...
ssh passwordless login is done using a public/private key pair. The private key is is kept on the system you want to login from; the public key is copied to the system and user you want to login to.
Setup procedure
root's authorized_keys file is distributed from Blue Light's git. In case any extra keys are required, for example to run backups, they are put in authorized_keys2 so they are not overwritten the next time authorized_keys is updated from git.
- Generate a public/private key pair following the procedure on ssh key generation
- Copy the public key to the system and user you want to login to, adding it to the user's ~/.ssh/authorized_keys file. If the file does not exist, create it and set the permissions to read and write for the user only (
rw-------
). - For passwordless login as root to work, /etc/ssh/sshd_config on the system you want to login to must have "PermitRootLogin without password".
...
An example showing user names:
master c@CW8:~$ $ ag work
1) uma='ssh root@ac002.workcom.av'
2) valli='ssh root@ac001.workcom.av'
#?
Where necessary the aliases hop via an intermediate host (Blue Light policy is to configure Internet-exposed servers to accept root logon only from specific addresses):
c@CW8:~$ $ ag hot
1) rad='ssh -A -t root@blav.bluelightav.org ssh root@hotspot.bluelightav.org'
#?
An example showing a hosting service provider name:
c@CW8:~$ $ ag online
1) online.net='ssh -A root@sd-44498.dedibox.fr'
2) online.net.backup='ssh -p 2222 root@sd-44498.dedibox.fr'
#?
...
If an identity_file has been added, is its corresponding public key in the server's ~/.ssh/authorized_keys file for the user you are trying to log in as?
If there is a firewall on either ssh client or server, does it allow port 22 as required?
If the above check list has not identified the problem, generate more information by:
...