SSH not working after ssh-keygen due to lack of entropy

grob115 · 08-25-2010, 09:42 AM

My /proc/sys/kernel/random/entropy_avail went from 2200 to <200 after ssh-keygen. The generated key pairs also doesn't work (ie I'm asked to provide a password). Anyone knows what is the minimum before and after entropy number I should see in order to have the keys generated properly?

AlucardZero · 08-25-2010, 10:39 AM

The two are not necessarily related.

Quote:

The generated key pairs also doesn't work

Get an `ssh -vv user@host` to the server and post it.

anomie · 08-26-2010, 11:34 AM

Also, what OS / version? (It's a good idea to include that info when starting a thread.)

grob115 · 08-27-2010, 11:34 PM

It's CentOS 5.5 64-bit. Isn't this the same for most Linux distro?

AlucardZero · 08-28-2010, 08:38 AM

The two are not necessarily related.

Quote:

The generated key pairs also doesn't work

Get an `ssh -vv user@host` to the server and post it.

grob115 · 08-28-2010, 08:46 AM

I run badblocks twice just to increase the entropy level and generated the key pair again, yet failed again. This was going from my Physical Box A to my VM Box B.

I then tried generating the key pair on Physical Box C and put the public key on Physical Box A. I then ssh from Physical Box C to Physical Box A and it worked fine. This proves my procedure was correct.

Unfortunately the original key pair generated on VM Box B was removed. Nevertheless, I did "ssh -vv username@<VM Box B>" from Physical Box A, and I saw the following at the end:

Code:

debug1: Next authentication method: publickey
debug1: Trying private key: /home/backup/.ssh/identity
debug1: Trying private key: /home/backup/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /home/backup/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password

Is this hinting at something?

AlucardZero · 08-28-2010, 09:41 AM

Sorry, I wanted "-vvv" not "-vv".

Are ~/.ssh and all files in it on the client only readable and writable by you (chmod 0700)? Is PubkeyAuthentication set to yes in /etc/ssh/sshd_config on the server and have you restarted sshd?

grob115 · 08-28-2010, 09:56 AM

OMG! I can't believe this. It's that simple permission thing!
Initially I had this for .ssh
drwxrwxr-x 2 backup backup 4096 Aug 28 07:52 .

When I changed .ssh to the following it works!
drwx------ 2 backup backup 4096 Aug 28 07:52 .

Thanks!

AlucardZero · 08-28-2010, 11:33 AM

You're welcome.

By the way: http://catb.org/esr/faqs/smart-questions.html#symptoms