LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-07-2009, 12:05 AM   #1
parf
Member
 
Registered: Nov 2007
Distribution: debian
Posts: 39

Rep: Reputation: 15
Debian Etch SSH rsa authentication problem


Hi everyone,


I have this strange problem trying to ssh from a debian etch to a debian lenny ( also to an ubuntu hardy heron ) via rsa public key

I have successfully connected via ssh from lenny to hardy and vice versa.
and using the same method, i have failed to authenticate from etch , with both attempts to lenny / hardy


I have not been able to find a similar situation through googling...

( note : i was able to connect via ssh from the debian etch to lenny via password )






Regards,
 
Old 12-07-2009, 01:36 AM   #2
di11rod
Member
 
Registered: Jan 2004
Location: Austin, TEXAS
Distribution: CentOS 6.5
Posts: 211

Rep: Reputation: 32
You're going to need to copy-and-paste the transaction so we can see the error messages, etc.

You really haven't given us any details to work with here.
 
Old 12-07-2009, 02:41 AM   #3
parf
Member
 
Registered: Nov 2007
Distribution: debian
Posts: 39

Original Poster
Rep: Reputation: 15
yes, you're right sorry, i'll have to fetch it.

i jumped into an assumption that someone else might have a similar experience.
 
Old 12-15-2009, 01:03 AM   #4
parf
Member
 
Registered: Nov 2007
Distribution: debian
Posts: 39

Original Poster
Rep: Reputation: 15
took a while,

but i did extra tests in the meantime

to outline what i have :
ubuntu hardy heron ssh-server
debian lenny ssh-server
kde etch ssh-server [initially just a client]

the first test i performed was, create an rsa key from debian etch,
and connect via public key to debian lenny, and it failed with this message

Permission denied. (Public Key)

just to make sure that i did try a variant approach, i enabled password
authentication, and connected via login to lenny still from etch,
and it was successful


but on retry with public key (first with rsa, then with dsa) i got the same result



At which point, i tried a diff. approach, which was why i had the ubuntu. I tested rsa / dsa authentication connections between
debian lenny and ubuntu, both ways, and it worked

After that, I installed ssh-server on Etch, added the public keys from
ubuntu and debian, and have found that i was able to connect
via public key authentication to the etch server.


With everything seemingly working fine.
I recreate public keys on Debian Etch and tried to connect
to either Lenny / Hardy Heron, with no success.

( I did also try Etch to Etch, and failed with the same error. )




Alright, i'm very sorry it took quite a while to follow up on this,
but I had to make sure that I wasn't making an obvious error somewhere,
which at this point I'm convinced I truly have not overlooked anything
basic.



With all that said, has anyone out there experienced similar problems
trying to ssh from a Debian Etch?
 
Old 12-15-2009, 01:15 AM   #5
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and CentOS
Posts: 6,726

Rep: Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705
There are many things that can cause ssh RSA auth failures, as such googling can present you with many answers that won't apply in any given situation. So, a good start is looking at the ssh debug information.

Read /var/log/auth.log on the server, and run the client in verbose mode (ssh -vvv).

If you can't get the answers from the above, the next thing to try is running sshd in debug mode (sshd -d) on the server, and then ssh to that instance of sshd: this will give much more server side debug info than what you normally get in /var/log/auth.log.

Cheers,

Evo2.

Last edited by evo2; 12-15-2009 at 01:15 AM. Reason: Typo
 
Old 12-15-2009, 02:45 AM   #6
parf
Member
 
Registered: Nov 2007
Distribution: debian
Posts: 39

Original Poster
Rep: Reputation: 15
Thanks, I'll try later when I get home.

this should be very useful.
 
Old 12-16-2009, 02:47 AM   #7
parf
Member
 
Registered: Nov 2007
Distribution: debian
Posts: 39

Original Poster
Rep: Reputation: 15
To evo2, many thanks. I obviously should have consulted the logs in the first place.

Anyway, what happened was the key generated by the Debian Etch i used was already blacklisted.
i did use a r1 and r3 of etch, and it was the r3 that i set up as ssh server.
naturally the r1's generated key was already in blacklist, but i found it weird that
the r3 generated key was also blacklisted in lenny, even in ubuntu hardy heron.

in any case, for simple test purposes on an isolated lan, PermitBlacklistedKeys yes did the trick.


Cheers!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
failed ssh RSA key authentication jdarren Linux - Networking 15 07-06-2008 10:25 AM
LXer: How To Set Up SSH With Public-Key Authentication On Debian Etch LXer Syndicated Linux News 0 03-30-2008 11:50 AM
RSA Key Authentication with SSH fail with no reply for publickey powah Linux - Security 2 11-18-2006 12:24 PM
ssh RSA authentication changed? Moebius Linux - Networking 1 05-20-2006 07:05 PM
Step-by-step instructions setting up RSA Authentication for SSH? houler Linux - Security 16 04-27-2005 07:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration