LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-09-2014, 10:36 AM   #1
ajay.tof
LQ Newbie
 
Registered: Apr 2014
Posts: 2

Rep: Reputation: Disabled
RSA authentication problem while logging in remote server from client


Hi,
I am trying to do ssh sever 2 from server 1 using RSA key. I generated RSA with out involving passwords. I followed below steps for generating keys.

On server2:
Generated RSA key by following command
[16:25:53:roamware@AMSVMRQM-ATT]>ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/opt/Roamware/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /opt/Roamware/.ssh/id_rsa.
Your public key has been saved in /opt/Roamware/.ssh/id_rsa.pub.
The key fingerprint is:
4c:6c:d1:0f:f7:26:1f:e7:1d:e1:e2:85:07:1b:5c:9d roamware@AMSVMRQM-ATT

[16:26:04:roamware@AMSVMRQM-ATT]>ls ~/.ssh
id_rsa id_rsa.pub

[16:30:22:roamware@AMSVMRQM-ATT]>scp -r id_rsa.pub 10.232.69.144:/opt/Roamware/.ssh
The authenticity of host '10.232.69.144 (10.232.69.144)' can't be established.
RSA key fingerprint is 0a:ff:0b:ef:92:6a:bd:57:0c:46:22:47:45:b9:68:87.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.232.69.144' (RSA) to the list of known hosts.

|-----------------------------------------------------------------|
| This system is for the use of authorized users only. |
| Individuals using this computer system without authority, or in |
| excess of their authority, are subject to having all of their |
| activities on this system monitored and recorded by system |
| personnel. |
| |
| In the course of monitoring individuals improperly using this |
| system, or in the course of system maintenance, the activities |
| of authorized users may also be monitored. |
| |
| Anyone using this system expressly consents to such monitoring |
| and is advised that if such monitoring reveals possible |
| evidence of criminal activity, system personnel may provide the |
| evidence of such monitoring to law enforcement officials. |
|-----------------------------------------------------------------|

Password:
id_rsa.pub 100% |*************************************************************************************************** ******************| 231 00:00
[16:35:02:roamware@AMSVMRQM-ATT]>

On server 2:
----------
[16:10:31:roamware@AMSRQMIMAS]>ls -l
total 2
-rw-r--r-- 1 roamware roamware 231 Jun 9 16:35 id_rsa.pub
[16:35:46:roamware@AMSRQMIMAS]>cat id_rsa.pub >>authorized_keys

[16:37:07:roamware@AMSRQMIMAS]>chmod 600 authorized_keys

From server 1 trying to login but still it is prompting for password

[16:38:16:roamware@AMSVMRQM-ATT]>ssh roamware@10.232.69.144 -v
Sun_SSH_1.1.2, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to 10.232.69.144 [10.232.69.144] port 22.
debug1: Connection established.
debug1: identity file /opt/Roamware/.ssh/identity type -1
debug1: identity file /opt/Roamware/.ssh/id_rsa type 1
debug1: identity file /opt/Roamware/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.2
debug1: match: Sun_SSH_1.1.2 pat Sun_SSH_1.1.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1.2
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: Peer sent proposed langtags, ctos: en-CA,en-US,es-MX,es,fr,fr-CA,i-default
debug1: Peer sent proposed langtags, stoc: en-CA,en-US,es-MX,es,fr,fr-CA,i-default
debug1: We proposed langtags, ctos: en-US
debug1: We proposed langtags, stoc: en-US
debug1: Negotiated lang: en-US
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: en_US.UTF-8
debug1: Remote: Negotiated messages locale: en_US.UTF-8
debug1: dh_gen_key: priv key bits set: 120/256
debug1: bits set: 1558/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.232.69.144' is known and matches the RSA host key.
debug1: Found key in /opt/Roamware/.ssh/known_hosts:1
debug1: bits set: 1537/3191
debug1: ssh_rsa_verify: signature correct
debug1: newkeys: mode 1
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: got SSH2_MSG_SERVICE_ACCEPT

|-----------------------------------------------------------------|
| This system is for the use of authorized users only. |
| Individuals using this computer system without authority, or in |
| excess of their authority, are subject to having all of their |
| activities on this system monitored and recorded by system |
| personnel. |
| |
| In the course of monitoring individuals improperly using this |
| system, or in the course of system maintenance, the activities |
| of authorized users may also be monitored. |
| |
| Anyone using this system expressly consents to such monitoring |
| and is advised that if such monitoring reveals possible |
| evidence of criminal activity, system personnel may provide the |
| evidence of such monitoring to law enforcement officials. |
|-----------------------------------------------------------------|

debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: Next authentication method: gssapi-with-mic
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: Next authentication method: publickey
debug1: Trying private key: /opt/Roamware/.ssh/identity
debug1: Trying public key: /opt/Roamware/.ssh/id_rsa
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Trying private key: /opt/Roamware/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
 
Old 06-09-2014, 11:29 AM   #2
potato_farmer
Member
 
Registered: May 2014
Posts: 55

Rep: Reputation: Disabled
What is the output of the following from both systems?

ls -la /opt/Roamware/.ssh/
 
Old 06-10-2014, 02:44 AM   #3
ajay.tof
LQ Newbie
 
Registered: Apr 2014
Posts: 2

Original Poster
Rep: Reputation: Disabled
HI, Thanks for the reply. Please find the below outputs from both systems

[08:45:20:roamware@AMSRQMIMAS]>ls -la /opt/Roamware/.ssh/
total 8
drwx------ 2 roamware roamware 512 Jun 9 16:36 .
drwxrwxr-x 24 roamware roamware 1024 Jun 9 15:30 ..
-rw------- 1 roamware roamware 231 Jun 9 16:36 authorized_keys
-rw-r--r-- 1 roamware roamware 231 Jun 9 16:35 id_rsa.pub

[08:45:04:roamware@AMSVMRQM-ATT]>ls -la /opt/Roamware/.ssh/
total 10
drwxr-xr-x 2 roamware roamware 512 Jun 9 16:35 .
drwxrwxr-x 24 roamware roamware 1024 Jun 9 15:35 ..
-rw------- 1 roamware roamware 887 Jun 9 16:26 id_rsa
-rw-r--r-- 1 roamware roamware 231 Jun 9 16:26 id_rsa.pub
-rw-r--r-- 1 roamware roamware 223 Jun 9 16:35 known_hosts
 
Old 06-10-2014, 01:02 PM   #4
potato_farmer
Member
 
Registered: May 2014
Posts: 55

Rep: Reputation: Disabled
That looks ok. Although, you can remove the id_rsa.pub from AMSRQMIMAS.

Check two more things:

1) In your sshd_config file (/etc/ssh/sshd_config?), what value do you have for "AuthorizedKeysFile"?

2) What do you see in /var/log/secure on AMSRQMIMAS when you try to log in from AMSVMRQM-ATT?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Simple logging of logins to apache server using .htaccess for authentication? damgar Linux - Server 1 06-01-2012 02:00 AM
Sudo Login Problem using RSA Token Authentication devUnix Solaris / OpenSolaris 1 03-03-2011 11:48 AM
[SOLVED] Debian Etch SSH rsa authentication problem parf Linux - Newbie 6 12-16-2009 03:47 AM
Remote Logging (Client Side) robeb Linux - General 3 10-13-2002 04:23 PM


All times are GMT -5. The time now is 06:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration