On Thu, Mar 23, 2006 at 04:52:51PM -0500, Michael Steinfeld wrote:
> I have created an rsa key on my workstations which I use to ssh to 25+ servers
> I have a small script that allows me to 'ssh ${host}' easily.
>
> but when I am logged into $host1 and attempt to ssh to $host2
> I'm prompted for a password.
>
> So, I decided to copy my id_rsa into the ${host}~./ssh directories on
> the 25 servers. I already have an authorized_keys file being that I
> ssh to them all day from my workstation.
>
> I set permissions to 0600 on each id_rsa.
>
> When I attempt to login here is what I get using ssh -v host
>
> --
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: Next authentication method: publickey
> debug1: Offering public key: /home/tulku/.ssh/id_rsa
> debug1: Server accepts key: pkalg ssh-dss blen 435 lastkey 0x906a918 hint 0
> debug1: PEM_read_PrivateKey failed
> debug1: read PEM private key done: type <unknown>
> Enter passphrase for key '/home/tulku/.ssh/id_rsa':
>
> I don't have a passphrase setup, when I created the key I hit <return>
>
> Is this due to bad perms, or did I miss something in the documentation?
Like, the value of passwords on keys, the use of ssh-agent, and ssh -A?
That it is a bad idea in the first place to chain ssh sessions (except
for a rare few cases), as this leaves you open to lots of attacks?
Also, it doesn't really look like id_rsa is okay. Tuning up the -v
(-vvv) might help with debugging, but I'd take a look at id_rsa first
(md5 is a good tool for this).
Joachim
