LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   SSH - trouble authenticating private/public key (https://www.linuxquestions.org/questions/linux-networking-3/ssh-trouble-authenticating-private-public-key-521926/)

Micro420 01-23-2007 12:32 AM
SSH - trouble authenticating private/public key
 
I can't figure this out on my Ubuntu system as I have successfully done this on SuSE 10.2, but I created a private/public key and sent the public key to the remote computer. When I try to SSH in, it still asks me for my password.

1) I did rename id_rsa.pub to authorized_keys on the remote computer
2) I did make sure that
Code:
RSAAuthentication yes
PubKeyAuthentication yes
AuthorizedKeysFiles %h/.ssh/authorized_keys
So why won't it authenticate my keys and let me in without a password?

gilead 01-23-2007 12:42 AM
You shouldn't need the RSAAuthentication entry since it defaults to yes and only applies to protocol version 1 anyway. Can you try to connect with the following command line (change the username and host to your values)?
Code:
ssh -vvv username@hostname

Micro420 01-23-2007 12:50 AM
Those "missing whitespace" doesn't look good. I did not format or alter the keys at all.

Code:
OpenSSH_4.3p2 Debian-5ubuntu1, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /home/ken/.ssh/identity type -1
debug3: Not a RSA1 key file /home/ken/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/ken/.ssh/id_rsa type 1
debug1: identity file /home/ken/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2p1 Debian-7ubuntu3.1
debug1: match: OpenSSH_4.2p1 Debian-7ubuntu3.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-5ubuntu1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 126/256
debug2: bits set: 488/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/ken/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug3: check_host_in_hostfile: filename /home/ken/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'ucb' is known and matches the RSA host key.
debug1: Found key in /home/ken/.ssh/known_hosts:2
debug2: bits set: 543/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/ken/.ssh/identity ((nil))
debug2: key: /home/ken/.ssh/id_rsa (0x8097470)
debug2: key: /home/ken/.ssh/id_dsa ((nil))
debug3: input_userauth_banner

gilead 01-23-2007 01:09 AM
I get the same "missing whitespace" stuff here - it doesn't seem to cause any problems. My output is similar to yours up to the end. Where you have debug3: input_userauth_banner I have the following:
Code:
debug1: Authentications that can continue: publickey,keyboard-interactive
debug3: start over, passed a different list publickey,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/steve/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug2: input_userauth_pk_ok: fp xx:a8:9b:c8:75:ae:d1:7e:56:e8:1e:65:fc:xx:xx:xx
debug3: sign_and_send_pubkey
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/home/steve/.ssh/id_rsa':
If it helps, the only entries in my /etc/ssh/sshd_config that aren't commented (ie are at default settings) are:
Code:
Port 22
Protocol 2
AllowUsers steve
PermitRootLogin no
PasswordAuthentication no
X11Forwarding yes
Subsystem      sftp    /usr/libexec/sftp-server
Also, here are my client config files permissions:
Code:
$ ls -ld .ssh
drwx------ 2 steve steve 4096 2006-10-08 21:52 .ssh/
$ ls -Al .ssh
total 16
lrwxrwxrwx 1 steve steve  10 2006-10-08 12:55 authorized_keys -> id_rsa.pub
-rw------- 1 steve steve 951 2006-01-05 02:23 id_rsa
-rw-r----- 1 steve steve 244 2006-01-05 02:23 id_rsa.pub
-rw-r----- 1 steve steve 643 2006-11-08 11:12 known_hosts

Micro420 01-23-2007 10:52 AM
I went into my /var/log/auth.log and found this:
Code:
Authentication refused: bad ownership or modes for directory /home/ken/.ssh
I changed .ssh permission from 755 on the remote computer to 700 and that solved the trick! I guess it's a security feature. Thanks for posting the file permissions, gilead!

gilead 01-23-2007 01:08 PM
That's good news - I'm glad it's working :)


All times are GMT -5. The time now is 10:04 PM.