Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
02-26-2004, 01:37 PM
|
#1
|
LQ Newbie
Registered: Feb 2004
Location: Dothan, Alabama
Posts: 13
Rep:
|
failed ssh RSA key authentication
I'm trying to establish rsa key authentication for ssh between 2 boxes as a test before I include more machines. After following procedure listed below, an ssh from local to remote box prompted for a password. After procedure, only files in local:$HOME/.ssh are identity and identity.pub. Only files in remote:$HOME/.ssh are known_hosts and authorized_keys.
> set up identically named accounts on both machines.
> ssh-keygen -t rsa1 on local box. entered null passphrase for test run. entered null passphrase again. ID saved in $HOME/.ssh/identity and public key saved in $HOME/.ssh/identity.pub
> since remote $HOME/.ssh/authorized_keys file did not exist, scp'ed local $HOME/.ssh/identity.pub to remote:$HOME/.ssh/authorized_keys
> chmod'ed remote:$HOME/.ssh/ directory to 755
> chmod'ed remote:$HOME/.ssh/authorized_keys file to 644
I tried an "ssh -vv" for verbosity and got this. Actually this is the tail end of the output. Can anyone decipher why the authentication fell apart? Is it that the public key on the remote machine is errant?
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.sedebug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.sedebug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 118/256
debug2: bits set: 1584/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host n is known and matches the RSA host key.
debug1: Found key in ~/.ssh/known_hosts:1
debug2: bits set: 1586/3191
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug2: userauth_pubkey_agent: no keys at all
debug2: userauth_pubkey_agent: no more keys
debug2: userauth_pubkey_agent: no message sent
debug1: Trying private key: ~/.ssh/id_rsa
debug1: Trying private key: ~/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
Last edited by jdarren; 02-26-2004 at 04:33 PM.
|
|
|
02-26-2004, 01:40 PM
|
#2
|
Member
Registered: Jul 2003
Location: Virginia
Distribution: Ubuntu Hoary (5.04)
Posts: 550
Rep:
|
Not sure about the problem, but go Dothan, AL! I use to live there years ago. I remember fondly the peanut festival, the golden peanut, Ross Clarke Circle. Ahh, the memories. Never thought I'd see someone else from there.
|
|
|
02-26-2004, 01:46 PM
|
#3
|
LQ Newbie
Registered: Feb 2004
Location: Dothan, Alabama
Posts: 13
Original Poster
Rep:
|
The Peanut Festival is still great. Traffic on the Circle is worse! How long since you left Dothan? Where are you in VA? I've spent a lot of time in the Norfolk, Newport News, Williamsburg area. I like that a lot.
|
|
|
02-26-2004, 02:40 PM
|
#4
|
Member
Registered: Oct 2003
Location: US
Distribution: Fedora C1 & C2
Posts: 81
Rep:
|
Here on my system, the authorization file is authorized_keys and permission is set to 400.
You could stop sshd and then start it with debug turned on like
sshd -d -d -d
and see what it reports when you try to connect.
Last edited by linuxnube; 02-26-2004 at 02:51 PM.
|
|
|
02-26-2004, 02:46 PM
|
#5
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
jdarren, the remote file should be "authorized_keys" not users unless specified that way on the remote system config. You might want to take a look at:
http://www.linuxquestions.org/questi...ticle&artid=79
|
|
|
02-27-2004, 09:52 AM
|
#6
|
Member
Registered: Oct 2003
Location: US
Distribution: Fedora C1 & C2
Posts: 81
Rep:
|
jdarren,
When you edit a posting to the degree which you have done above, you loose the whole context in which the replies were made. As such, it is hard to determine if you, in fact, tried the suggestions that were made below it.
Have you?
Last edited by linuxnube; 02-27-2004 at 09:54 AM.
|
|
|
02-27-2004, 02:50 PM
|
#7
|
LQ Newbie
Registered: Feb 2004
Location: Dothan, Alabama
Posts: 13
Original Poster
Rep:
|
tried suggestions
Yeah, that edit confused things a bit.
The 2 suggestions to rename ~/.ssh/authorized_users to authorized_keys were dead-on valid, but the problem persists.
I worked through the help topic posted by david_ross, but the problem persists.
I'm currently pulled away on another aspect of the task, but will return. Thanks for the help, guys.
|
|
|
02-27-2004, 02:54 PM
|
#8
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
Try checking the file and directory permissions.
|
|
|
03-02-2004, 09:11 AM
|
#9
|
LQ Newbie
Registered: Feb 2004
Location: Dothan, Alabama
Posts: 13
Original Poster
Rep:
|
file and directory permissions
On local machine, permissions are:
~/.ssh/ = drwx------
~/.ssh/identity = -rw-------
~/.ssh/identity.pub = -rw-r-----
~/.ssh/known_hosts = -rw-r----
On remote machine, permissions are:
~/.ssh/ = drwxr-xr-x
~/.ssh/authorized keys = -rw-r--r--
~/.ssh/known_hosts = -rw-r--r--
Anyone see problems?
|
|
|
03-02-2004, 04:55 PM
|
#10
|
Member
Registered: Oct 2003
Location: US
Distribution: Fedora C1 & C2
Posts: 81
Rep:
|
As I said above, your permissions on the authorized_keys file need to be 400 as in: -r--------
I think if you would have followed the "sshd -d -d -d" advice above, it will tell you that.
|
|
|
03-03-2004, 08:17 AM
|
#11
|
LQ Newbie
Registered: Feb 2004
Location: Dothan, Alabama
Posts: 13
Original Poster
Rep:
|
Permissions on authorized_keys of 400 does not do the trick. I also tried permissions set at other levels as suggested in various procedures I found for ssh. Still no luck.
|
|
|
03-04-2004, 09:56 AM
|
#12
|
Member
Registered: Oct 2003
Location: US
Distribution: Fedora C1 & C2
Posts: 81
Rep:
|
Post the information that comes from sshd -d -d -d when you try to connect.
|
|
|
01-05-2005, 08:01 PM
|
#13
|
LQ Newbie
Registered: Oct 2004
Posts: 16
Rep:
|
Check permissions of your home directory too.
If they are set too loosely ssh will not let you in.
|
|
|
02-15-2008, 06:08 PM
|
#14
|
LQ Newbie
Registered: Feb 2008
Posts: 1
Rep:
|
Confirmed
Quote:
Originally Posted by scylla
Check permissions of your home directory too.
If they are set too loosely ssh will not let you in.
|
In my case the permissions of my home directory were set too loosely, setting to drwxr-xr-x solved the problem. Thanks.
|
|
|
02-15-2008, 06:55 PM
|
#15
|
Member
Registered: Jan 2002
Distribution: slackware
Posts: 193
Rep:
|
Also, maybe post your /etc/ssh/sshd_config
|
|
|
All times are GMT -5. The time now is 01:06 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|