LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-06-2014, 02:29 PM   #1
slepthien
LQ Newbie
 
Registered: Mar 2014
Posts: 6

Rep: Reputation: Disabled
sftp asking for password authentication but my public key is passwordless


I created a key test2_id_rsa.
The company that I am trying to send a file to has the .pub key and has applied it to their server.

When I try to connect it asked me for a password.
The known_host and authorized_keys files look good to me.

This is what I get when I run sftp -vvv with my user to their site.

I uncommented the following in the sshd_config file.

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile ~/.ssh/authorized_keys

and added IdentityFile ~/.ssh/test2_id_rsa

Connecting to toSite...
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug2: ssh_connect: needpriv 0
debug1: Connecting to toSite[111.11.11.1] port 22.
debug1: Connection established.
debug1: identity file /home/applfint/.ssh/id_rsa type -1
debug1: identity file /home/applfint/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version SFTP Server
debug1: no match: SFTP Server
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 813
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: blowfish-cbc,3des-cbc,aes128-cbc,aes128-ctr,aes192-cbc,aes192-ctr,aes256-cbc,aes256-ctr,twofish128-cbc,twofish192-cbc,twofish256-cbc,cast128-cbc
debug2: kex_parse_kexinit: blowfish-cbc,3des-cbc,aes128-cbc,aes128-ctr,aes192-cbc,aes192-ctr,aes256-cbc,aes256-ctr,twofish128-cbc,twofish192-cbc,twofish256-cbc,cast128-cbc
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5,hmac-md5-96,hmac-sha1-96
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5,hmac-md5-96,hmac-sha1-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 837
debug2: dh_gen_key: priv key bits set: 127/256
debug2: bits set: 521/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 981
debug3: check_host_in_hostfile: filename /home/applfint/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 6
debug3: check_host_in_hostfile: filename /home/applfint/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 6
debug1: Host 'toSite' is known and matches the RSA host key.
debug1: Found key in /home/applfint/.ssh/known_hosts:6
debug2: bits set: 513/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 997
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1045
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/applfint/.ssh/id_rsa ((nil))
debug2: key: /home/applfint/.ssh/id_dsa ((nil))
debug3: Wrote 64 bytes for a total of 1109
debug3: input_userauth_banner
SSH Server supporting SFTP and SCP
debug1: Authentications that can continue: password,publickey,keyboard-interactive
debug3: start over, passed a different list password,publickey,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/applfint/.ssh/id_rsa
debug3: no such identity: /home/applfint/.ssh/id_rsa
debug1: Trying private key: /home/applfint/.ssh/id_dsa
debug3: no such identity: /home/applfint/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: Wrote 96 bytes for a total of 1205
debug2: input_userauth_info_req
password
Enter password for healthyd
debug2: input_userauth_info_req: num_prompts 1
Password:
 
Old 03-06-2014, 02:59 PM   #2
Smokey_justme
Member
 
Registered: Oct 2009
Distribution: Slackware
Posts: 534

Rep: Reputation: 203Reputation: 203Reputation: 203
Hello slepthien,

Thanks for doing and including the debug messages. Your problem is here:

Code:
debug1: identity file /home/applfint/.ssh/id_rsa type -1
[...]
debug1: Trying private key: /home/applfint/.ssh/id_rsa
debug3: no such identity: /home/applfint/.ssh/id_rsa
debug1: Trying private key: /home/applfint/.ssh/id_dsa
debug3: no such identity: /home/applfint/.ssh/id_dsa
It seems that sftp is using ~/.ssh/id_rsa (default) key for the connection (and it doesn't find it)...

You can try passing the -i option
Code:
sftp -i ~/.ssh/test2_id_rsa
just to see if the key works

In which file did you add the IdentityFile line?
 
Old 03-06-2014, 03:00 PM   #3
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 6 (pre-systemd)
Posts: 2,614

Rep: Reputation: 703Reputation: 703Reputation: 703Reputation: 703Reputation: 703Reputation: 703Reputation: 703
Code:
debug1: Trying private key: /home/applfint/.ssh/id_rsa
debug3: no such identity: /home/applfint/.ssh/id_rsa
This says it doesn't see your private key on the client machine. You can't rename it, it has to be in that directory with that name and permissions 0600. the id_rsa.pub file has to be appended to the authorized_keys file on the server.
 
