Comments on: How To Setup Non-Interactive SSH Login http://www.walkernews.net/2008/06/06/how-to-setup-non-interactive-ssh-login/ A capsule of walker's experience in life... Mon, 06 Feb 2012 19:09:42 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Osher http://www.walkernews.net/2008/06/06/how-to-setup-non-interactive-ssh-login/#comment-15089 Osher Fri, 17 Jun 2011 09:19:25 +0000 http://www.walkernews.net/?p=742#comment-15089 I encountered another issue that is not mentioned in this guide: Security requirements implementated in OpenSSH will not accept presented public keys if they can be stolen. Specifically - when the ~/ directory or the ~/.ssh/ directory of the requesting user is not secured - i.e. chmod to 700 or less. The observed behavior is that the key was not accepted even through everything was in place and all files were accessible (because permissions were even higher then 700...). Only by digging in verbose node on the server logs we could see a permissions issue warning, which after hardening permissions first on .ssh folder, and then on home - the silent-login finally worked and scripts started to run well. I encountered another issue that is not mentioned in this guide:

Security requirements implementated in OpenSSH will not accept presented public keys if they can be stolen.
Specifically – when the ~/ directory or the ~/.ssh/ directory of the requesting user is not secured – i.e. chmod to 700 or less.

The observed behavior is that the key was not accepted even through everything was in place and all files were accessible (because permissions were even higher then 700…).

Only by digging in verbose node on the server logs we could see a permissions issue warning, which after hardening permissions first on .ssh folder, and then on home – the silent-login finally worked and scripts started to run well.

]]> By: Configure Secured Private Key For Password-less SSH Login - Walker News http://www.walkernews.net/2008/06/06/how-to-setup-non-interactive-ssh-login/#comment-5626 Configure Secured Private Key For Password-less SSH Login - Walker News Mon, 09 Jun 2008 15:49:43 +0000 http://www.walkernews.net/?p=742#comment-5626 [...] enable non-interactive SSH login, you could generate a pair of password-less cryptographic keys for the sake of simplicity, i.e. creates a private key that is not secured with a passphrase (by [...] [...] enable non-interactive SSH login, you could generate a pair of password-less cryptographic keys for the sake of simplicity, i.e. creates a private key that is not secured with a passphrase (by [...]

]]>