LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 07-02-2012, 03:40 PM   #1
Laertiades
Member
 
Registered: Jul 2012
Location: Pacific Northwest
Distribution: Arch
Posts: 59

Rep: Reputation: Disabled
Unhappy sftp non-interactive login


I realize this is a common issue. I have read a number of other entries but nothing works for me.
I wish to automate file uploads to ipage.com using sftp. Man pages on sftp say I must use non-interactive login and give reference ssh-keygen. I used ssh-keygen to make two files. I put one in ~/.ssh/authorized_keys on server. when I run following script:

sftp -i ~/.ssh/id_rsa -P 2222 USER@ftp.ipage.com

I am still asked for password. I have tried several other things recommended at other forums to no avail. Perhaps ipage does not support passwordless login or ssh(1) or ssh(2). I don't know how to find out and customer service is not helpful.

Any help would help. Thanks in advance.
 
Old 07-02-2012, 04:03 PM   #2
suicidaleggroll
Senior Member
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 3,222

Rep: Reputation: 1155Reputation: 1155Reputation: 1155Reputation: 1155Reputation: 1155Reputation: 1155Reputation: 1155Reputation: 1155Reputation: 1155
make sure your authorized keys file has the proper permissions. If the permissions are too lax SSH won't use it.
Code:
chmod 750 ~
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Also, you shouldn't have to pass the rsa key on the command line, it should do it automatically. Just run ssh-keygen, press enter a few times until you're back at the prompt (don't enter a passphrase), then copy the contents of the id_rsa.pub file into authorized_keys on the destination machine.

Last edited by suicidaleggroll; 07-02-2012 at 04:06 PM.
 
Old 07-02-2012, 04:31 PM   #3
Laertiades
Member
 
Registered: Jul 2012
Location: Pacific Northwest
Distribution: Arch
Posts: 59

Original Poster
Rep: Reputation: Disabled
Still no luck

Thank you for the response. I changed file permissions as specified on client and server. sftp still wants password. I also used ssh-add to add identity. I remade the id_rsa files without the -t rsa option. I never get any error messages; just a prompt for my password no matter what I try.
 
Old 07-02-2012, 04:45 PM   #4
suicidaleggroll
Senior Member
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 3,222

Rep: Reputation: 1155Reputation: 1155Reputation: 1155Reputation: 1155Reputation: 1155Reputation: 1155Reputation: 1155Reputation: 1155Reputation: 1155
Try adding -v to your sftp call, it should print more info about why you're being prompted for a password.
 
Old 07-02-2012, 05:00 PM   #5
Laertiades
Member
 
Registered: Jul 2012
Location: Pacific Northwest
Distribution: Arch
Posts: 59

Original Poster
Rep: Reputation: Disabled
Here is the output if you wouldn't mind giving your input. I am unable to interpret. I will substitute ?????? for data which seems to be of a sensitive nature.


OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to ftp.ipage.com [66.96.147.100] port 2222.
debug1: Connection established.
debug1: identity file /home/jesse/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/jesse/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version mod_sftp/0.9.8
debug1: no match: mod_sftp/0.9.8
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA ?????????????????????????????????
debug1: Host '[ftp.ipage.com]:2222' is known and matches the RSA host key.
debug1: Found key in /home/jesse/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/jesse/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: /home/jesse/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
????????????@ftp.ipage.com's password:


Thank you in any case for all the help you have offered thus far.
I might add that customer service at ipage swears up and down that they do not support ssh.

Last edited by Laertiades; 07-02-2012 at 05:02 PM. Reason: to add info
 
Old 07-02-2012, 05:17 PM   #6
suicidaleggroll
Senior Member
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 3,222

Rep: Reputation: 1155Reputation: 1155Reputation: 1155Reputation: 1155Reputation: 1155Reputation: 1155Reputation: 1155Reputation: 1155Reputation: 1155
I just compared that to a working public key authentication on my own machine. The relevant part is below (differences versus your output in bold):
Code:
debug1: Next authentication method: publickey
debug1: Offering public key: /home/eggroll/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering public key: /home/eggroll/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending subsystem: sftp
So yours is sending the key, it's being accepted by the server, but it still doesn't let you in. In my experience this is usually caused by a permission issue. One difference in my setup is the authorized_keys file on the server is actually called "authorized_keys2", not sure if that would make a difference.
 
Old 07-02-2012, 05:39 PM   #7
Laertiades
Member
 
Registered: Jul 2012
Location: Pacific Northwest
Distribution: Arch
Posts: 59

Original Poster
Rep: Reputation: Disabled
I have checked that there are write permissions are only for user on home/ .ssh/ and authorized_keys2 (I tried changing name. Which perhaps refers to protocol 2). Is there perhaps a way to ensure that the server has PubkeyAuthentication Yes and RSAAuthentication Yes?
 
Old 07-02-2012, 07:05 PM   #8
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.6, Centos 5.10
Posts: 16,324

Rep: Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041
Look into /etc/ssh/sshd_config; full docs here http://www.openssh.com/manual.html
 
Old 07-03-2012, 01:13 PM   #9
Laertiades
Member
 
Registered: Jul 2012
Location: Pacific Northwest
Distribution: Arch
Posts: 59

Original Poster
Rep: Reputation: Disabled
Still no luck

I greatly appreciate your help suicidaleggroll and chrism01. I do not have sshd_config on my system. This file seems to be used by sshd, a server daemon which I do not have installed. I did find etc/ssh/ssh_config and I added the line:

PubkeyAuthentication yes

which changed the last five lines of my output to:

debug1: Offering RSA public key: /home/jesse/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password

I also added the following to no effect (of course)

HostbasedAuthentication yes
IdentityFile ~/.ssh/id_rsa
EnableSSHKeysign yes

I would really like to implement this public key authentication. It seems like the appropriate way to protect a clients data when automating uploads to a webhost. Any further help, advise, or insight from anyone would be greatly appreciated. I will show my file permissions and my 2 bash scripts if that helps anyone:

sftp> pwd
Remote working directory: /.ssh
sftp> ls -al
drwx------ 2 USER www 3 Jul 3 12:10 .
drwxr-x--- 8 USER www 28 Jul 2 11:58 ..
-rw------- 1 USER www 404 Jul 2 16:24 authorized_keys

[jesse .ssh]$ ls -al
total 20
drwx------ 2 jesse jesse 4096 2012-07-02 13:23 .
drwx------ 34 jesse jesse 4096 2012-07-03 07:17 ..
-r-------- 1 jesse jesse 1679 2012-07-02 13:23 id_rsa
-rw------- 1 jesse jesse 404 2012-07-02 13:23 id_rsa.pub
-rw------- 1 jesse jesse 540 2012-06-29 16:16 known_hosts

sftp -2 -v -i /home/jesse/.ssh/id_rsa -P 2222 USER@ftp.ipage.com
ssh -2 -v -i /home/jesse/.ssh/id_rsa -p 2222 USER@ftp.ipage.com
 
Old 07-03-2012, 04:25 PM   #10
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,583

Rep: Reputation: 480Reputation: 480Reputation: 480Reputation: 480Reputation: 480
if you own both servers you can start over and try following these basic steps:

Code:
[rx30@rx30 ~]$ cd .ssh
[rx30@rx30 .ssh]$ ls -l
total 12
-rw------- 1 rx30 group 3243 Jun 22 15:50 id_rsa
-rw-r--r-- 1 rx30 group  743 Jun 22 15:50 id_rsa.pub
-rw-r--r-- 1 rx30 group 2980 Jun 13 12:02 known_hosts
[rx30@rx30 .ssh]$ rm -rf id*
[rx30@rx30 .ssh]$ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/usr/rx30/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /usr/rx30/.ssh/id_rsa.
Your public key has been saved in /usr/rx30/.ssh/id_rsa.pub.
The key fingerprint is:
1c:b1:72:fd:40:3c:93:4e:a6:99:21:31:fd:7a:2c:d8 rx30@rx30.localdomain
[rx30@rx30 .ssh]$
[rx30@rx30 .ssh]$ ls -laF
total 56
drwxr-xr-x   2 rx30 group  4096 Jul  3 16:18 ./
drwxrwxrwx+ 52 rx30 group 36864 Jul  3 16:09 ../
-rw-------   1 rx30 group  3243 Jul  3 16:18 id_rsa
-rw-r--r--   1 rx30 group   743 Jul  3 16:18 id_rsa.pub
-rw-r--r--   1 rx30 group  2980 Jun 13 12:02 known_hosts
[rx30@rx30 .ssh]$ ssh-copy-id -i *.pub XXX@10.10.4.81
10
XXX@10.10.4.81's password:
Now try logging into the machine, with "ssh 'XXX@10.10.4.81'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[rx30@rx30 .ssh]$ ssh XXX@10.10.4.81
Last login: Fri Jun 22 16:31:31 2012 from 10.10.4.77
[XXX@XXX ~]$ exit
logout
Connection to 10.10.4.81 closed.
The permissions on the remote system for .ssh are as follows:

Code:
$ ls -laF /home/XXX/.ssh/
total 24
drwx------.  2 ray ray 4096 Jul  3 16:18 ./
drwx------. 59 ray ray 4096 May 31 14:01 ../
-rw-------   1 ray ray  743 Jul  3 16:18 authorized_keys
-rw-r--r--   1 ray ray 8346 Jul  3 16:17 known_hosts
on the local box the permissions for .ssh are:

Code:
drwxr-xr-x   2 rx30 group      4096 Jul  3 16:18 .ssh
and on the remote box:

Code:
drwx------.  2 XXX  XXX     4096 Jul  3 16:18 .ssh/
Hope this helps. The permissions of 761 on the local system are a bit loose, but it does not seem to affect the ability to connect. typically you dont want permissions looser then 700, but 755 are ok.
 
Old 07-04-2012, 11:11 AM   #11
Laertiades
Member
 
Registered: Jul 2012
Location: Pacific Northwest
Distribution: Arch
Posts: 59

Original Poster
Rep: Reputation: Disabled
giving up

thank you lleb for your contribution. I do not have control of the remote server. I tried your steps but couldn't get ssh-copy-id to connect. I am also unable to connect with ssh. I have been able to connect with ftp and sftp. At this point I am going to desist from further attempts. Perhaps it is a red herring. Perhaps I am in over my head. Thank you, everyone, for your time.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SFTP with non-interactive authentication dhanju Linux - Server 4 12-10-2014 09:32 AM
[SOLVED] non-interactive authentication setup for SFTP using shell script rajesekhar Linux - Newbie 2 09-05-2010 06:24 PM
[SOLVED] Login and Interactive shells Josh000 Slackware 7 04-23-2010 10:02 AM
cannot login into SFTP server using Net::SFTP cccc Programming 1 10-31-2007 07:23 AM
MySql + Non interactive Login ! xanthium Programming 2 03-30-2002 01:20 AM


All times are GMT -5. The time now is 02:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration