Hi Team,

I have been asked to install the public key. I have done it in the authorized keys under the folder .ssh and given the necessary permissions. But still the other server is prompting for password.

I have suggested them to use ssh -v options and here is the output. NOt sure what is the issue. kindly suggest.

OpenSSH_3.7.1p2-pwexp26_krb5, SSH protocols 1.5/2.0, OpenSSL 0.9.6m 17 Mar 2004

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): A file or directory in the path name does not exist.



debug1: Error loading Kerberos, disabling Kerberos auth.

debug2: ssh_connect: needpriv 0

debug1: Connecting to sftp.xxxxx [xxx.xxx.xxx.xxx] port 22.

debug1: Connection established.

debug1: identity file /home/ivr/.ssh/id_rsa type -1

debug1: identity file /home/ivr/.ssh/id_dsa type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2

debug1: match: OpenSSH_6.2 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2-pwexp26_krb5

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib

debug2: kex_parse_kexinit: none,zlib

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ssh-dss

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-e...60@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-e...60@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: mac_init: found hmac-md5

debug1: kex: server->client aes128-cbc hmac-md5 none

debug2: mac_init: found hmac-md5

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug2: dh_gen_key: priv key bits set: 129/256

debug2: bits set: 996/2048

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug3: check_host_in_hostfile: filename /home/ivr/.ssh/known_hosts

debug3: check_host_in_hostfile: match line 1

debug3: check_host_in_hostfile: filename /home/ivr/.ssh/known_hosts

debug3: check_host_in_hostfile: match line 1

debug1: Host 'sftp.xxxxxx' is known and matches the RSA host key.

debug1: Found key in /home/ivr/.ssh/known_hosts:1

debug2: bits set: 1033/2048

debug1: ssh_rsa_verify: signature correct

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug2: key: /home/ivr/.ssh/id_rsa (0)

debug2: key: /home/ivr/.ssh/id_dsa (0)

debug3: input_userauth_banner

AVERTISSEMENT



LES PROGRAMMES ET LES DONNEES STOCKES DANS CE SYSTEME SONT VISES PAR UNE

LICENCE OU SONT PROPRIETE PRIVEE DE CETTE COMPAGNIE ET ILS NE SONT ACCESSIBLES

LEGALEMENT QU'AUX USAGERS AUTORISES A DES FINS AUTORISEES. IL EST INTERDIT D'Y

ACCEDER SANS AUTORISATION, ET TOUT ACCES NON AUTORISE AU DELA DE CE POINT PEUT

ENTRAINER DES POURSUITES. LE SYSTEME PEUT EN TOUT TEMPS FAIRE L'OBJET D'UNE

SURVEILLANCE. SI VOUS N'ETES PAS UN USAGER AUTORISE, N'ESSAYEZ PAS D'Y ACCEDER.



WARNING



THE PROGRAMS AND DATA STORED ON THIS SYSTEM ARE LICENSED TO OR ARE PRIVATE

PROPERTY OF THIS COMPANY AND ARE LAWFULLY AVAILABLE ONLY TO AUTHORIZED USERS

FOR APPROVED PURPOSES. UNAUTHORIZED ACCESS TO ANY PROGRAM OR DATA ON THIS

SYSTEM IN NOT PERMITTED, AND ANY UNAUTHORIZED ACCESS BEYOND THIS POINT MAY LEAD

TO PROSECUTION. THIS SYSTEM MAY BE MONITORED AT ANY TIME FOR OPERATIONAL

REASONS. THEREFORE, IF YOU ARE NOT AN AUTHORIZED USER, DO NOT ATTEMPT TO LOG Odebug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive

debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Trying private key: /home/ivr/.ssh/id_rsa

debug3: no such identity: /home/ivr/.ssh/id_rsa

debug1: Trying private key: /home/ivr/.ssh/id_dsa

debug3: no such identity: /home/ivr/.ssh/id_dsa

debug2: we did not send a packet, disable method

debug3: authmethod_lookup keyboard-interactive

debug3: remaining preferred: password

debug3: authmethod_is_enabled keyboard-interactive

debug1: Next authentication method: keyboard-interactive

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug2: input_userauth_info_req

debug2: input_userauth_info_req: num_prompts 1

Password:

You probably have to go back a few steps. You can generate the key pair and copy the public key to the remote server into authorized_keys.

However, the heart of the problem is this:
If the rest of that server's operating system is as old as that, then you need to back up your data (and some configurations) and replace it from scratch with something supported. OpenSSH 3.7p is from 2003 or so. It is most unlikely that security patches have been manually back-ported by your staff and applied to that old daemon. Same goes for the OS it is running on. Pull the network cable on that box.

You also don't appear to have set up the private key in a place where ssh can pick it up or specifying the path to the private key file on the command line.

There are several concerns here:

SSHD is telling you the names of all the files it is looking for – and, it found none of them. You must be sure that the directory actually exists and that it has rwx------ ("700") permissions. "There's your problem." Review in the documentation what the specified files are supposed to contain and how the authentication process uses them.

Secondly, notice how it is dropping down from the most-secure method ("publickey") right on through to "password."

When you get public-key authentication working, I suggest that you should then disable the other alternatives. "Either you possess a valid key, or you simply cannot get in at all."