LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-19-2015, 05:37 AM   #1
xombboxer
Member
 
Registered: Apr 2011
Posts: 63

Rep: Reputation: 0
I need to setup kyless ssh between CentOS and HP-UX both ways


I have 2 linux boxes
Code:
HP-UX server1 B.11.11 U 9000/800
and
Code:
 CentOS release 6.3 (Final)
I need to setup a password-less ssh. I could login from HP-UX to cent os but not other way.

Is it possible to use password less ssh both ways ? Is there any extra step in HP to setup keygen?

what I am doing

Code:
ssh-keygen -t rsa

copy the ~/.ssh/id_rsa.pub from client machine to ~/.ssh/authorized_keys on server machine
 
Old 05-19-2015, 07:07 AM   #2
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 2,141

Rep: Reputation: 849Reputation: 849Reputation: 849Reputation: 849Reputation: 849Reputation: 849Reputation: 849
Keyless

The technique is the same, you just have to do it both ways. The script ssh-copy-id might help you.
 
Old 05-19-2015, 09:59 AM   #3
Soadyheid
Senior Member
 
Registered: Aug 2010
Location: Near Edinburgh, Scotland
Distribution: Cinnamon Mint 17.3 and 18 at present.
Posts: 1,244

Rep: Reputation: 266Reputation: 266Reputation: 266
Quote:
I have 2 linux boxes
HP-UX B11.11 is not Linux. It's an HP proprietary operating system which runs on PA-RISC processors. If I remember correctly you require licences per processor to run it?

Sorry, a diversion from the question asked...

Play Bonny!

 
Old 05-19-2015, 09:10 PM   #4
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 2,141

Rep: Reputation: 849Reputation: 849Reputation: 849Reputation: 849Reputation: 849Reputation: 849Reputation: 849
quite right

You are correct, and I should have stated things clearly. I stand (sit, actually) corrected.

I have used the technique between boxes running various flavors of Linux, BSD, HP-UX, AIX, VMS, and Solaris. Some running OpenSSH and some running the SSH2 commercial product. For some ( in particular where the SSH2 is involved) there are slight differences, but the basic technique works the same.

It even works between Windows NT (and NT server) running the cygwin compile of OpenSSH and a Linux or Unix box, but I have not tested on more recent Windows products. I assume I could make that work also, it has simply not come up for a test. I thought Microsoft was getting a bit 'odd' with NT, and Vista rather proved me right.
(Still, I did not think them suicidal until I saw Win2012 server! ick!)
 
Old 05-20-2015, 05:13 AM   #5
xombboxer
Member
 
Registered: Apr 2011
Posts: 63

Original Poster
Rep: Reputation: 0
Trying debug

Still it asks for password, any help ?

This is what I see after running
Code:
 ssh -i hpux_dsa -vv user@hostname
Code:
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to hostname [xx.xx.xx.xx] port 22.
debug1: Connection established.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file hpux_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7p1+sftpfilecontrol-v1.2-hpn12v17
debug1: match: OpenSSH_4.7p1+sftpfilecontrol-v1.2-hpn12v17 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 125/256
debug2: bits set: 507/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'hostname' is known and matches the RSA host key.
debug1: Found key in /ahome/vobadmin/.ssh/known_hosts:161
debug2: bits set: 512/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: hpux_dsa (0x7ffecd996230)
#########################################################
# This computer system is private property. Use of this #
# system is restricted to authorized users only and     #
# shall be limited to activities permitted under        #
# applicable law. In addition, users must comply with   #
# the owner's acceptable use and other applicable       #
# policies. Unauthorized access, use, or modification   #
# of this system is strictly prohibited and may result  #
# in criminal prosecution, civil action, or employee    #
# discipline. Users of this system should have no       #
# expectation of privacy irrespective of any security   #
# measures imposed by the owner of this system since    #
# such measures are solely for the benefit of the       #
# owner. Activities on this system may be monitored,    #
# recorded, and subject to audit. Use of this system,   #
# authorized or unauthorized, constitutes consent to    #
# such monitoring and recording.                        #
#########################################################

debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: hpux_dsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
vobadmin@hostname's password:
 
Old 05-20-2015, 07:19 AM   #6
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 2,141

Rep: Reputation: 849Reputation: 849Reputation: 849Reputation: 849Reputation: 849Reputation: 849Reputation: 849
interesting

Check the man pages on each platform, there may be detail we are missing.
Also
Check the permissions on the home and .ssh folders. I would expect a clear indicator if this was wrong, but the packages for non-linux systems can vary from the standard to which I am accustomed.
and
examine the logs on the target machine for sshd entries. There may be a clue there: that is what logs are FOR!

Let us know what you find please.

Last edited by wpeckham; 05-20-2015 at 07:21 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ways to troubleshoot ssh connectivity laks Linux - Newbie 2 03-02-2012 02:50 AM
Unable to setup a NIS server setup on CentOS system swatidas11 Linux - Server 3 01-19-2010 07:01 PM
setup Static IP address for centOS and access to ssh careykwong Linux - Networking 14 09-23-2009 10:02 PM
Different ways of installing packages in CENTOS fizeelinux Linux - Newbie 1 08-03-2009 05:52 AM
printer setup from Centos 5 to Vista home prem. on a headless centos pc ncsuapex Red Hat 6 03-10-2008 11:40 AM


All times are GMT -5. The time now is 08:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration