LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 08-25-2010, 10:42 AM   #1
grob115
Member
 
Registered: Oct 2005
Posts: 528

Rep: Reputation: 32
SSH not working after ssh-keygen due to lack of entropy


My /proc/sys/kernel/random/entropy_avail went from 2200 to <200 after ssh-keygen. The generated key pairs also doesn't work (ie I'm asked to provide a password). Anyone knows what is the minimum before and after entropy number I should see in order to have the keys generated properly?
 
Old 08-25-2010, 11:39 AM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,652

Rep: Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536
The two are not necessarily related.

Quote:
The generated key pairs also doesn't work
Get an `ssh -vv user@host` to the server and post it.
 
Old 08-26-2010, 12:34 PM   #3
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Also, what OS / version? (It's a good idea to include that info when starting a thread.)
 
Old 08-28-2010, 12:34 AM   #4
grob115
Member
 
Registered: Oct 2005
Posts: 528

Original Poster
Rep: Reputation: 32
It's CentOS 5.5 64-bit. Isn't this the same for most Linux distro?
 
Old 08-28-2010, 09:38 AM   #5
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,652

Rep: Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536
The two are not necessarily related.

Quote:
The generated key pairs also doesn't work
Get an `ssh -vv user@host` to the server and post it.
 
Old 08-28-2010, 09:46 AM   #6
grob115
Member
 
Registered: Oct 2005
Posts: 528

Original Poster
Rep: Reputation: 32
I run badblocks twice just to increase the entropy level and generated the key pair again, yet failed again. This was going from my Physical Box A to my VM Box B.

I then tried generating the key pair on Physical Box C and put the public key on Physical Box A. I then ssh from Physical Box C to Physical Box A and it worked fine. This proves my procedure was correct.

Unfortunately the original key pair generated on VM Box B was removed. Nevertheless, I did "ssh -vv username@<VM Box B>" from Physical Box A, and I saw the following at the end:
Code:
debug1: Next authentication method: publickey
debug1: Trying private key: /home/backup/.ssh/identity
debug1: Trying private key: /home/backup/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /home/backup/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
Is this hinting at something?
 
Old 08-28-2010, 10:41 AM   #7
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,652

Rep: Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536
Sorry, I wanted "-vvv" not "-vv".

Are ~/.ssh and all files in it on the client only readable and writable by you (chmod 0700)? Is PubkeyAuthentication set to yes in /etc/ssh/sshd_config on the server and have you restarted sshd?
 
Old 08-28-2010, 10:56 AM   #8
grob115
Member
 
Registered: Oct 2005
Posts: 528

Original Poster
Rep: Reputation: 32
OMG! I can't believe this. It's that simple permission thing!
Initially I had this for .ssh
drwxrwxr-x 2 backup backup 4096 Aug 28 07:52 .

When I changed .ssh to the following it works!
drwx------ 2 backup backup 4096 Aug 28 07:52 .

Thanks!
 
Old 08-28-2010, 12:33 PM   #9
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,652

Rep: Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536
You're welcome.

By the way: http://catb.org/esr/faqs/smart-questions.html#symptoms
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh-keygen issue salimshahzad Linux - Newbie 1 03-07-2010 04:44 AM
ssh-agent, ssh-add and ssh-keygen AND CVS raylpc Linux - General 2 11-19-2008 03:50 AM
need help automating ssh-keygen linxq4u Linux - General 1 08-25-2007 12:13 PM
How to ssh-keygen? Baran Linux - Networking 5 04-26-2005 03:40 PM
ssh-keygen problem mijohnst Linux - Networking 5 07-20-2004 02:00 PM


All times are GMT -5. The time now is 04:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration