ssh-copy-id without password?

Issues related to configuring your network
Post Reply
Waiting-to-retire
Posts: 1
Joined: 2020/02/21 13:16:48

ssh-copy-id without password?

Post by Waiting-to-retire » 2020/02/21 14:04:38

I'm trying to install some software on site at the moment and having a hell of a time with it. The app runs on one server and installs to another. However to do this the app also needs to ssh to the second server as root. Unfortunately for me the customer does not provide root access. I have been given an account with sudoer priveleges. So I can sudo su.

So my thoughts are that in order to install the software I can create a public key on server 1 but I need to get it over to server 2 to the root instance. Perhaps it's age catching up with me (most likely). But I figured I could modify sshd_config to disable temporarily password requirement for root over an ssh session so that I can ssh-copy-id root@x.x.x.x then disable this functionality again. And then install. The software is trying to run an ansible script so I would be running an install shell script without an ask-pass option.

I've modified the sshd_config to:

PermitRootLogin without-password

#PubkeyAuthentication yes

PasswordAuthentication no

GSSAPIAuthentication no

When I try to login or ssh-copy-id from the remote server I am getting "Permission denied (publickey)."

Does anyone have any ideas what else I need to do? Changed to PAM.d? Once the public key has been transferred over of course I can install the software and then as an extra precaution I'll delete the public key and revert to defaults (most likely will disable root password as well since that's actually not required to run the software after install).

Does anyone have any ideas on this one? I'm at a loss. Not sure I can force the issue with root password from the customer.

Thanks
Jay
Top
User avatar
TrevorH
Site Admin
Posts: 33215
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: ssh-copy-id without password?

Post by TrevorH » 2020/02/21 15:12:57

PermitRootLogin without-password
Means you cannot login as root using a password, only with a key. That key must already be installed which means that ssh-copy-id will do nothing useful since it's already got it.

Ssh key files and directories have particular permission and ownership restrictions. Your home directory cannot be group writable. It must be owner user:user. The .ssh directory must be chmod 700 and the authorized_keys file must be user:user and 600. In addition, the selinux context of the directory and the file must be correct and the easiest way to ensure that is correct is to run restorecon -RFv ~/.ssh

Errors are logged to /var/log/secure on the server and will tell you what's wrong.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Top
hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:
Contact hunter86_bg

Re: ssh-copy-id without password?

Post by hunter86_bg » 2020/02/21 15:15:05

Ansible works quite well with sudo - so you should be working towards this direction...
Top
Post Reply

Return to “CentOS 7 - Networking Support”