Trouble shooting problems with SSH
From BNL Physics Computing
This topic lists some of the common mistakes in setting SSH.
[edit]
I generated my keys but I still get asked for a password
- Did you propagate your public key?
- Are permissions correct on the client side? Your .ssh/ directory and your private key file must not be world writeable. You private key should also not be world readable.
- On the remote site, check the permissions of ~/.ssh/authorized_keys only allow your user to edit the file:
prompt> ls -l ~/.ssh/authorized_keys -rw------- 1 username users 1055 May 15 17:40 /home/username/.ssh/authorized_keys
[edit]
I'm trying to setup using ssh-agent but I still get asked for a passphrase
- Is your agent running? Check with:
prompt> env|grep SSH SSH_AGENT_PID=16463 SSH_AUTH_SOCK=/tmp/ssh-nouUS16462/agent.16462 prompt> ps auxww|grep $SSH_AGENT_PID bviren 16463 0.0 0.0 2976 924 ? S Dec01 0:00 ssh-agent -s
- Do you load the agent with your keys using ssh-add? Check with:
prompt> ssh-add -l 1024 44:2c:94:c9:33:5d:af:97:50:f7:b4:a5:cf:08:6b:dd /home/bviren/.ssh/id_rsa (RSA) 1024 6c:6a:ef:51:c4:bf:e1:cd:17:b7:51:89:4b:c0:7b:2f /home/bviren/.ssh/id_dsa (DSA)
You should see at least an (RSA) or (DSA) key. If you see and (RSA1) this is an SSH1 key and shouldn't be relied on (SSH1 is not secure).
- Are you properly forwarding your agent? Forwarding the agent can be controlled at a system level, user level and at the time of executing the ssh agent. In order this is done by:
- An entry in /etc/ssh/ssh_config
- An entry in ~/.ssh/config
- By invoking like:
ssh -A user@remotehost
For the first two config files, the entries might look something like:
Host * ForwardAgent yes ...
