the same user's .ssh directory on the server as authorized_keys2. When I try to ssh to the Server from the Client, I am still asked for the user's password on the client. If I do the same with CentOS 5 for both Client and Server, I can login without providing a password. The versions of ssh on the two systems are: Client (CentOS 5): OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006 Server (CentOS 4): OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 Does anyone on the list know whether these versions are compatible or how to get them to work together without requiring a password. It is not an option to change to CentOS5 on the server side as that system is serving as a development system for a client running RedHat ES 4 and has to have the identical configuration and be binary compatible. TIA ChrisG ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos