LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 10-01-2008, 07:26 AM   #1
jchambers
Member
 
Registered: Aug 2007
Location: California
Distribution: Debian
Posts: 127

Rep: Reputation: 15
SFTP auto login works one way only?


Hello all.

I have read many posts on auto login for SSH but can not figure this one out.


Code:
#ssh-keygen -t rsa

-rw-r--r-- 1 root root  415 2008-10-01 04:07 authorized_keys
-rw------- 1 root root 1.7K 2008-09-30 18:47 id_rsa
-rw-r--r-- 1 root root  413 2008-09-30 18:47 id_rsa.pub
-rw-r--r-- 1 root root  884 2008-10-01 03:33 known_hosts
Example:

Server A cannot auto login (sftp) to server B

Server B can auto login (sftp) to server A



Server A: Debian (etch)
Linux 2.6.18-4-amd64 #1 SMP Mon Mar 26 11:36:53 CEST 2007 x86_64 GNU/Linux

Server B: Debian (etch)
Linux 2.6.18-5-686 #1 SMP Fri Jun 1 00:47:00 UTC 2007 i686 GNU/Linux


My only thought is that something changed in the newest version of Etch.
Any ideas?


Jon
 
Old 10-01-2008, 09:43 AM   #2
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
Hi.

Check the permissions on the home directories as well as the .ssh directories and the keys.

Also, try running ssh -vvv in both directions to see if there's anything interesting.

Dave
 
Old 10-01-2008, 02:14 PM   #3
jchambers
Member
 
Registered: Aug 2007
Location: California
Distribution: Debian
Posts: 127

Original Poster
Rep: Reputation: 15
Thank you for the reply.

I keep getting blacklisted on the server I am trying to auto ssh to.
/var/logs/auth.log

Oct 1 10:43:50 www sshd[2444]: Public key 4f:d7:71:27:51:bf:5e:a9:b7:af:2c:82:0d:2a:bb:53 blacklisted (see ssh-vulnkey(1))


You got me on the right track, though it turns out it is a problem between the new version of open-ssh and prior versions. From what I read if both servers do not have the newest version it will not work. I upgraded both servers with openssl_0.9.8.


http://www.ducea.com/2008/05/14/ssh-vulnkey-a/


My problem is that my x86_64 version wil not upgrade to the newest version.

64 bit
Code:
ii  openssh-blacklist                 0.1.1                                list of blacklisted OpenSSH RSA and DSA keys
ii  openssh-client                    1:4.7p1-8                            secure shell client, an rlogin/rsh/rcp repla
ii  openssh-server                    1:4.7p1-8                            secure shell server, an rshd replacement
ii  ssh                               1:5.1p1-2                            secure shell client and server (metapackage)
ii  openssl                           0.9.8c-4etch3                        Secure Socket Layer (SSL) binary and related
i686
Code:
ri  openssh-blacklist                 0.1.1                                list of blacklisted OpenSSH RSA and DSA keys
ii  openssh-client                    4.3p2-9etch3                         Secure shell client, an rlogin/rsh/rcp repla
ii  openssh-server                    4.3p2-9etch3                         Secure shell server, an rshd replacement
ii  ssh                               4.3p2-9etch3                         Secure shell client and server (transitional
openssl                           0.9.8c-4etch3                        Secure Socket Layer (SSL) binary and related
Anyway to bypass the black list?
 
Old 10-02-2008, 06:49 AM   #4
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
You can get around this by regenerating your host keys. Should be something like:

# ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
# ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa

This will cause any client to shout about key fingerprints when the SSH/SFTP in, which may break automated pub-priv key logins until the new host fingerprints are accepted, so be warned.

Dave
 
Old 10-08-2008, 01:33 PM   #5
jchambers
Member
 
Registered: Aug 2007
Location: California
Distribution: Debian
Posts: 127

Original Poster
Rep: Reputation: 15
[solved]

Well I figured it out.

http://www.debian.org/security/2008/dsa-1571

http://wiki.debian.org/SSLkeys

Turns out that I needed to do this:
Code:
rm /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server
Then it recreated the keys without black listing them.

Thanks for your help Dave.
Your suggestions led me to the answer.

Jon
 
Old 01-02-2009, 05:03 AM   #6
saleemsupra
LQ Newbie
 
Registered: Jan 2008
Posts: 4

Rep: Reputation: 0
i am using fedora7 64 i want to login to other machine by rsh without password. there is no xinetd in my /etc dir. rsh appears only in /usr/bin/rsh or in pam.d directory.

please help me how can i configure rsh and login using rsh command?


Thanks

Saleemsupra
 
Old 01-03-2009, 02:29 PM   #7
jchambers
Member
 
Registered: Aug 2007
Location: California
Distribution: Debian
Posts: 127

Original Poster
Rep: Reputation: 15
Hi saleemsupra.

I setup ssh using "ssh-keygen -t rsa", then copied the id_rsa.pub key to the authorized_keys file of the remote server/user to connect to. Manually login once using ssh or sftp to the remote server. After that is setup it seems to work well for me.


#rsh -l [remote user] -p [remote port] [url / IP] [command]

#rsh -l myuser -p 22 192.168.2.55 echo


I hope that helps to answer your question.

Jon
 
  


Reply

Tags
sftp, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh login works but sftp doesn't... koyi Linux - Networking 8 02-28-2011 09:34 AM
Auto-login (KDE) - will not auto-login without monitor attached Mithrilhall Linux - General 2 03-04-2008 11:16 AM
How to configure auto login & after login auto startup some program. hocheetiong Linux - Newbie 1 02-18-2008 01:49 AM
cannot login into SFTP server using Net::SFTP cccc Programming 1 10-31-2007 07:23 AM
sftp no longer works, but ssh still does. muxman Linux - Software 0 05-19-2004 07:09 AM


All times are GMT -5. The time now is 12:45 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration