LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 12-27-2009, 05:29 PM   #1
Nokao
LQ Newbie
 
Registered: Dec 2009
Posts: 5

Rep: Reputation: 0
SSH no-password authentication: RSA Passphrase


Hi guys.

I'm trying to make work a login without password prompt.
I already did this in the past, with success.

But this time I'm being asked for a passphrase:
Enter passphrase for key '/home/nokao/id_rsa.pub':
even if at the key creation I pressed enter two times without entering a password.

I'm using this guide:
http://troy.jdmz.net/rsync/index.html

Who can help me to troubleshoot the problem?
I have nothing helpful on the logs.

Nokao

Last edited by Nokao; 12-27-2009 at 05:48 PM. Reason: previous link to the guide was on the local hard drive :D
 
Old 12-27-2009, 06:52 PM   #2
GooseYArd
Member
 
Registered: Jul 2009
Location: Reston, VA
Distribution: Slackware, Ubuntu, RHEL
Posts: 183

Rep: Reputation: 46
The .pub file contains the public half of the ssh identity, not the key, so you can't use it as an ssh identity.

It sounds like maybe when you set up .ssh/config, you used "id_dsa.pub" instead of "id_dsa" (or whatever extension ssh-keygen put on the private half of your identity).

If you didn't use ssh/config and you're using "ssh -i id_dsa.pub" or something like that, just remove the .pub extension.

The .pub file is only ever used to _identify_ a private, secret key. Its the other part that has the meat
 
Old 12-27-2009, 08:12 PM   #3
vrmartin2
Member
 
Registered: Dec 2009
Location: NE Ohio
Distribution: Open SUSE
Posts: 43

Rep: Reputation: 19
check permissions

Assuming you have your public/private keys set properly, make sure your .ssh directory is not writable by anyone but the owner. I think it can be readable, but play around with this. If this is not the issue, run ssh in verbose mode (one or more -v). You'll learn a lot.
 
Old 12-28-2009, 04:43 AM   #4
Nokao
LQ Newbie
 
Registered: Dec 2009
Posts: 5

Original Poster
Rep: Reputation: 0
How do I run ssh in verbose mode?

Do you mean the sshd on the server?

Or the local shell on the local pc?
 
Old 12-28-2009, 06:59 AM   #5
Nokao
LQ Newbie
 
Registered: Dec 2009
Posts: 5

Original Poster
Rep: Reputation: 0
I'm just making this:

ssh-keygen -t rsa -b 2048 -f rsa-key
scp rsa-key.pub USERNAME@remotehost:/home/USERNAME/.ssh/

And then trying to do a rsync like this:
rsync -azS -e "ssh -i /home/USERNAME/.ssh/rsa-key.pub" --backup --progress USERNAME@remotehost:/REMOTEPATH/ /LOCALPATH/
 
Old 12-28-2009, 07:11 AM   #6
vrmartin2
Member
 
Registered: Dec 2009
Location: NE Ohio
Distribution: Open SUSE
Posts: 43

Rep: Reputation: 19
Add -v to your ssh command. I don't have a pc in front of me so I'm going on memory. You can check the exact command syntax. But I believe you can add any number of -v so: ssh -v -v -v.
Did you check permissions on the .ssh dir on the target machine?
 
Old 12-28-2009, 08:29 AM   #7
Nokao
LQ Newbie
 
Registered: Dec 2009
Posts: 5

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by vrmartin2 View Post
Add -v to your ssh command. I don't have a pc in front of me so I'm going on memory. You can check the exact command syntax. But I believe you can add any number of -v so: ssh -v -v -v.
Did you check permissions on the .ssh dir on the target machine?
Thanks, now I have some feedback:
Code:
OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to REMOTEHOST [IP] port 22.
debug1: Connection established.
debug1: identity file /home/USERNAME/id_rsa.pub type 1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.1p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1.2
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 129/256
debug2: bits set: 535/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'REMOTEHOST' is known and matches the RSA host key.
debug1: Found key in /home/USERNAME/.ssh/known_hosts:1
debug2: bits set: 467/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/USERNAME/id_rsa.pub (0x7f3710e96dd0)
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/USERNAME/id_rsa.pub
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug2: input_userauth_pk_ok: fp 77:de:1a:55:e0:46:24:f2:ca:41:13:f8:4e:9d:1e:69
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/home/USERNAME/id_rsa.pub': 
rsync error: received SIGINT, SIGTERM, or SIGHUP (code 20) at rsync.c(541) [receiver=3.0.4]
what does it means: "PEM_read_PrivateKey failed" ?
 
Old 12-28-2009, 10:21 AM   #8
GooseYArd
Member
 
Registered: Jul 2009
Location: Reston, VA
Distribution: Slackware, Ubuntu, RHEL
Posts: 183

Rep: Reputation: 46
Quote:
Originally Posted by Nokao View Post

what does it means: "PEM_read_PrivateKey failed" ?
it means that the file ssh is trying to read is not a private key. .pub files are public identity halves, not private keys. Like I said, remove the .pub extension.
 
Old 12-28-2009, 11:17 AM   #9
Nokao
LQ Newbie
 
Registered: Dec 2009
Posts: 5

Original Poster
Rep: Reputation: 0
It's true, thank you.

I had to connect showing my private key not the public.

sorry
 
  


Reply

Tags
ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
passphrase authentication fails using rsa with OpenSSH 5.1p1 (Slackware 12.2) sysfce2 Linux - Newbie 16 11-01-2009 09:21 PM
OpenSSH: password vs rsa authentication, different behaviour on Windows hintze Linux - General 2 07-15-2008 09:54 AM
failed ssh RSA key authentication jdarren Linux - Networking 15 07-06-2008 11:25 AM
SSH without a password or passphrase Chocolate Linux - Networking 4 03-04-2007 03:59 AM
ssh RSA authentication changed? Moebius Linux - Networking 1 05-20-2006 08:05 PM


All times are GMT -5. The time now is 06:07 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration