{"id":554,"date":"2013-03-18T10:10:00","date_gmt":"2013-03-18T10:10:00","guid":{"rendered":"http:\/\/blog.bachi.net\/?p=554"},"modified":"2019-10-01T17:34:51","modified_gmt":"2019-10-01T17:34:51","slug":"publickey-auf-ssh-target-login-ohne-passwort","status":"publish","type":"post","link":"https:\/\/blog.bachi.net\/?p=554","title":{"rendered":"Publickey auf SSH-Target: Login ohne Passwort"},"content":{"rendered":"<h1>Anleitung<\/h1>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\nuser@notebook $ ssh-keygen -t rsa\r\nuser@notebook $ cat .ssh\/id_rsa.pub | \\\r\n                ssh user@server 'cat &gt;&gt; .ssh\/authorized_keys'\r\n\r\nNow without password\r\nuser@notebook $ ssh user@server\r\nuser@server $\r\n<\/pre>\n<h1>Diverses<\/h1>\n<p>Ursache:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@target:~ \/etc\/rc.d\/S16openssh stop\r\nroot@target:~ \/usr\/sbin\/sshd -d\r\n&#x5B;...]\r\nConnection from 192.168.1.1 port 59187\r\n&#x5B;...]\r\ndebug1: trying public key file \/home\/.ssh\/authorized_keys\r\nAuthentication refused: bad ownership or modes for directory \/home\r\n<\/pre>\n<p>L\u00f6sung:<br \/>\nIm beiliegenden Script \u00e4ndert sich in der Benutzerverwaltung der Benutzer &#8220;root&#8221;:<br \/>\nHome-Verzeichnis: \/root<br \/>\nShell: \/bin\/bash<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nandreas@host:~ ssh-keygen -t rsa\r\nandreas@host:~ ssh-keygen -t dsa\r\n<\/pre>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nandreas@host:~ ssh-copy-id -i ~\/.ssh\/id_rsa.pub root@target\r\nandreas@host:~ ssh-copy-id -i ~\/.ssh\/id_dsa.pub root@target\r\n<\/pre>\n<p>Kopiert die zwei Publickeys aufs Target ins ~\/.ssh\/authorized_keys<\/p>\n<p>Da das Verzeichnis \/root die Berechtigung &#8220;drwx&#8212;&#8212;&#8221; hat (nur User-Berechtigt), erlaubt OpenSSH nun \u00fcber ein Publickey einzuloggen.<\/p>\n<p>Wenn es noch nicht funktioniert, geh \u00fcber die Serial-Console, stoppe den OpenSSH-Server und starte ihn im Debug-Modus:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@target:~ \/etc\/rc.d\/S16openssh stop\r\nroot@target:~ \/usr\/sbin\/sshd -d\r\n<\/pre>\n<p>Das gleiche Spiel auf Client-Seite (mit Verbose-Flag!!):<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nandreas@host:~ ssh -v root@target\r\n<\/pre>\n<p><a href=\"http:\/\/www.schlittermann.de\/doc\/ssh\">SSH ohne Passwort &#8212; Kurze Anleitung zur Nutzung<\/a><br \/>\n<a href=\"http:\/\/www.linuxproblem.org\/art_9.html\">SSH login without password<\/a><br \/>\n<a href=\"http:\/\/www.csua.berkeley.edu\/~ranga\/notes\/ssh_nopass.html\">SSH Without a Password<\/a><br \/>\n<a href=\"https:\/\/help.ubuntu.com\/community\/SSH\/OpenSSH\/Keys\"> SSH\/OpenSSH\/Keys<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Anleitung user@notebook $ ssh-keygen -t rsa user@notebook $ cat .ssh\/id_rsa.pub | \\ ssh user@server &#8216;cat &gt;&gt; .ssh\/authorized_keys&#8217; Now without password user@notebook $ ssh user@server user@server $ Diverses Ursache: root@target:~ \/etc\/rc.d\/S16openssh stop root@target:~ \/usr\/sbin\/sshd -d &#x5B;&#8230;] Connection from 192.168.1.1 port 59187 &#x5B;&#8230;] debug1: trying public key file \/home\/.ssh\/authorized_keys Authentication refused: bad ownership or modes for directory [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"class_list":["post-554","post","type-post","status-publish","format-standard","hentry","category-ubuntu"],"_links":{"self":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts\/554","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=554"}],"version-history":[{"count":5,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts\/554\/revisions"}],"predecessor-version":[{"id":10112,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts\/554\/revisions\/10112"}],"wp:attachment":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=554"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=554"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=554"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}