We have upgraded the community system as part of the upgrade a password reset is required for all users before login in.

[Resolved] SSH from Omega to Linux Server without Password



  • Hi,
    I have been trying to set up ssh rsync file transfers without having to enter a password from the omega to a remote server.
    Using
    rsync -av -e ssh /root/webcam/ user@<server ip>:/home/user/webcam
    Works but prompts for a password
    I used ssh -V to see
    Local Omega with Dropbear v2016.74
    Remote OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016
    were running.
    I used
    • mkdir ~/.ssh
    • dropbearkey -t rsa -f ~/.ssh/id_rsa
    • dropbearkey -y -f ~/.ssh/id_rsa | sed -n 2p > ~/.ssh/id_rsa.pub
    to create a key pair then copied the id_rsa.pub file onto the remote server , renamed it to authorized_keys in the .ssh directory and used chmod 755 ~/.ssh and
    chmod 644 ~/.ssh/authorized_keys to set the permissions.
    Tried testing it with ssh user@<server ip> but get the password prompt.
    Any ideas please.



  • Looks like the permissions on the private key are too wide. However I'd expect a different error message instead of a password prompt. How about trying "chmod 400 ~/.ssh/id_rsa" to see if that helps.



  • Thanks William,
    Tried the chmod 400 but still the sane

    one thing I did notice was the private key format on the omega looks strange compared to the private key on the Linux box

    On Omega

    ~/.ssh# cat id_rsa
    ssh-rsaådÁ·5KðÌ xú!ÄÔð+Å3ñyNûªá¦ôþZ+1.yËÒ?¦Tz
    CÁCºÓ d­'¥ß
    fÞnËi=º¢CQx´¤Ò$åúN¡<s
    @'Ûùü)Ç

    on Linux server

    /.ssh$ cat id_rsa
    -----BEGIN RSA PRIVATE KEY-----
    MIIEpAIBAAKCAQEA1wOdaPbeWlCYA4Jtt1PWCvBX8UyM1EMG/6Qewl9QWL+Pt8AE
    +ukeK8TSZEfY8YnKCsMICJAFgkUY0x3Rrwm



  • @Andy-Burgess At least you got printing characters! Yes, you discovered the private key files are in binary and not in an encoded (e.g. ascii) representation of binary. Not to worry on that point.

    If you 'cat' one of the public key files you'll note a familiar representation.

    Other than that all I've done differently is specify a key strength (dropbearkey -t rsa -s 4096 ....).

    Going forward assume there may already be an authorized_keys file. As such, append the public key to it as opposed to copy/rename. Just a nit as I stall while trying to figure out what's wrong....

    --Bill



  • On the server the authorized_keys permissions ought be 600, not 644.

    I mis-type the permissions of the client private key. It should be 600, not 400! Yikes! You wouldn't be able to write to it. 8^o

    --Bill



  • You can send the key by "secure copy" (similar to SSH) like this:
    change directory to where the key is on the omega

    scp id_rsa.pub <user>@<yourhost>:.ssh/authorized_keys

    Where <user> is the SSH user for the remote login and <yourhost> is the host of the remote login.

    You will be asked for a password initially.



  • For the permissions, both the folder and the key require the following:

    chmod 700 /home/user/.ssh
    chmod 644 /home/user/.ssh/authorized_keys
    

    From https://superuser.com/questions/215504/permissions-on-private-key-in-ssh-folder



  • I was having trouble making rsync work without the password request. I played with the file permissions as suggested in this and other posts. The advice was not all consistent so I tried different combinations, but nothing worked to eliminate the password request. I found a post (https://www.snbforums.com/threads/dropbear-ssh-without-remote-password.21070/) that showed how to specify the location of the private key. That worked.

    This command results in a password request.
    rsync -av -e ssh <source> <user>@<host>:<destination>

    This command does not result in a password request.
    rsync -av -e "dbclient -i /root/.ssh/id_rsa" <source> <user>@<host>:<destination>

    Similarly,
    ssh -i ~/.ssh/id_rsa <user>@<host>
    will get me logged in without a password, while
    ssh <user>@<host>
    will request a password.

    It sounds like it is possible to avoid the password request without explicitly pointing to the private key file. Others have done it but I failed on that score. Here is something that worked for me.



  • I posted a bit too soon.

    The simpler commands (without the dbclient) work if the .ssh file contains a symbolic link to id_rsa. Execute this in the .ssh folder and things work more simply than what I suggested above.

    ln -s id_rsa id_dropbear



  • Success
    Thanks all for the help.
    I used TheLions
    scp id_rsa.pub <user>@<yourhost>:.ssh/authorized_keys to gopy the key then
    chmod 700 /home/user/.ssh
    chmod 644 /home/user/.ssh/authorized_keys
    to set permissions
    and Roberts ln -s id_rsa id_dropbear

    It's working like a charm.



  • Thanks for the assist! This saved me time in working out what to do.



Looks like your connection to Community was lost, please wait while we try to reconnect.