I recently set up key based ssh authentication for my workstation to a test server (running Centos 6) I have. The key based authentication works fine and I am able to log in just by entering a passphrase. In a quest to allow login without entering anything at all (except for the first time in a given server reboot session), I downloaded and configured keychain on my server. In this case it's on the root user but I plan on using it for other users and disabling root login completely (server is on a private network anyhow).
To my understanding, keychain allows you to access the server without entering a passphrase except the first time logging in between server reboots. I am showing that after first using keychain, it prompted me for a passphrase then keychain itself prompted me for a passphrase then it logged me in. On my second login (illustrated below), it still continues to ask me for my passphrase.
Second login:
login as: root
Authenticating with public key "imported-openssh-key"
Passphrase for key "imported-openssh-key":
Last login: Wed Apr 8 17:35:54 2020 from 8.8.8.1
* keychain 2.8.0 ~ http://www.funtoo.org
* Found existing ssh-agent: 4023
* Known ssh key: /root/.ssh/id_rsa
root@server1 [~]#
If there a way to get this to not ask me for my passphrase or did I misconfigure anything? I haven't changed anything in the sshd_config so far.
Here's my .bash_profile and location of the key files:
root@server1 [~]# cat .bash_profile
# .bash_profile
# Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
# User specific environment and startup programs
PATH=$PATH:$HOME/bin
export PATH
eval `keychain --agents ssh --eval id_rsa`
root@server1 [~]# find | grep id_rsa
./.ssh/id_rsa.pub
./.ssh/id_rsa
root@server1 [~]#
I feel like i've tried everything at this point. Please let me know if i need to provide some more details. Thanks for the help!
Question
jeff82
I recently set up key based ssh authentication for my workstation to a test server (running Centos 6) I have. The key based authentication works fine and I am able to log in just by entering a passphrase. In a quest to allow login without entering anything at all (except for the first time in a given server reboot session), I downloaded and configured keychain on my server. In this case it's on the root user but I plan on using it for other users and disabling root login completely (server is on a private network anyhow).
To my understanding, keychain allows you to access the server without entering a passphrase except the first time logging in between server reboots. I am showing that after first using keychain, it prompted me for a passphrase then keychain itself prompted me for a passphrase then it logged me in. On my second login (illustrated below), it still continues to ask me for my passphrase.
Second login:
login as: root Authenticating with public key "imported-openssh-key" Passphrase for key "imported-openssh-key": Last login: Wed Apr 8 17:35:54 2020 from 8.8.8.1 * keychain 2.8.0 ~ http://www.funtoo.org * Found existing ssh-agent: 4023 * Known ssh key: /root/.ssh/id_rsa root@server1 [~]#If there a way to get this to not ask me for my passphrase or did I misconfigure anything? I haven't changed anything in the sshd_config so far.
Here's my .bash_profile and location of the key files:
root@server1 [~]# cat .bash_profile # .bash_profile # Get the aliases and functions if [ -f ~/.bashrc ]; then . ~/.bashrc fi # User specific environment and startup programs PATH=$PATH:$HOME/bin export PATH eval `keychain --agents ssh --eval id_rsa` root@server1 [~]# find | grep id_rsa ./.ssh/id_rsa.pub ./.ssh/id_rsa root@server1 [~]#I feel like i've tried everything at this point. Please let me know if i need to provide some more details. Thanks for the help!
Link to comment
Share on other sites
0 answers to this question
Recommended Posts