LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-21-2003, 06:46 AM   #1
chr15t0
Member
 
Registered: Jun 2002
Location: London
Distribution: Slackware
Posts: 201

Rep: Reputation: 30
ssh-key authentication failing on one machine


Hey guys,

Perhaps I'm totally overlooking something here, but I'm having problems with ssh authentication on just one of the Linux machines on my network.

Using ssh-keygen -t rsa on my laptop, I create a public key (id_rsa.pub) which I leave in ~/.ssh. On the host machine, I take a copy of the key and place it in ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2 - it all seems fairly normal so far.

However, when I try to log in from the laptop, I get prompted for the password as if the key hadn't been registered. How odd!

Here's a verbose transcript of the ssh session's authentication attempts:
Code:
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug2: userauth_pubkey_agent: no keys at all
debug2: userauth_pubkey_agent: no more keys
debug2: userauth_pubkey_agent: no message sent
debug1: try privkey: /home/chris/.ssh/identity
debug3: no such identity: /home/chris/.ssh/identity
debug1: try pubkey: /home/chris/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug2: userauth_pubkey_agent: no more keys
debug2: userauth_pubkey_agent: no message sent
debug1: try privkey: /home/chris/.ssh/id_dsa
debug3: no such identity: /home/chris/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: next auth method to try is keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply....
etc
authorized_keys and authorized_keys2 are chmod'd to 644


christo
 
Old 08-21-2003, 03:16 PM   #2
bastard23
Member
 
Registered: Mar 2003
Distribution: Debian
Posts: 275

Rep: Reputation: 30
christo,

It seems that you are missing the private key. It should be in "id_rsa". Note that it is the private key and should be on the client machine (laptop). Make sure the permissions are 0600 (only user can read/write).

The id_rsa.pub is the public key and should be the one that goes into the "server" authorized_keys file. But I think that's what you did, right?

Have fun,
chris
 
Old 08-21-2003, 03:30 PM   #3
chr15t0
Member
 
Registered: Jun 2002
Location: London
Distribution: Slackware
Posts: 201

Original Poster
Rep: Reputation: 30
hey chris,

thanks a lot for the reply..
Code:
[chris@kerenski .ssh]$ ls -al
total 28
drwx------    2 chris    chris        4096 Aug 21 13:09 .
drwx------   57 chris    chris        4096 Aug 21 21:19 ..
-rw-r--r--    1 chris    chris         224 Aug 21 13:12 authorized_keys
-rw-r--r--    1 chris    chris         224 Aug 21 13:12 authorized_keys2
-rw-------    1 chris    chris         883 Aug 21 12:14 id_rsa
-rw-r--r--    1 chris    chris         224 Aug 21 12:14 id_rsa.pub
-rw-r--r--    1 chris    chris        2484 Aug 10 22:52 known_hosts
that looks okay to me.. and I have checked that the key is present in the aurhorized_keys2 file as well. The setup is exactly the same in reverse, and works fine.. in fact, I can ssh freely between any of 4 linux machines on the network apart from this one machine, brezhnev. which always drops out to password authentication.

hurrumph !

christo

Last edited by chr15t0; 08-21-2003 at 03:31 PM.
 
Old 08-21-2003, 04:24 PM   #4
bastard23
Member
 
Registered: Mar 2003
Distribution: Debian
Posts: 275

Rep: Reputation: 30
christo,

I started playing around with my ssh setup. I suspect that brezhnev doesn't have the proper authorized_key file. Try using the debug option on the server to see the difference between public key auth or not.

Instead of having two authorized key files, concatenate the files together. authorized_keys2 isn't getting processed?

If I have an authorized_key file, my logs show the server responding to we sent a publickey packet, wait for reply with a Server accepts key: ... If I move the authorized key file, my ssh log look like yours.

Good luck,
chris
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh public key authentication teacup Linux - Networking 4 11-27-2011 11:27 PM
DISCUSSION: Public key authentication with ssh david_ross LinuxAnswers Discussion 31 02-02-2011 08:13 AM
ssh public key authentication problem flgal3 Linux - Software 21 02-06-2009 11:15 AM
failed ssh RSA key authentication jdarren Linux - Networking 15 07-06-2008 10:25 AM
SSH - Problem with Public Key Authentication HaPagan Linux - Security 5 11-28-2005 11:27 PM


All times are GMT -5. The time now is 05:06 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration