From owner-freebsd-isp@FreeBSD.ORG Wed Oct 8 04:32:29 2008 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B7207106568E for ; Wed, 8 Oct 2008 04:32:29 +0000 (UTC) (envelope-from jon@radel.com) Received: from wave.radel.com (wave.radel.com [216.143.151.4]) by mx1.freebsd.org (Postfix) with ESMTP id 73C108FC1B for ; Wed, 8 Oct 2008 04:32:28 +0000 (UTC) (envelope-from jon@radel.com) Received: by wave.radel.com (CommuniGate Pro PIPE 4.1.6) with PIPE id 8013937; Tue, 07 Oct 2008 23:32:28 -0400 Received: from [216.143.146.251] (account laura@radel.com HELO 124.sub-75-211-138.myvzw.com) by wave.radel.com (CommuniGate Pro SMTP 4.1.6) with ESMTP id 8013935; Tue, 07 Oct 2008 23:32:10 -0400 Message-ID: <48EC29B2.3010509@radel.com> Date: Tue, 07 Oct 2008 23:32:02 -0400 From: Jon Radel User-Agent: Thunderbird 2.0.0.17 (Macintosh/20080914) MIME-Version: 1.0 To: lists References: <009b01c928e9$fbe1f3b0$6500a8c0@hal> In-Reply-To: <009b01c928e9$fbe1f3b0$6500a8c0@hal> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Radel.com-MailScanner-Information: Please contact Jon for more information X-Radel.com-MailScanner: Found to be clean X-Mailer: CommuniGate Pro CLI mailer Cc: freebsd-isp@freebsd.org Subject: Re: ssh to remote machines using authorized keys X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Oct 2008 04:32:29 -0000 lists wrote: > > Hi all > > I have the following situation which I am trying to get around > > I have a need to be able to ssh without_password using rsa keys to > authenticate the ssh session. ... > but when I type > user prompt $ ssh root@remote.machine I get prompted for a password > followed by the error above, which is "Permission denied > (publickey,keyboard-interactive,hostbased)" > > Can anyone tell me how to get around this? Is it possible? Very possible to get around. Make sure the private key for root on the remote machine is available to the system user on the local machine and then specify that file with the -i option to the ssh command. What is almost certainly happening is that your ssh command defaults to the private key for system user which is not the same key as your root (your e-mail isn't 100% clear to me as to whether you are using the same key for the system user and root, but it appears you aren't). If you're going to do that a lot, you can set a default in ~systemuser/.ssh/config to specify that all connections to root@remote should default to using root's private key. --Jon Radel jon@radel.com