I am setting up a continuos integration(CI) server and a test web server. I would like that CI server would access web server with public key authentication. In the web server I have created an user and generated the keys
sudo useradd -d /var/www/user -m user
sudo passwd user
sudo su user
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/www/user/.ssh/id_rsa):
Created directory '/var/www/user/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/www/user/.ssh/id_rsa.
Your public key has been saved in /var/www/user/.ssh/id_rsa.pub.
However othe side, CI server copies the key to the host but still asks password
ssh-copy-id -i ~/.ssh/id_rsa.pub user@webserver-address
user@webserver-address's password:
Now try logging into the machine, with "ssh 'user@webserver-address'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
I checked on the web server and the CI server public key has been copied to web server authorized_keys but when I connect, It asks password.
ssh 'user@webserver-address'
user@webserver-address's password:
If I try use root user rather than my created user (both users are with copied public keys). It connects with the public key
ssh 'root@webserver-address'
Welcome to Ubuntu 11.04 (GNU/Linux 2.6.18-274.7.1.el5.028stab095.1 x86_64)
* Documentation: https://help.ubuntu.com/
Last login: Wed Apr 11 10:21:13 2012 from *******
root@webserver-address:~#
Best Answer
Your question says you want to log in to the webserver from the CI server. But you then say you created the keys on the webserver. I'm not sure whether this is just a misunderstanding or a mistype.
Here's a brief overview of what you need to do to enable logging in to the webserver from the CI server with keys:
id_rsa.pub
) onto the webserver into the~/.ssh/authroized_keys
file for each user you want to log in as (root
,user
etc.). I usually just usescp
to copy the file over to the server. If you have multiple keys that are going to be used for each user, append them toauthorized_keys
. Otherwise, if this is the only key for that user, you can just renameid_rsa.pub
toauthorized_keys
..ssh
folder are 644 withchmod 644 .ssh
and the authorized key file has permissions of 700 withchmod 700 .ssh/authorized_keys
.ssh user@webserver
It shouldn't ask for a password (this is assuming you have followed @khaled's advice regarding the sshd config file but the defaults are typically set to allow key authentication before password).