Trouble setting up SSH keys

0
votes

I'm using rsync to backup our server to another running an rsync daemon on our LAN using the command

rsync -av /volume1/ Public/ [email protected]:/shares/Backup/Public/

It's working great except that it requires a manual password entry, so I'd like to automate it with a key pair. Running ssh-keygen I get the below where I hit return 3 times

ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub.

ssh-copy-id script isn't on our system, so I used the line below to copy the password file to the backup destination server. I checked and it copied correctly

> cat /root/.ssh/id_rsa.pub | ssh [email protected] "cat >> /root/.ssh/authorized_keys"

As a test, I ssh to the destination server to ensure there's no longer a password prompt, but I'm still getting one?

DiskStation> ssh 192.168.2.20
[email protected]'s password:

I'm not strong in unix, so am likely missing something obvious. Suggestions please?

___ Edit ____

Followed up with adding the following settings to sshd_config but still no luck:

RSAAuthentication yes
PubkeyAuthentication yes

Not sure if it matters, but the machine hosting the public key as a WD Sharespace which is a Debian Lenny build.

2
sshssh-keys
What is PermitRootLogin set to in your sshd config? - Joachim Isaksson
It's commented out (#PermitRootLogin yes) - buttonsrtoys
I uncommented it and changed its setting to without-password. Still prompting me for a password, but now it won't accept one. After the third attempt it reports "Permission denied (publickey, password, keyboard-interactive)". I'm wondering if I put the key file in the wrong place? I had to create the .ssh directory and the cat command created the authorized_keys file. - buttonsrtoys
If you created it from scratch, try setting permission 700 on the .ssh directory. - Joachim Isaksson
Set .ssh permission to 700 and authorized_keys to 600. Still getting password prompt. Also made some additional changes to sshd_config that I'll add to the original post. - buttonsrtoys

2 Answers

0
votes

Make sure the key is in your chain. ssh-add ~path/to/private/key otherwise you need to do ssh -i /path/to/key . Then make sure you're using ssh root@whatever. Then make sure the file is written to the remote node properly. Try copying and pasting rather than your cat and pipe. And lastly, try restarting ssh on the remote and perform those steps again (to permit the permitrootlogin to be active).

By the way, the fact that you are trying to avoid entering passwords and then you added a passphrase for the key, makes this entire process pointless.

0
votes

The correct procedure for passwordless SSH is as follows:

Begin by executing the ssh-keygen command to generate a key

ssh-keygen

Once you have the key, then you can copy it to the remote server. Use this command which makes it easier

ssh-copy-id user@host

The command assumes that you are using port 22 for ssh, if not use, with xxxx being the port number

ssh-copy-id "user@host -p xxxx"

See here for a detailed description of this command

In your case, when you are editing

/etc/ssh/sshd_config

Make sure you modify PasswordAuthentication from 

PasswordAuthentication yes

to 

PasswordAuthentication no

then restart sshd with

service sshd restart