LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General > LinuxAnswers Discussion
User Name
Password
LinuxAnswers Discussion This forum is to discuss articles posted to LinuxAnswers.

Notices

Reply
 
Search this Thread
Old 12-15-2003, 09:09 PM   #1
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
Post DISCUSSION: Public key authentication with ssh


This thread is to discuss the article titled: Public key authentication with ssh
 
Old 12-22-2003, 01:06 AM   #2
teacup
Member
 
Registered: Mar 2003
Location: Rockford, Illinois
Distribution: Slackware Debian
Posts: 86

Rep: Reputation: 15
I followed the instructions and I still get prompted for a password.

Code:
pcurry@lisacomp:~/.ssh$ ssh -vv teacup
OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10, SSH protocols 1.5/2.0, OpenSSL 0x0090703f
debug1: Reading configuration data /home/pcurry/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug2: ssh_connect: needpriv 0
debug1: Connecting to teacup [192.168.0.2] port 22.
debug1: Connection established.
debug1: identity file /home/pcurry/.ssh/identity type -1
debug1: identity file /home/pcurry/.ssh/id_rsa type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/pcurry/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.7.1p2
debug1: match: OpenSSH_3.7.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 124/256
debug2: bits set: 1582/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'teacup' is known and matches the RSA host key.
debug1: Found key in /home/pcurry/.ssh/known_hosts:2
debug2: bits set: 1539/3191
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/pcurry/.ssh/identity
debug1: Trying private key: /home/pcurry/.ssh/id_rsa
debug1: Offering public key: /home/pcurry/.ssh/id_dsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
pcurry@teacup's password:
Code:
]Check that "~/.ssh/authorized_keys" exists on the server and contains a line the same as "~/.ssh/id_dsa.pub" on the client.
They are the same.
I can ssh without a password from slackware to debian, but I cannot do it from debian to slackware.

Last edited by XavierP; 09-06-2006 at 03:08 PM.
 
Old 01-22-2004, 02:10 AM   #3
blanny
Member
 
Registered: Dec 2002
Location: CA,USA
Distribution: RHCE in training :)
Posts: 57

Rep: Reputation: 15
Thank you for the tutorial. I found it extremely useful.
 
Old 06-10-2004, 01:17 AM   #4
yoowin
LQ Newbie
 
Registered: Jun 2004
Posts: 19

Rep: Reputation: 0
Question

A ssh login to B, it was successful.
B ssh login to A, secure connection refused.

By allowing/enabling port 22, what else could be blocking the SSH login?

Last edited by yoowin; 06-15-2004 at 02:38 AM.
 
Old 06-19-2004, 04:22 PM   #5
legolin
Member
 
Registered: Dec 2003
Location: munich
Distribution: Fedora Core 4
Posts: 141

Rep: Reputation: 15
i have the same problem as yoowlin,

from fedora to debian i can login without a password, but from debian to fedora it ask for pasrword... my ssh --v host ist the same as the one posted here...


thanks


leg
 
Old 06-22-2004, 01:19 AM   #6
yoowin
LQ Newbie
 
Registered: Jun 2004
Posts: 19

Rep: Reputation: 0
Apologize for any inconvinience caused.
I have posted twice the same issue, the thread is continued from here:
http://www.linuxquestions.org/questi...threadid=51930
 
Old 06-22-2004, 01:31 AM   #7
legolin
Member
 
Registered: Dec 2003
Location: munich
Distribution: Fedora Core 4
Posts: 141

Rep: Reputation: 15
now i have solve the problem. i jusst used rsa and renamed the file ~/.ssh/id_rsa.pub (or ~/.ssh/id_dsa.pub) in ~/.ssh/identity.pub and the file ~/.ssh/id_rsa in ~/.ssh/identity

now it works...

what is the difference between rsa and dsa? is dsa more secure?

thankx a lot for the discussion,


leg
 
Old 07-07-2004, 09:18 AM   #8
jgruss
LQ Newbie
 
Registered: Apr 2004
Location: miami, fl
Distribution: mac os x, suse pro & sbs 2000
Posts: 24

Rep: Reputation: 15
i am also having similar issue

I am using ssh from my ibook to connect to my Fedora 2 box on my home network. i am able to connect using the password but i cant get the keys to work. i having been trying to get this to work for more than 4 or 5 days now. Any help would be greatly appreciated. I would really like to get this working please help.

jason
 
Old 09-30-2004, 12:19 AM   #9
gointomexico
LQ Newbie
 
Registered: Sep 2004
Location: Texas
Distribution: Mandrake, Debian
Posts: 1

Rep: Reputation: 0
found a solution?

