LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-26-2004, 01:37 PM   #1
jdarren
LQ Newbie
 
Registered: Feb 2004
Location: Dothan, Alabama
Posts: 13

Rep: Reputation: 0
failed ssh RSA key authentication


I'm trying to establish rsa key authentication for ssh between 2 boxes as a test before I include more machines. After following procedure listed below, an ssh from local to remote box prompted for a password. After procedure, only files in local:$HOME/.ssh are identity and identity.pub. Only files in remote:$HOME/.ssh are known_hosts and authorized_keys.

> set up identically named accounts on both machines.

> ssh-keygen -t rsa1 on local box. entered null passphrase for test run. entered null passphrase again. ID saved in $HOME/.ssh/identity and public key saved in $HOME/.ssh/identity.pub

> since remote $HOME/.ssh/authorized_keys file did not exist, scp'ed local $HOME/.ssh/identity.pub to remote:$HOME/.ssh/authorized_keys

> chmod'ed remote:$HOME/.ssh/ directory to 755

> chmod'ed remote:$HOME/.ssh/authorized_keys file to 644

I tried an "ssh -vv" for verbosity and got this. Actually this is the tail end of the output. Can anyone decipher why the authentication fell apart? Is it that the public key on the remote machine is errant?

debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.sedebug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.sedebug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 118/256
debug2: bits set: 1584/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host n is known and matches the RSA host key.
debug1: Found key in ~/.ssh/known_hosts:1
debug2: bits set: 1586/3191
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug2: userauth_pubkey_agent: no keys at all
debug2: userauth_pubkey_agent: no more keys
debug2: userauth_pubkey_agent: no message sent
debug1: Trying private key: ~/.ssh/id_rsa
debug1: Trying private key: ~/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: password

Last edited by jdarren; 02-26-2004 at 04:33 PM.
 
Old 02-26-2004, 01:40 PM   #2
Nis
Member
 
Registered: Jul 2003
Location: Virginia
Distribution: Ubuntu Hoary (5.04)
Posts: 550

Rep: Reputation: 31
Not sure about the problem, but go Dothan, AL! I use to live there years ago. I remember fondly the peanut festival, the golden peanut, Ross Clarke Circle. Ahh, the memories. Never thought I'd see someone else from there.
 
Old 02-26-2004, 01:46 PM   #3
jdarren
LQ Newbie
 
Registered: Feb 2004
Location: Dothan, Alabama
Posts: 13

Original Poster
Rep: Reputation: 0
The Peanut Festival is still great. Traffic on the Circle is worse! How long since you left Dothan? Where are you in VA? I've spent a lot of time in the Norfolk, Newport News, Williamsburg area. I like that a lot.
 
Old 02-26-2004, 02:40 PM   #4
linuxnube
Member
 
Registered: Oct 2003
Location: US
Distribution: Fedora C1 & C2
Posts: 81

Rep: Reputation: 15
Here on my system, the authorization file is authorized_keys and permission is set to 400.

You could stop sshd and then start it with debug turned on like

sshd -d -d -d

and see what it reports when you try to connect.

Last edited by linuxnube; 02-26-2004 at 02:51 PM.
 
Old 02-26-2004, 02:46 PM   #5
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
jdarren, the remote file should be "authorized_keys" not users unless specified that way on the remote system config. You might want to take a look at:
http://www.linuxquestions.org/questi...ticle&artid=79
 
Old 02-27-2004, 09:52 AM   #6
linuxnube
Member
 
Registered: Oct 2003
Location: US
Distribution: Fedora C1 & C2
Posts: 81

Rep: Reputation: 15
jdarren,

When you edit a posting to the degree which you have done above, you loose the whole context in which the replies were made. As such, it is hard to determine if you, in fact, tried the suggestions that were made below it.

Have you?

Last edited by linuxnube; 02-27-2004 at 09:54 AM.
 
Old 02-27-2004, 02:50 PM   #7
jdarren
LQ Newbie
 
Registered: Feb 2004
Location: Dothan, Alabama
Posts: 13

Original Poster
Rep: Reputation: 0
tried suggestions

Yeah, that edit confused things a bit.

The 2 suggestions to rename ~/.ssh/authorized_users to authorized_keys were dead-on valid, but the problem persists.

I worked through the help topic posted by david_ross, but the problem persists.

I'm currently pulled away on another aspect of the task, but will return. Thanks for the help, guys.
 
Old 02-27-2004, 02:54 PM   #8
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
Try checking the file and directory permissions.
 
Old 03-02-2004, 09:11 AM   #9
jdarren
LQ Newbie
 
Registered: Feb 2004
Location: Dothan, Alabama
Posts: 13

Original Poster
Rep: Reputation: 0
file and directory permissions

On local machine, permissions are:

~/.ssh/ = drwx------

~/.ssh/identity = -rw-------
~/.ssh/identity.pub = -rw-r-----
~/.ssh/known_hosts = -rw-r----

On remote machine, permissions are:

~/.ssh/ = drwxr-xr-x

~/.ssh/authorized keys = -rw-r--r--
~/.ssh/known_hosts = -rw-r--r--

Anyone see problems?
 
Old 03-02-2004, 04:55 PM   #10
linuxnube
Member
 
Registered: Oct 2003
Location: US
Distribution: Fedora C1 & C2
Posts: 81

Rep: Reputation: 15
As I said above, your permissions on the authorized_keys file need to be 400 as in: -r--------

I think if you would have followed the "sshd -d -d -d" advice above, it will tell you that.
 
Old 03-03-2004, 08:17 AM   #11
jdarren
LQ Newbie
 
Registered: Feb 2004
Location: Dothan, Alabama
Posts: 13

Original Poster
Rep: Reputation: 0
Permissions on authorized_keys of 400 does not do the trick. I also tried permissions set at other levels as suggested in various procedures I found for ssh. Still no luck.
 
Old 03-04-2004, 09:56 AM   #12
linuxnube
Member
 
Registered: Oct 2003
Location: US
Distribution: Fedora C1 & C2
Posts: 81

Rep: Reputation: 15
Post the information that comes from sshd -d -d -d when you try to connect.
 
Old 01-05-2005, 08:01 PM   #13
scylla
LQ Newbie
 
Registered: Oct 2004
Posts: 16

Rep: Reputation: 0
Check permissions of your home directory too.

If they are set too loosely ssh will not let you in.
 
Old 02-15-2008, 06:08 PM   #14
leonabelmann
LQ Newbie
 
Registered: Feb 2008
Posts: 1

Rep: Reputation: 0
Confirmed

Quote:
Originally Posted by scylla View Post
Check permissions of your home directory too.

If they are set too loosely ssh will not let you in.
In my case the permissions of my home directory were set too loosely, setting to drwxr-xr-x solved the problem. Thanks.
 
Old 02-15-2008, 06:55 PM   #15
jstu
Member
 
Registered: Jan 2002
Distribution: slackware
Posts: 193

Rep: Reputation: 30
Also, maybe post your /etc/ssh/sshd_config
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh public key authentication teacup Linux - Networking 4 11-28-2011 12:27 AM
SSH - Problem with Public Key Authentication HaPagan Linux - Security 5 11-29-2005 12:27 AM
Step-by-step instructions setting up RSA Authentication for SSH? houler Linux - Security 16 04-27-2005 08:08 AM
ssh rsa key changed after upgrade itsjustme Linux - General 11 11-06-2003 10:12 AM
ssh RSA key thanat0s Linux - Security 3 09-29-2003 10:51 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration