Setting Up Passwordless SSH Under CentOS 6 Running Selinux

I am setting up a cluster of KVM virtual machines and want to be able to ssh to them as the root user on the vm without having to enter a password.

The first thing that I did was create keys on the box from which I was going to make connections (A):

[rchapin@A .ssh]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/usr/local2/home/rchapin/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /usr/local2/home/rchapin/.ssh/id_rsa.
Your public key has been saved in /usr/local2/home/rchapin/.ssh/
The key fingerprint is:
6a:ca:57:31:23:30:67:8c:9d:de:78:53:14:90:16:6e rchapin@A
The key’s randomart image is:
+–[ RSA 2048]—-+
|     + .o=o.     |
|    + *.o .      |
|     * +E.       |
|      +.B        |
|       oS=       |
|       ..        |
|      o.         |
|   . o.          |
|    o.           |

After which I scp the file to the remote box

[rchapin@A ~]$ scp ./ root@B:/root/

Then ssh to the remote box, create the ~/.ssh directory, copy the contents of the file into ~/.ssh/authorized_keys and set the permissions on all of the files.

[root@B ~]# mkdir .ssh
[root@B ~]# chmod 700 .ssh
[root@B ~]# cat ~/ > authorized_keys
[root@B ~]# chmod 600 authorized_keys

The first problem was that it wasn’t accepting the key and was giving me the password prompt.

After a quick search regarding passwordless ssh and Selinux I did the following:

[root@B .ssh]# restorecon -R -v /root/.ssh/
restorecon reset /root/.ssh context unconfined_u:object_r:admin_home_t:s0->unconfined_u:object_r:ssh_home_t:s0
restorecon reset /root/.ssh/authorized_keys2 context unconfined_u:object_r:admin_home_t:s0->unconfined_u:object_r:ssh_home_t:s0

Now I received the error:

[rchapin@A .ssh]$ ssh root@B
Agent admitted failure to sign using the key.

Another quick search and all I had to do was add the key on the A box and I was all set

[rchapin@A.ssh]$ ssh-add
[rchapin@A.ssh]$ ssh root@B
Last login: Thu Aug 22 20:40:54 2013 from A
[root@B ~]#

Leave a Reply