LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 07-27-2009, 04:45 PM   #1
felix001
Member
 
Registered: Jan 2009
Posts: 101

Rep: Reputation: 15
SSH Key Pain


Im trying to set up ssh keys to allow me to auto the back up of somefiles with some shell scripts.
Ive hit some many problems SSH keys it is untrue... at present im trying to SSH into a Solaris Box from a Linux host.

Code:
debug1: Trying private key: /root/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
This was from no passphrase generated keys.... Any Ideas.. ??
 
Old 07-27-2009, 05:20 PM   #2
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983
Which version of SSH is installed on the Solaris Box?
 
Old 07-28-2009, 12:36 AM   #3
felix001
Member
 
Registered: Jan 2009
Posts: 101

Original Poster
Rep: Reputation: 15
Code:
# ssh -V
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
 
Old 07-28-2009, 01:33 AM   #4
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983
I had the same issue in the past trying to connecting from Linux to a Sun Solaris 5.8 Sparc. I solved using the -e option of ssh-keygen to create the key pair. What have you tried so far?
 
Old 08-02-2009, 04:54 AM   #5
felix001
Member
 
Registered: Jan 2009
Posts: 101

Original Poster
Rep: Reputation: 15
ive just tried the -e option but it hasnt seemed to help.
at the mo im trying to connect to a linux box from solaris.
So far I have,

created the keys on the linux box and coverted the public key using -e and outputed this to ~/.ssh/authorized_keys
I then copied the id_rsa to the linux box and gave them the required permissions.
I try to connect from the solaris box and it says
Code:
debug1: read PEM private key done: type RSA
But it still asks for a password ...
 
Old 08-02-2009, 05:06 AM   #6
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Look at the sshd_config on the Solaris server?

Code:
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
Since Sun invented PAM, and you are using openssh, I'm guessing this holds true for solaris as well. I'm guessing that one of these is still enabled.
 
Old 08-03-2009, 03:20 PM   #7
felix001
Member
 
Registered: Jan 2009
Posts: 101

Original Poster
Rep: Reputation: 15
Great I have the Solaris to Redhat Box sorted, now i need to resolve to the issues with connecting into another Linux box ...

I seem to get the following,

Code:
debug1: identity file /root/.ssh/identity type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
 
Old 08-04-2009, 12:03 PM   #8
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
The file named "identity" is what is used with ssh version 1. I'd recommend only allowing ssh v2 in /etc/ssh/sshd_config.

An ssh rsa private key starts with "-----BEGIN RSA PRIVATE KEY-----".

Unless you are using ssh for automated cron jobs, you shouldn't allow root logins.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
open-ssh vs. commercial ssh (tru64), public-key auth not possible? cf050 Linux - Networking 8 03-28-2012 11:15 AM
how to use ssh key knockout_artist Linux - Newbie 6 12-04-2007 05:13 PM
ssh key deployment lmcilwain Linux - Security 8 12-04-2006 07:19 AM
ssh using public key jkmartha Linux - Networking 1 05-04-2005 02:52 AM
ssh / ssh-key -- its always asking for passphrase BaerRS Linux - General 1 01-07-2003 06:21 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 01:04 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration