LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 04-23-2013, 03:16 PM   #1
i4Giron
LQ Newbie
 
Registered: Mar 2013
Location: Maryland
Distribution: Linux
Posts: 10

Rep: Reputation: Disabled
SSH Key Weirdness..


I'm trying to make sense of something:

I wanted to use ssh keys to go between linux workstations at the office. I created a local rsa key (2048) on the client1 and ssh-copy-id to client2.

I get the error "Agent admitted failure to sign using the key"

Using ssh -vv I found this "debug2: key_type_from_name: unknown key type '-----Begin'" in regards to the rsa key.. ok..

After many atempts at debugging, remaking keys, different bit sizes, etc. Major time sink and still FAIL! On a wim I decide to make a dsa key instead.

That works perfectly! wtf. So I'm googleing a lot and find this thread which mentions the hosts.allow/hosts.deny files

Both of those files are blank on both systems but what the hey i'll give anything a go at this point, so I added sshd:ALL to client2's hosts.allow and viola the rsa keys work fine now..

Will someone please enlighten me as to why dsa worked while rsa did not until I altered the hosts.allow file?
 
Old 04-23-2013, 06:10 PM   #2
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,285

Rep: Reputation: 394Reputation: 394Reputation: 394Reputation: 394
few things to check.

1. OS on both ends. Ive had a hard time with older distros not working with rsa keys but working under dsa.

2. check the permissions on both the directory and the files within the ~/.ssh directory.

3. also verify that you proper permissions for authorized_keys

4. the hosts.allow/deny only function if either has any information in it.
 
Old 04-23-2013, 06:14 PM   #3
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,285

Rep: Reputation: 394Reputation: 394Reputation: 394Reputation: 394
also check out this guide:

http://www.linuxquestions.org/questi...on-4175456100/
 
Old 04-25-2013, 11:59 AM   #4
i4Giron
LQ Newbie
 
Registered: Mar 2013
Location: Maryland
Distribution: Linux
Posts: 10

Original Poster
Rep: Reputation: Disabled
client2 was RHEL6.3 and client1 was RHEL6.4. All the permissions on files matched what you have in that other thread. I had checked the versions of SSH and openSSL and both were the same. Both clients did need a yum update so I did that. Both are now an updated 6.4 and the all types (rsa1024/rsa2048/dsa1024 etc.) are working just fine. Its annoying that it wouldn't work across rhel versions, and there were quite a few updates so i'm unsure as to which of them fixed the issues. Anywho thanks for the help! Marking this one solved, even though I don't understand the details of how
 
Old 04-25-2013, 12:46 PM   #5
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,285

Rep: Reputation: 394Reputation: 394Reputation: 394Reputation: 394
sounds like there might have been a bad openssh or sshd running on one of the systems that yum resolved.

both are to new to not work with both dsa and rsa keys.

glad it is working.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH skips public key authentication for a key, but works with another key simopal6 Linux - General 1 07-06-2011 08:33 AM
Help: Weirdness with ssh/pam when trying to ssh in Nabana Linux - Security 1 04-01-2010 08:17 PM
SSH weirdness TL_CLD Slackware 1 09-10-2008 09:26 AM
ssh login weirdness kav Linux - Networking 10 12-26-2006 05:59 AM
SSH weirdness sardaukar_siet Linux - Networking 2 11-07-2006 03:31 PM


All times are GMT -5. The time now is 11:29 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration