LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   SSH not working after ssh-keygen due to lack of entropy (http://www.linuxquestions.org/questions/linux-security-4/ssh-not-working-after-ssh-keygen-due-to-lack-of-entropy-828391/)

grob115 08-25-2010 09:42 AM

SSH not working after ssh-keygen due to lack of entropy
 
My /proc/sys/kernel/random/entropy_avail went from 2200 to <200 after ssh-keygen. The generated key pairs also doesn't work (ie I'm asked to provide a password). Anyone knows what is the minimum before and after entropy number I should see in order to have the keys generated properly?

AlucardZero 08-25-2010 10:39 AM

The two are not necessarily related.

Quote:

The generated key pairs also doesn't work
Get an `ssh -vv user@host` to the server and post it.

anomie 08-26-2010 11:34 AM

Also, what OS / version? (It's a good idea to include that info when starting a thread.)

grob115 08-27-2010 11:34 PM

It's CentOS 5.5 64-bit. Isn't this the same for most Linux distro?

AlucardZero 08-28-2010 08:38 AM

The two are not necessarily related.

Quote:

The generated key pairs also doesn't work
Get an `ssh -vv user@host` to the server and post it.

grob115 08-28-2010 08:46 AM

I run badblocks twice just to increase the entropy level and generated the key pair again, yet failed again. This was going from my Physical Box A to my VM Box B.

I then tried generating the key pair on Physical Box C and put the public key on Physical Box A. I then ssh from Physical Box C to Physical Box A and it worked fine. This proves my procedure was correct.

Unfortunately the original key pair generated on VM Box B was removed. Nevertheless, I did "ssh -vv username@<VM Box B>" from Physical Box A, and I saw the following at the end:
Code:

debug1: Next authentication method: publickey
debug1: Trying private key: /home/backup/.ssh/identity
debug1: Trying private key: /home/backup/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /home/backup/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password

Is this hinting at something?

AlucardZero 08-28-2010 09:41 AM

Sorry, I wanted "-vvv" not "-vv".

Are ~/.ssh and all files in it on the client only readable and writable by you (chmod 0700)? Is PubkeyAuthentication set to yes in /etc/ssh/sshd_config on the server and have you restarted sshd?

grob115 08-28-2010 09:56 AM

OMG! I can't believe this. It's that simple permission thing!
Initially I had this for .ssh
drwxrwxr-x 2 backup backup 4096 Aug 28 07:52 .

When I changed .ssh to the following it works!
drwx------ 2 backup backup 4096 Aug 28 07:52 .

Thanks!

AlucardZero 08-28-2010 11:33 AM

You're welcome.

By the way: http://catb.org/esr/faqs/smart-questions.html#symptoms


All times are GMT -5. The time now is 05:35 PM.