# ssh passwordless access failed on the NFS mounted /usr/home



## yiau (Oct 7, 2016)

I have a testbed with a centre server and a couple of client.
The NIS and NFS are used in the system to manage the user account and shared file.
The /usr/home on the clients machine is mounted from the centre service, thus each client machine has the same /usr/home as the server.
I need ssh passwordless access from a client to another 2 client machine as I have a script to scp files between those clients.
I used the code below to generate the key pair and share the key to the client

```
#ssh-keygen -t rsa
#cat id_rsa.pub | ssh username@client 'cat >> .ssh/authorized_keys'
```
However, it doesn't work when I use the user account. But is worked when I used the root account.

I reckon it may cause by the NIS and NFS. 
Can anybody give me some help?

Thank you very much.


----------



## SirDice (Oct 7, 2016)

Login normally and see if the ~/.ssh/authorized_keys file actually has the key now. If you can login NIS is working fine, if you have access to your home directory NFS is working fine too.


----------



## yiau (Oct 9, 2016)

SirDice said:


> Login normally and see if the ~/.ssh/authorized_keys file actually has the key now. If you can login NIS is working fine, if you have access to your home directory NFS is working fine too.


Thank you for your reply.

I can see the key in the .ssh/authorized_keys.
The NIS and NFS both works fine.
The only thing I can't solve is I can't achieve passwordless ssh logon. when I ssh logon to the remote machine, the password is still required.


----------



## ASX (Oct 10, 2016)

yiau said:


> ```
> #ssh-keygen -t rsa
> #cat id_rsa.pub | ssh username@client 'cat >> .ssh/authorized_keys'
> ```
> However, it doesn't work when I use the user account. But is worked when I used the root account.



*If* the '#' character is indicating the prompt, it seems you create the keys for root user and after you copied the root's id_rsa.pub into the user's authorized_keys. That would not work.

If so, you need to generate a different key pair for each user, and transfer that specific pub key.


----------



## yiau (Oct 10, 2016)

ASX said:


> *If* the '#' character is indicating the prompt, it seems you create the keys for root user and after you copied the root's id_rsa.pub into the user's authorized_keys. That would not work.
> 
> If so, you need to generate a different key pair for each user, and transfer that specific pub key.


Thank you for your reply.

I did try to use the user account to generate the key. It still didn't work.


----------



## yiau (Oct 10, 2016)

I umount the /usr/home from all the client machine and then create the same local account in each client.
Then, I used the same method and it worked this time.

It looks like I can't achieve the passwordless ssh logon over the shared the /usr/home as each client see the same public and private key.

I don't know how to solve it.
Can somebody give some hint?


----------



## Oko (Oct 10, 2016)

Is your client a Linux machine which uses systemd? The problem is the default SELinux policy.


```
setsebool -P use_nfs_home_dirs 1
```


----------



## yiau (Oct 10, 2016)

Oko said:


> Is your client a Linux machine which uses systemd? The problem is the default SELinux policy.
> 
> 
> ```
> ...


Hi, thanks for the reply. My client machines are all FreeBSD. There are one Freebsd 8.1, one FreeBSD 9.2, two FreeBSD 10.2 and the others are FreeBSD 10.1.


----------



## ASX (Oct 10, 2016)

Try to connect using: `ssh -v` and look for any hint, if none try to increase verbosity: `ssh -vv` or `ssh -vvv`

That should show at which stage the authentication is failing  ...


----------



## yiau (Oct 12, 2016)

ASX said:


> Try to connect using: `ssh -v` and look for any hint, if none try to increase verbosity: `ssh -vv` or `ssh -vvv`
> 
> That should show at which stage the authentication is failing  ...


Thank you for your reply.

I know find the problem.
There is some wrong in the duplicate definition and some permission erro in the fold.

After I fix it, the problem is solved.


----------



## SirDice (Oct 12, 2016)

Please note that a "folder" is a Windows term. We prefer to call it a directory. I know it sounds a bit pedantic but getting the terminology correct will save you (and us) from a lot of confusion.

https://en.wikipedia.org/wiki/Directory_(computing)


----------



## sizigee (Oct 12, 2016)

SirDice said:


> Please note that a "folder" is a Windows term. We prefer to call it a directory. I know it sounds a bit pedantic but getting the terminology correct will save you (and us) from a lot of confusion.
> 
> https://en.wikipedia.org/wiki/Directory_(computing)



Its not a windows term.  to quote from the wikipedia page you posted:

"If one is referring to a _container of documents_, the term _folder_ is more appropriate. The term _directory_ refers to the way a structured list of document files and folders is stored on the computer."

So technically one can call it either one of the 2.  Where I work, some people call it repo's (which to me doesn't sound right).


----------



## SirDice (Oct 12, 2016)

Yeah, it's not specifically a "Windows" term, it just got hugely popularized by it. The thing to note however is that a folder doesn't necessarily refer to files and directories. A folder can contain pretty much any collection of objects. A good example of this is the "Control Panel" folder on Windows, there's no directory called "Control Panel" anywhere on the system.


----------



## sizigee (Oct 12, 2016)

SirDice said:


> Yeah, it's not specifically a "Windows" term, it just got hugely popularized by it. The thing to note however is that a folder doesn't necessarily refer to files and directories. A folder can contain pretty much any collection of objects. A good example of this is the "Control Panel" folder on Windows, there's no directory called "Control Panel" anywhere on the system.



I agree with you on the folders... it is just a buzzword for a directory.  I am used to using "dir", which is short for (list) directory, but I grew fond of "ls" as it is shorter and makes more sense to me lol 

The control panel is not really an example   it is an application.  try in cmd and in run command (windows key + R) and type "control" it'll open up the control panel


----------

