It should then just work, UNLESS the system's sysadmin has disabled it. Does it work for root?
On Wed, Aug 27, 2008 at 5:33 PM, Robert Citek <[EMAIL PROTECTED]>wrote: > > Why can I not ssh into a remote RHEL system using my public/private > keys and ssh-agent? > > On every system I can think of (OS X, Windows/Cygwin, Ubuntu, Fedora, > etc.), I have setup ssh keys using the following method and it has > worked great: > > http://www.cwelug.org/cgi-bin/wiki.cgi?Using_SSH_With_Keys > > Hower, on this one RHEL system I cannot ssh to it without it asking > for a password. Here's a transcript of me ssh'ing from my local > Ubuntu box to the remote RHEL system (foo): > > $ ssh-agent sh -c 'ssh-add && bash' && exit > Identity added: /home/rwcitek/.ssh/id_rsa (/home/rwcitek/.ssh/id_rsa) > Enter passphrase for /home/rwcitek/.ssh/id_dsa: > Identity added: /home/rwcitek/.ssh/id_dsa (/home/rwcitek/.ssh/id_dsa) > > $ ssh -v [EMAIL PROTECTED] > OpenSSH_4.6p1 Debian-5ubuntu0.5, OpenSSL 0.9.8e 23 Feb 2007 > debug1: Reading configuration data /home/rwcitek/.ssh/config > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Connecting to foo [192.168.0.10] port 22. > debug1: Connection established. > debug1: identity file /home/rwcitek/.ssh/identity type -1 > debug1: identity file /home/rwcitek/.ssh/id_rsa type 1 > debug1: identity file /home/rwcitek/.ssh/id_dsa type 2 > debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 > debug1: match: OpenSSH_4.3 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_4.6p1 Debian-5ubuntu0.5 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-cbc hmac-md5 none > debug1: kex: client->server aes128-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Host 'stllrd01' is known and matches the RSA host key. > debug1: Found key in /home/rwcitek/.ssh/known_hosts:13 > debug1: ssh_rsa_verify: signature correct > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password > debug1: Next authentication method: gssapi-with-mic > debug1: Unspecified GSS failure. Minor code may provide more information > No credentials cache found > debug1: Unspecified GSS failure. Minor code may provide more information > No credentials cache found > debug1: Unspecified GSS failure. Minor code may provide more information > debug1: Next authentication method: publickey > debug1: Offering public key: /home/rwcitek/.ssh/id_rsa > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password > debug1: Offering public key: /home/rwcitek/.ssh/id_dsa > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password > debug1: Trying private key: /home/rwcitek/.ssh/identity > debug1: Next authentication method: password > [EMAIL PROTECTED]'s password: > > $ ls -l ~/.ssh/ > total 16 > -rw------- 1 rcitek rcitek 604 Aug 18 14:29 authorized_keys2 > -rw------- 1 rcitek rcitek 396 Aug 6 12:39 known_hosts > > Notice the permissions look fine on the remote machine. > > Any thoughts as to why ssh is asking for a password? > > Regards, > - Robert > > > > -- you must know the ledge of wise and dome to understand your culture of freedom! http://pxpippen.blogspot.com/ http://groups.google.com/group/lispstl Powerfull Allah --~--~---------~--~----~------------~-------~--~----~ Central West End Linux Users Group (via Google Groups) Main page: http://www.cwelug.org To post: [email protected] To subscribe: [EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] More options: http://groups.google.com/group/cwelug -~----------~----~----~----~------~----~------~--~---
