LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 01-29-2004, 02:24 PM   #1
zepplin611
Member
 
Registered: Jan 2004
Distribution: AIX 4.3 RH 7,8,9 / Fedora C1/
Posts: 187

Rep: Reputation: 30
secure shell


Greetings,

I am having an issue with public-key generation between two machines.

Setup:

Machine A: ssh -V returns: ssh: SSH Secure Shell 3.2.5 (non-commercial version) on rs6000-ibm-aix4.3.2.0

Machine B: ssh -V returns: OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
machine B is running RH 9.0.

I wish to login to machine A from machine B w/o having to enter a password or pass-phrase.

I have created a key on Machine B via: ssh-keygen -t dsa and left the pass-phrase empty (i know this is not the highest of security, but I still want to figure out the problem here). The output from this is two files: id_dsa.pub & id_dsa . Now, I have copied and pasted the contents of id_dsa.pub into $HOME/.ssh on Machine A (into file: authorized_keys) and did a chmod 600 of that file.

Now when I am on Machine B: and I type ssh machine_A, I am STILL prompted for the password.

I tried looking a little deeper by typing: ssh -v -v machine_A I get:

$ ssh -v Machine A
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to Machine A [XXX.XXX.XX.XXX] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type -1
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: identity file /home/user/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version 3.2.5 SSH Secure Shell (non-commercial)
debug1: no match: 3.2.5 SSH Secure Shell (non-commercial)
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: dh_gen_key: priv key bits set: 130/256
debug1: bits set: 531/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'Machine A' is known and matches the DSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:3
debug1: bits set: 510/1024
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password
debug1: next auth method to try is publickey
debug1: try privkey: /home/user/.ssh/identity
debug1: try pubkey: /home/user/.ssh/id_rsa
debug1: authentications that can continue: publickey,password
debug1: try pubkey: /home/user/.ssh/id_dsa
debug1: authentications that can continue: publickey,password
debug1: next auth method to try is password
user@machine_A's password:


Does anyone know why I am not just logged in automatically???

Thanks,

zepplin611
 
Old 01-29-2004, 02:32 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
I have written a LinuxAnswer on this - it may be worth a look:
http://www.linuxquestions.org/questions/answers.php

You are likely to get slightly better debug info with:
ssh -vvv
 
Old 01-29-2004, 03:07 PM   #3
zepplin611
Member
 
Registered: Jan 2004
Distribution: AIX 4.3 RH 7,8,9 / Fedora C1/
Posts: 187

Original Poster
Rep: Reputation: 30
david,

Thanks for the link, but I had already looked at this and I am still having troubles.

here is the output from ssh -v -v

OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to supere [XXX.XXX.XX.XXX] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type -1
debug1: identity file /home/user/.ssh/id_rsa type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/user/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version 3.2.5 SSH Secure Shell (non-commercial)
debug1: no match: 3.2.5 SSH Secure Shell (non-commercial)
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,twofish128-cbc,cast128-cbc,twofish-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc,arcfour
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,twofish128-cbc,cast128-cbc,twofish-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc,arcfour
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: dh_gen_key: priv key bits set: 129/256
debug1: bits set: 523/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'Machine A' is known and matches the DSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:3
debug1: bits set: 538/1024
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password
debug1: next auth method to try is publickey
debug1: try privkey: /home/user/.ssh/identity
debug1: try privkey: /home/user/.ssh/id_rsa
debug1: try pubkey: /home/user/.ssh/id_dsa
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug1: next auth method to try is password
user@Machine A's password:

I looked into /etc/ssh2/sshd2_config and made sure that PublicKey authent was allowed (uncommented:
AllowedAuthentications publickey,password)


Can you decipher what is up?


Thanks a bunch for your time with this....
Zepplin611
 
Old 01-29-2004, 03:16 PM   #4
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
It just looks like the key is being rejected. Did you use scp as I mentioned in the LinuxAnswer? This eliminate a common problem of copying line breaks when you copy and paste.
 
Old 01-29-2004, 03:44 PM   #5
zepplin611
Member
 
Registered: Jan 2004
Distribution: AIX 4.3 RH 7,8,9 / Fedora C1/
Posts: 187

Original Poster
Rep: Reputation: 30
thanks for the help david...i found the issue.

I needed a $HOME/.ssh2/authorization file which lists the key used in the same directory...

all fixed!
 
Old 03-03-2004, 09:46 PM   #6
amony
LQ Newbie
 
Registered: Mar 2004
Location: China
Posts: 1

Rep: Reputation: 0
can you give a description in detail

I faced nearly the same problem with you,when I tried to setup my ssh for working for MPICH.

can you paste the content of the file authorization?

another question is why do you change your work directory to $HOME/.ssh2 ?
I noticed that you do all of things above in the directory of $HOME/.ssh.

any of your information will be very helpful for me.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VSFTPD with secure & non-secure logins Ricci Graham Linux - Software 5 04-07-2005 04:12 PM
remoste shell and secure shell suchi_s Programming 2 12-21-2004 06:31 AM
Secure email (SSL vs. secure authentication) jrdioko Linux - Newbie 2 11-28-2004 01:39 PM
which port does secure shell run on? naijaguy Linux - Newbie 1 08-12-2004 10:43 PM
Secure Shell & Cell Phone SR712 Linux - General 5 05-12-2004 10:38 AM


All times are GMT -5. The time now is 01:18 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration