Hi,

I configured Public key authentication with ssh . But every time when i try to connect it is prompting for password .

Can any one have any idea on this ?

testinst1.koel.co.in/apps12i]ssh -v oracle@testinst3.koel.co.in
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to testinst3.koel.co.in [10.1.1.151] port 22.
debug1: Connection established.
debug1: identity file /apps12i/.ssh/identity type -1
debug1: identity file /apps12i/.ssh/id_rsa type -1
debug1: identity file /apps12i/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'testinst3.koel.co.in' is known and matches the RSA host key.
debug1: Found key in /apps12i/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /apps12i/.ssh/identity
debug1: Trying private key: /apps12i/.ssh/id_rsa
debug1: Trying private key: /apps12i/.ssh/id_dsa
debug1: Next authentication method: password
oracle@testinst3.koel.co.in's password:

Regards

Bala

If your key is not id_rsa, try using the -i to explicitly name your private key so it doesn't rotate through all your keys in the .ssh and give up

Thanks for your reply .. i am not able to understand what you have suggested.

i have tried both dsa & rsa both are giving me same issues .

testinst1.koel.co.in/apps12i]ssh-keygen -i dsa
Too many arguments.
Usage: ssh-keygen [options]

Regards

Bala

Regards

Bala

By default, ssh uses the keys that are available in the .ssh folder in the current user's home folder (in a normal environment for a normal user that would be /home/<user>/.ssh). In order for this to work, you need several things:

a) your sshd on the remote side must be configured to allow publickey authentication. According to the debug output this is the case.
b) The public key that matches the private key on the local side must be present in the remote side's authorized_hosts file. This file is located in the .ssh folder located in the home folder of the account you want to log into. In your case this would be (probably) /home/oracle/.ssh/authorized_keys. This seems not to be the case here.

When you add the public key to the remote host's authorized_keys file, make sure there are no additional line feeds or newline characters in the key. You must also make sure that the key starts with the correct type identifier and finishes with the correct username/host identifier. If your key was generated using ssh_keygen, this should usually be the case, but there is no harm in checking.

Hi,

I have followed this document. http://pigtail.net/LRP/printsrv/keygen.html . i have did everything in this document but still the same problem .

Regards

Bala

Please check the logs on the ssh sever machine. You don't say what os it is running, but on a Debian based system you should look at /var/log/auth.log. If that does not reveal what the problem is please start the ssh server in debug mode: "sshd -d".

Cheers,

Evo2.

Please also check that your public key (id_rsa.pub) is actually present in testinst3.koel.co.in:/home/oracle/.ssh/authorized_keys.
I am not sure how the user "oracle" was created. You must make sure that the ".ssh/authorized_keys" path is present in that user's home folder. You can check where that is by typing
"getent passwd oracle<enter>" (on testinst3.koel.co.in). The result should look like this:

guest:x:1001:100:Guest User,,,,:/home/guest:/bin/bash

(this example is fort a guest user on one of my machines). The string between the second to last and the last colon is the home folder for that user. Not all users have their home folder in /home (especially if they are actually system users), and oracle sounds a little like the oracle system account. If this is the case it's probably not such a brilliant idea to log into it anyway. Rather use a normal user account and sudo/su to oracle.

Proper ssh key generation requires you to provide a passphrase for the key (that way it is not stored as clear text), and you will be required to provide that passphrase every time you log in using ssh key.
I saw that the page you linked advises you to create a ssh key without passphrase, but I don't recommend it.

If you generated an RSA key maybe you can post your /home/apps12i/.ssh/id_rsa, /home/apps12i/.ssh/id_rsa.pub and /home/oracle/.ssh/authorized_keys here (right after you changed those keys, of course :-)

This SSH guide is a good document on SSH.
Its not really a quick setup guide, but if you read through it you'll get a good understanding of everything.

SSH Definitive Guide from O'reilly
http://docstore.mik.ua/orelly/networ.../ssh/index.htm

Read though the /etc/ssh/sshd_config file. Look at the paragraph above the "UsePAM yes" line. It details the three variables you need to set to use PAM for session control but not authentication.

Just so you understand, the passphrase is used at the client, and not the server. It encodes your private key. If it is lost or stolen that will help protect the server.

You can use ssh-agent so that you only need to enter the passphrase once per session.
example:
eval $(ssh-agent)
ssh-add
<enter passphrase>

Now you can ssh into the server several times, or to several servers and not need to enter the passphrase anymore.

Your distro my have a way of configuring your login manager to request the passphrase when you log in.
Check /etc/X11/xdm/sys.session for the "usessh" line for example.

If you want one server to connect to another server as part of a cron job, and the server is unattended, then you are justified in not passphrase protecting the private key. If a client server is compromised, you will need to assume that the ssh servers it can connect to are compromised as well. Physical security will be important as well as network security.

Hi,

Thanks for your reply .. your update seems to be more related but i am not able to find these.

Check /etc/X11/xdm/sys.session for the "usessh" line for example.

Actually the reason why i am trying to Generate SSH Public Keys Authentication is , i need to communicate with two server interactively for Ex:-

I have two nodes (i.e Node1 & Node2)

I am doing some job in Node1 once this is completed successfully only then Node1 should invoke another Job in Node2 , after completing these two jobs on both the Nodes , i need to compare both logfiles from the both the Nodes.

This is my requirement.I hope i am clear .

Regards

Bala