I had to do this for a class project. I found this information extreemly infomrative, and helpful, thanks!

I had the same problem trying to get mine to work. I did a chmod on the server: <chmod 600 authorized_keys>
and then it started working. no password required!

hope this helps.

P.S. This was a debian to debian connection following the steps outlined in the guide.
 
Old 01-08-2005, 03:24 PM   #10
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
I'm trying to use Putty on Windows to access my remote machines. How can I get this working? How can I present my public key (on Windows) to the remote server so it can check the key? I've been reading elsewhere how people are using the private key under the "Auth" section of Putty, but mine's not working. The screen blanks out before I can see what the error was.
 
Old 01-08-2005, 03:53 PM   #11
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
Nevermind... I got it. All I had to do was open the private key in PuttyGen and save it in Putty's own format. After that, it worked fine.
 
Old 02-22-2005, 02:28 AM   #12
uopjohnson
Member
 
Registered: Jun 2004
Location: San Francisco
Distribution: Slackware, Ubuntu, RHEL, OS X
Posts: 159

Rep: Reputation: 30
thanks gointomexico,
That is exactly what I needed.
david_ross,
Maybe this should be added to the article, I think the problem would only occur when the authorized_keys file has NOT been created automatically (as in FC3) Apparently if it is world readable then there can be no connection (though no usable error data is generated which is a pain in the ass). So just for safety sake you could tell everyone to chmod 600 their authorized_keys file.
 
Old 03-17-2005, 11:54 AM   #13
plakidin
LQ Newbie
 
Registered: Feb 2005
Posts: 1

Rep: Reputation: 0
For those who are still having problems: make sure that not only your "authorized_keys"/"authorized_keys2" files are not readable to world, but also that entire ".ssh" directory is not world-readable:
chmod 700 ~/.ssh
chmod 700 ~/.ssh/authorized_keys
 
Old 04-20-2005, 04:13 AM   #14
omlex
LQ Newbie
 
Registered: Jul 2003
Posts: 22

Rep: Reputation: 15
puttygen problem

pls. help.

I'm having problem with puttygen. Everytime i tried to login my Linux box is still asking me for my password. Here's what i did

1. Generated a public key from puttygen. I used ssh v2
2. Saved the private and public key in my Win2k desktop.
3. Copied the public key to my $HOME/.ssh/authorized_keys2 directory
4. Added the private key to puttgen for remote connection.

what else did i forget?
 
Old 06-21-2005, 09:19 AM   #15
atomicx
Member
 
Registered: Oct 2003
Posts: 48

Rep: Reputation: 15
I'm still not able to connect without a password.

Here is my debug notes when I run -vv

Code:
[trichard@testserv110 trichard]$ ssh -vv trichard@ftpserv111
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug2: ssh_connect: needpriv 0
debug1: Connecting to ftpserv111 [192.168.0.111] port 22.
debug1: Connection established.
debug1: identity file /home/trichard/.ssh/identity type -1
debug1: identity file /home/trichard/.ssh/id_rsa type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/trichard/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 127/256
debug2: bits set: 1623/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ftpserv111' is known and matches the RSA host key.
debug1: Found key in /home/trichard/.ssh/known_hosts:1
debug2: bits set: 1592/3191
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/trichard/.ssh/identity
debug1: Trying private key: /home/trichard/.ssh/id_rsa
debug1: Offering public key: /home/trichard/.ssh/id_dsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
trichard@ftpserv111's password:
I have checked and the ~/.ssh/authorized_keys" exists on the server and contains a line the same as "~/.ssh/id_dsa.pub"

Any one know how to solve this,

Thanks
Troy

Last edited by XavierP; 09-06-2006 at 03:09 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh public key authentication teacup Linux - Networking 4 11-27-2011 11:27 PM
ssh public key authentication problem flgal3 Linux - Software 21 02-06-2009 11:15 AM
SSH - Problem with Public Key Authentication HaPagan Linux - Security 5 11-28-2005 11:27 PM
ssh public key authentication to different remote home directory shawn_t Linux - Networking 2 03-20-2005 03:39 PM
SSH public/private key authentication with GnuPG keys? thinksincode Linux - Security 1 02-25-2005 02:33 PM


All times are GMT -5. The time now is 11:38 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration