ssh client works on all but one machine
Hi, i have RHEL 4 U7 installed on 4 machines, with approximately same configuration. yesterday i was trying to set up public key authentication for ssh on them to be able to run some automated jobs but i had a problem with one particular machine: when used as an ssh client to access the other 3, it kept prompting for a password. the configuration worked on the other 3, they can be accessed from each other with no problem. they can also access machine 1 - the one that has the ssh client problem - too with public key authentication.
when i run ssh -vv on machine one i get the following output : Code:
[orausr@atsrvnode1 .ssh]$ ssh -vv -o GSSAPIAuthentication=no asyusr@10.16.10.228 Code:
# $OpenBSD: ssh_config,v 1.19 2003/08/13 08:46:31 markus Exp $ thank you |
Hi,
You posted the ssh_client content, I do believe the problem might be in one of the settings in the sshd_config file and not the ssh_config file. First option that comes to mind: PubkeyAuthentication (should be yes) and AuthorizedKeysFile (probably .ssh/authorized_keys.). Another thing that comes to mind: Is the created key (the one created on machine 1 and added to the authorized_keys files on the other machines) correct? Hope this helps. |
I had a problem like this once. On one of the machines I had put .ssh/authorised_keys instead of .ssh/authorized_keys.
Worth checking, just in case :) |
It is also worth checking the permissions on the authorized_keys file - I believe that authentication will fail if "group" or "other" have write permissions to this file.
|
@djsmiley2k and Robhogg:
I doubt if that is the problem, the other 3 machines can connect to each other which shows that the spelling and permissions of files are correct on those 3. Hope this clears things up |
Quote:
i haven't touched sshd_config, i assumed public key authentication would be enabled by default. as for AuthorizedKeysFile, isn't it safer to leave it to ~/.ssh/authorized_keys as opposed to a file in a path relative .ssh directory? anyway for what it's worth, i mangled with the sshd_config on one of the 3 other machines where it works and i tried to connect again with no luck but as you said in your latter post it's irrelevant since these machines can be successfully accessed from each other. unless you meant sshd_config of machine 1, highly unlikely that it's related but if so please elaborate. Quote:
Code:
ssh-keygen -t dsa Code:
ssh-keygen -t rsa |
Quote:
Code:
ls -ld .ssh Code:
ls -l .ssh |
Hi,
Quote:
Quote:
Did you compare all 4 /etc/ssh/sshd_config files, they should basically be the same. Depending on how you set things up the ListenAddress and/or AllowUsers could be different, the rest is the same. Quote:
I notice you created a rsa and a dsa key. To simplify things, use one of them, not both (and never use rsa1). Hope this helps. BTW: The permissions in post #7 are correct. |
Quote:
Quote:
thank you so much for your input, if you got other ideas i'll be more than happy to check and try mine are exhausted. |
Hi again,
All the checks I talked about are meant for machine 1. The other 3, which seem to work, could be taken as a reference. The example output you posted shows that the public key is offered by machine 1 but isn't accepted by the server (either of the 3 other machines): Quote:
Quote:
Another thing that just came to mind: Do you see anything in the logfiles about this (check both machine 1 and the other machine you try to connect to). There could be indicators why this doesn't work. Not much to go on, but maybe it helps. |
sshd_config files were different between machine 1 and other machines, so i changed that of machine one to have identical files but still no luck. and on the sshd server log running with full debug mode, there's nothing as well..
i even reinstalled the machine 1 server but still same problem ! openssh version is the same on all machines, nevertheless i will upgrade it and see what happens |
Hi,
Quote:
About the log files: Also have a look at the other logfiles, maybe they show something (the culprit might not be ssh itself). Hope this helps. |
Quote:
well the only difference is that on the other machine, PubkeyAuthentication was explicitly set to yes so i set it also in sshd_config of server 1, restarted but didn't solve the problem. i don't see how changing the shd_config file on a server could affect the ssh client from that server. any idea what other deamons,services,programs might affect it? |
update:
i upgraded all the openssh packages on machine 1 to the latest from redhat, still no luck. previously i had openssh-3.9p1-9.el4, openssh-server-3.9p1-9.el4, openssh-clients-3.9p1-9.el4, openssl-0.9.7a-43.17.el4_6.1 i upgraded them, along with the dependencies to openssh-3.9p1-11.el4_7, openssh-3.9p1-11.el4_7, openssh-server-3.9p1-11.el4_7, openssh-clients-3.9p1-11.el4_7, openssl-0.9.7a-43.17.el4_8.5 the weird thing is that even after upgrading, when i run ssh -V it says OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 thanks |
Hi,
That still leaves my other question (post #12): Also have a look at the other logfiles, maybe they show something (the culprit might not be ssh itself). Do look on both machine 1 and the one you try to connect to. |
All times are GMT -5. The time now is 10:30 AM. |