Old 03-06-2014, 03:07 PM   #4
slepthien
LQ Newbie
 
Registered: Mar 2014
Posts: 6

Original Poster
Rep: Reputation: Disabled
Smokey_justme
when i run sftp -i
I get
sftp: illegal option -- i
usage: sftp [-1Cv] [-B buffer_size] [-b batchfile] [-F ssh_config]
[-o ssh_option] [-P sftp_server_path] [-R num_requests]
[-S program] [-s subsystem | sftp_server] host
sftp [user@]host[:file ...]
sftp [user@]host[:dir[/]]
sftp -b batchfile [user@]host

smallpond
Not sure what you are saying. Why can't I have test2_id_rsa as the primary key. I am not using the id_rsa because it was created with a password which I do not have.
 
Old 03-06-2014, 03:32 PM   #5
michaelk
Moderator
 
Registered: Aug 2002
Posts: 14,961

Rep: Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530
The default name for the private key file is id_dsa or id_rsa. That does not mean it can not be named something else as long is it is specified on the command line or the ~/.ssh/config file. As stated make sure it has the proper permissions.

What linux distribution / version are you running?

Did you try?
sftp -i ~/.ssh/test2_id_rsa username@server
 
Old 03-06-2014, 03:46 PM   #6
slepthien
LQ Newbie
 
Registered: Mar 2014
Posts: 6

Original Poster
Rep: Reputation: Disabled
michaelk
I am using Oracle linux 6

when i run the sftp -i command it says it is an illegal option.

I do not have ~/config file.
The files i have edited are etc/ssh/sshd_config and etc/ssh/ssh_config
 
Old 03-06-2014, 04:05 PM   #7
michaelk
Moderator
 
Registered: Aug 2002
Posts: 14,961

Rep: Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530
Your correct. I'm having a bad day...

It should be

sftp -o IdentityFile=~/.ssh/test2_id_rsa username@host

The ~/.ssh/config file is not automatically created. ssh_config is a global client file for all users and you can create your own in your .ssh directory.

You can create one to make your life bit easier.
Code:
host server
     hostname server.name.whatever
     IdentityFile ~/.ssh/test2_id_rsa
     user username
Then all you need on the command line is
sftp server


http://www.cyberciti.biz/faq/create-...on-linux-unix/

Last edited by michaelk; 03-07-2014 at 09:50 AM. Reason: mispelled IdentityFile
 
1 members found this post helpful.
Old 03-07-2014, 01:23 AM   #8
Smokey_justme
Member
 
Registered: Oct 2009
Distribution: Slackware
Posts: 534

Rep: Reputation: 203Reputation: 203Reputation: 203
Hmm, I didn't knew there are versions out there without the -i option... Well, live and learn..

Now, michaelk already told you the solution.. I won't repeat it, but if you don't want a per-user configuration (I do recommend it in your case) then recheck your /etc/ssh/ssh_config.

The line you added 'IdentityFile ~/.ssh/test2_id_rsa' must be under a host that will get parsed when connecting (by default it's for all hosts) and must be the first 'IdentityFile' line in that "section". According to the manuals it will take the first value it finds..
 
1 members found this post helpful.
Old 03-07-2014, 09:47 AM   #9
slepthien
LQ Newbie
 
Registered: Mar 2014
Posts: 6

Original Poster
Rep: Reputation: Disabled
Thanks

Thanks all creating the config file worked.
I appreciate the help
 
Old 03-07-2014, 09:49 AM   #10
michaelk
Moderator
 
Registered: Aug 2002
Posts: 14,961

Rep: Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530
Thanks for posting back that it worked.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Trying to get SFTP to use public key authentication Phaethar Linux - Software 1 12-07-2013 03:46 AM
password less sftp connectivity using public key kashifchughtai Linux - Newbie 7 06-24-2013 09:49 PM
[SOLVED] SFTP fails public key authentication in batch mode chicagovol Linux - Newbie 1 05-26-2011 04:52 PM
Public key authentication with ssh -- With out Password balakrishnay Linux - General 10 01-03-2010 11:41 PM
SFTP without password and without public/ private key iamakshay Programming 2 10-19-2009 05:35 PM


All times are GMT -5. The time now is 01:02 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration