ssh (as different user)

[Dirk Moolman]

Thanks.    I found my mistake, and a stupid one at that.  I have so many
servers, that I got myself lost in all the authentication key files.

I added oracle's public key to the server's authorized_keys, but I did
not add root's public key.
Once I added the client's root key to the server, it worked 100%


And thanks for the tips on /etc/ssh/sshd_config.  I will definitely add
this to my knowledge base.

Dirk

-----Original Message-----
From: linux-users-bounces at linux-sxs.org
[mailto:linux-users-bounces at linux-sxs.org] On Behalf Of David Bandel
Sent: 18 June 2007 03:58 PM
To: Linux tips and tricks
Subject: Re: ssh (as different user)

On 6/18/07, Dirk Moolman <DirkM at agilitytech.co.za> wrote:
> Maybe one of you could help me.    I have set up ssh between 2
servers,
> so that I can ssh as the root user from the one server to the other
> server.  This works fine.
>
>
> My problem:
>
> I copied root's public rsa key, on the source, to oracle's
> authorized_keys file on the target, and now try to "ssh -l oracle", to
> the target server, but it prompts me for oracle's.   I also copied
> oracle's public rsa key, to oracle's authorized_keys file on the
target
> server, but it still asks me for a password.
> The password I have to specify, is the oracle user's password on the
> target server.
>
> Any ideas why I cannot do this without a password ?

Client is system you will connect from, server is client you will
connect to.
On client:
1.  As the user who will ssh into the server, create dsa public key
(ssh-keygen -t dsa).  Don't use a passphrase, save in your $HOME/.ssh
directory.
2.  scp .ssh/id_dsa.pub to server as user you want to enter (oracle)
into oracle's home directory and into the .ssh subdirectory as
authorized_keys ( scp .ssh/id_dsa.pub
oracle@$server:.ssh/authorized_keys)

On server:
1.  Ensure /etc/ssh/sshd_config contains:
RSAAuthentication yes
PubkeyAuthentication yes
and optionally:  AuthorizedKeysFile %h/.ssh/authorized_keys
2.  restart sshd if necessary

Go back to client and check to see if all works:
ssh -l oracle $server
you should just get a prompt back from the $server
Note:  if you run scripts using ssh, you'll want to make sure your
banner in the server is turned off:
#Banner /etc/issue.net



[laughable, unenforceable disclaimer, et. al., snipped]

Ciao,

David A. Bandel
-- 
Focus on the dream, not the competition.
            - Nemesis Air Racing Team motto
_______________________________________________
Linux-users mailing list ( Linux-users at linux-sxs.org )
Unsub/Password/Etc:
http://mail.linux-sxs.org/cgi-bin/mailman/listinfo/linux-users

***  OFF TOPIC conversations should get sent to general at linux-sxs.org.
This rule will be strictly enforced.  ***

Need to chat further on this subject? Check out #linux-users on
irc.linux-sxs.org !


*** Disclaimer ***

The information contained in this e-mail is confidential and legally privileged and is intended solely for the addressee and to others who have the authority to receive it. Access to this e-mail by anyone else is unauthorized and as such, any disclosure, copying, distribution or any action taken or omitted in reliance on it is unlawful. If you have received this e-mail in error, please notify the sender immediately.

The views expressed in this e-mail are the views of the individual sender and should in no way be construed as the views of the Company.

The Company is not liable to ensure that outgoing e-mails are virus-free.

The Company is not liable, should information or data, for whatever reason, be corrupted or fail to reach its intended addressee.

The Company is not liable for any loss or damage of whatsoever nature and howsoever arising resulting from the opening or the use of the information in this e-mail, including its attachments and links.

The sender of this e-mail is subject to and bound by the terms and conditions of Company+IBk-s Electronic Communications Usage Policy.