sorry, should incopy ssh_config(instead of sshd_config)
vi /etc/ssh/ssh_config # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for some commonly used options. For a comprehensive # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. Host * # ForwardAgent no # ForwardX11 no # ForwardX11Trusted yes # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication no # GSSAPIDelegateCredentials no # GSSAPIKeyExchange no # GSSAPITrustDNS no # BatchMode no # CheckHostIP yes # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # Port 22 # Protocol 2,1 # Cipher 3des # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc # MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160 # EscapeChar ~ # Tunnel no # TunnelDevice any:any # PermitLocalCommand no SendEnv LANG LC_* HashKnownHosts yes GSSAPIAuthentication yes GSSAPIDelegateCredentials no On Thu, Jul 2, 2009 at 1:51 PM, fred wang <[email protected]> wrote: > Here is the output of ssh -v localhost and the configuration of > ssh_config, > > x...@xxx-desktop:~$ ssh -v localhost > > OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007 > > debug1: Reading configuration data /etc/ssh/ssh_config > > debug1: Applying options for * > > debug1: Connecting to localhost [127.0.0.1] port 22. > > debug1: Connection established. > > debug1: identity file /home/xxx/.ssh/identity type -1 > > debug1: identity file /home/xxx/.ssh/id_rsa type -1 > > debug1: identity file /home/xxx/.ssh/id_dsa type 2 > > debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7p1 > Debian-8ubuntu1.2 > > debug1: match: OpenSSH_4.7p1 Debian-8ubuntu1.2 pat OpenSSH* > > debug1: Enabling compatibility mode for protocol 2.0 > > debug1: Local version string SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1.2 > > debug1: SSH2_MSG_KEXINIT sent > > debug1: SSH2_MSG_KEXINIT received > > debug1: kex: server->client aes128-cbc hmac-md5 none > > debug1: kex: client->server aes128-cbc hmac-md5 none > > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > > debug1: Host 'localhost' is known and matches the RSA host key. > > debug1: Found key in /home/xxx/.ssh/known_hosts:1 > > debug1: ssh_rsa_verify: signature correct > > debug1: SSH2_MSG_NEWKEYS sent > > debug1: expecting SSH2_MSG_NEWKEYS > > debug1: SSH2_MSG_NEWKEYS received > > debug1: SSH2_MSG_SERVICE_REQUEST sent > > debug1: SSH2_MSG_SERVICE_ACCEPT received > > debug1: Authentications that can continue: publickey,password > > debug1: Next authentication method: publickey > > debug1: Trying private key: /home/xxx/.ssh/identity > > debug1: Trying private key: /home/xxx/.ssh/id_rsa > > debug1: Offering public key: /home/xxx/.ssh/id_dsa > > debug1: Authentications that can continue: publickey,password > > debug1: Next authentication method: password > > x...@localhost's password: > > > > > > > > x...@xxx:~$ vi /etc/ssh/sshd_config > > #KerberosOrLocalPasswd yes > > #KerberosTicketCleanup yes > > > > # GSSAPI options > > #GSSAPIAuthentication no > > #GSSAPICleanupCredentials yes > > > > X11Forwarding yes > > X11DisplayOffset 10 > > PrintMotd no > > PrintLastLog yes > > TCPKeepAlive yes > > #UseLogin no > > > > #MaxStartups 10:30:60 > > #Banner /etc/issue.net > > > > # Allow client to pass locale environment variables > > AcceptEnv LANG LC_* > > > > Subsystem sftp /usr/lib/openssh/sftp-server > > > > UsePAM yes > > > > On Thu, Jul 2, 2009 at 1:18 PM, Konstantin Boudnik <[email protected]>wrote: > >> Yet another possibility is that your SSH daemon isn't configured to accept >> publickey as a valid authorization mean. >> >> Try to do ssh -v localhost and check if there's something similar to the >> following: >> >> debug1: Authentications that can continue: >> publickey,password,keyboard-interactive >> debug1: Next authentication method: publickey >> debug1: Trying private key: /home/xxx/.ssh/identity >> debug1: Trying private key: /home/xxx/.ssh/id_rsa >> debug1: Offering public key: /home/xxx/.ssh/id_dsa >> debug1: Server accepts key: pkalg ssh-dss blen 435 >> debug1: read PEM private key done: type DSA >> debug1: Authentication succeeded (publickey). >> >> Cos >> >> >> On 7/1/09 10:11 PM, fred wang wrote: >> >>> I have setup ./.ssh/authorized keys has permssion 600, but it didn't >>> work. >>> Thanks anyway >>> >>> ls -l .ssh/authorized_keys >>> -rw------- 1 xxx xxx 1222 2009-07-02 13:08 .ssh/authorized_keys >>> >>> On Thu, Jul 2, 2009 at 12:15 AM, Konstantin Boudnik<[email protected] >>> >wrote: >>> >>> Make sure that your ~/.ssh/authorized_keys has permissions 600 >>>> >>>> Cos >>>> >>>> >>>> On 7/1/09 7:35 AM, fred wang wrote: >>>> >>>> Hi all, >>>>> >>>>> I failed to setup passphraseless ssh(I mean, I still need to input >>>>> password to do ssh localhost) when I tried to configure Hadoop to run >>>>> on >>>>> psuedo-distributed operation, could anyone help me solve this issue? >>>>> Thanks! >>>>> >>>>> (1)I use the Putty0.6 to remote access to Ubuntu by SSH. >>>>> >>>>> (2) execution steps and ouput >>>>> >>>>> $ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa >>>>> Generating public/private dsa key pair. >>>>> Your identification has been saved in /home/xxx/.ssh/id_dsa. >>>>> Your public key has been saved in /home/xxx/.ssh/id_dsa.pub. >>>>> The key fingerprint is: >>>>> a9:39:4c:9b:22:f9:a4:77:70:24:fa:bf:12:f5:81:81 xxx >>>>> >>>>> >>>>> **note: it doesn't have message 'Enter passphrase (empty for no >>>>> passphrase): >>>>> Enter same passphrase again: ' which appear in some introductory >>>>> paper. >>>>> " >>>>> >>>>> $ cat ~/.ssh/id_dsa.pub>> ~/.ssh/authorized_keys >>>>> no output >>>>> >>>>> $ ssh localhost >>>>> The authenticity of host 'localhost (127.0.0.1)' can't be established. >>>>> RSA key fingerprint is 4f:a1:ff:ed:0c:46:3e:a9:8c:97:bc:b7:46:3e:35:d2. >>>>> Are you sure you want to continue connecting (yes/no)? yes >>>>> Warning: Permanently added 'localhost' (RSA) to the list of known >>>>> hosts. >>>>> x...@localhost's password: >>>>> >>>>> >
