LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   LinuxAnswers Discussion (http://www.linuxquestions.org/questions/linuxanswers-discussion-27/)
-   -   DISCUSSION: Public key authentication with ssh (http://www.linuxquestions.org/questions/linuxanswers-discussion-27/discussion-public-key-authentication-with-ssh-126202/)

david_ross 12-15-2003 09:09 PM

DISCUSSION: Public key authentication with ssh
 
This thread is to discuss the article titled: Public key authentication with ssh

teacup 12-22-2003 01:06 AM

I followed the instructions and I still get prompted for a password.

Code:

pcurry@lisacomp:~/.ssh$ ssh -vv teacup
OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10, SSH protocols 1.5/2.0, OpenSSL 0x0090703f
debug1: Reading configuration data /home/pcurry/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug2: ssh_connect: needpriv 0
debug1: Connecting to teacup [192.168.0.2] port 22.
debug1: Connection established.
debug1: identity file /home/pcurry/.ssh/identity type -1
debug1: identity file /home/pcurry/.ssh/id_rsa type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/pcurry/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.7.1p2
debug1: match: OpenSSH_3.7.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 124/256
debug2: bits set: 1582/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'teacup' is known and matches the RSA host key.
debug1: Found key in /home/pcurry/.ssh/known_hosts:2
debug2: bits set: 1539/3191
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/pcurry/.ssh/identity
debug1: Trying private key: /home/pcurry/.ssh/id_rsa
debug1: Offering public key: /home/pcurry/.ssh/id_dsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
pcurry@teacup's password:

Code:

]Check that "~/.ssh/authorized_keys" exists on the server and contains a line the same as "~/.ssh/id_dsa.pub" on the client.
They are the same.
I can ssh without a password from slackware to debian, but I cannot do it from debian to slackware.

blanny 01-22-2004 02:10 AM

Thank you for the tutorial. I found it extremely useful.

yoowin 06-10-2004 01:17 AM

A ssh login to B, it was successful.
B ssh login to A, secure connection refused.

By allowing/enabling port 22, what else could be blocking the SSH login?

legolin 06-19-2004 04:22 PM

i have the same problem as yoowlin,

from fedora to debian i can login without a password, but from debian to fedora it ask for pasrword... my ssh --v host ist the same as the one posted here...


thanks


leg

yoowin 06-22-2004 01:19 AM

Apologize for any inconvinience caused.
I have posted twice the same issue, the thread is continued from here:
http://www.linuxquestions.org/questi...threadid=51930

legolin 06-22-2004 01:31 AM

now i have solve the problem. i jusst used rsa and renamed the file ~/.ssh/id_rsa.pub (or ~/.ssh/id_dsa.pub) in ~/.ssh/identity.pub and the file ~/.ssh/id_rsa in ~/.ssh/identity

now it works...

what is the difference between rsa and dsa? is dsa more secure?

thankx a lot for the discussion,


leg

jgruss 07-07-2004 09:18 AM

i am also having similar issue
 
I am using ssh from my ibook to connect to my Fedora 2 box on my home network. i am able to connect using the password but i cant get the keys to work. i having been trying to get this to work for more than 4 or 5 days now. Any help would be greatly appreciated. I would really like to get this working please help.

jason

gointomexico 09-30-2004 12:19 AM

found a solution?
 
I had to do this for a class project. I found this information extreemly infomrative, and helpful, thanks!

I had the same problem trying to get mine to work. I did a chmod on the server: <chmod 600 authorized_keys>
and then it started working. no password required!

hope this helps.

P.S. This was a debian to debian connection following the steps outlined in the guide.

Donboy 01-08-2005 03:24 PM

I'm trying to use Putty on Windows to access my remote machines. How can I get this working? How can I present my public key (on Windows) to the remote server so it can check the key? I've been reading elsewhere how people are using the private key under the "Auth" section of Putty, but mine's not working. The screen blanks out before I can see what the error was.

Donboy 01-08-2005 03:53 PM

Nevermind... I got it. All I had to do was open the private key in PuttyGen and save it in Putty's own format. After that, it worked fine.

uopjohnson 02-22-2005 02:28 AM

thanks gointomexico,
That is exactly what I needed.
david_ross,
Maybe this should be added to the article, I think the problem would only occur when the authorized_keys file has NOT been created automatically (as in FC3) Apparently if it is world readable then there can be no connection (though no usable error data is generated which is a pain in the ass). So just for safety sake you could tell everyone to chmod 600 their authorized_keys file.

plakidin 03-17-2005 11:54 AM

For those who are still having problems: make sure that not only your "authorized_keys"/"authorized_keys2" files are not readable to world, but also that entire ".ssh" directory is not world-readable:
chmod 700 ~/.ssh
chmod 700 ~/.ssh/authorized_keys

omlex 04-20-2005 04:13 AM

puttygen problem
 
pls. help.

I'm having problem with puttygen. Everytime i tried to login my Linux box is still asking me for my password. Here's what i did

1. Generated a public key from puttygen. I used ssh v2
2. Saved the private and public key in my Win2k desktop.
3. Copied the public key to my $HOME/.ssh/authorized_keys2 directory
4. Added the private key to puttgen for remote connection.

what else did i forget?

atomicx 06-21-2005 09:19 AM

I'm still not able to connect without a password.

Here is my debug notes when I run -vv

Code:

[trichard@testserv110 trichard]$ ssh -vv trichard@ftpserv111
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug2: ssh_connect: needpriv 0
debug1: Connecting to ftpserv111 [192.168.0.111] port 22.
debug1: Connection established.
debug1: identity file /home/trichard/.ssh/identity type -1
debug1: identity file /home/trichard/.ssh/id_rsa type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/trichard/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 127/256
debug2: bits set: 1623/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ftpserv111' is known and matches the RSA host key.
debug1: Found key in /home/trichard/.ssh/known_hosts:1
debug2: bits set: 1592/3191
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/trichard/.ssh/identity
debug1: Trying private key: /home/trichard/.ssh/id_rsa
debug1: Offering public key: /home/trichard/.ssh/id_dsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
trichard@ftpserv111's password:

I have checked and the ~/.ssh/authorized_keys" exists on the server and contains a line the same as "~/.ssh/id_dsa.pub"

Any one know how to solve this,

Thanks
Troy


All times are GMT -5. The time now is 01:37 PM.