LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   I need to setup kyless ssh between CentOS and HP-UX both ways (https://www.linuxquestions.org/questions/linux-newbie-8/i-need-to-setup-kyless-ssh-between-centos-and-hp-ux-both-ways-4175543005/)

xombboxer 05-19-2015 05:37 AM
I need to setup kyless ssh between CentOS and HP-UX both ways
 
I have 2 linux boxes
Code:
HP-UX server1 B.11.11 U 9000/800
and
Code:
CentOS release 6.3 (Final)
I need to setup a password-less ssh. I could login from HP-UX to cent os but not other way.

Is it possible to use password less ssh both ways ? Is there any extra step in HP to setup keygen?

what I am doing

Code:
ssh-keygen -t rsa

copy the ~/.ssh/id_rsa.pub from client machine to ~/.ssh/authorized_keys on server machine

wpeckham 05-19-2015 07:07 AM
Keyless
 
The technique is the same, you just have to do it both ways. The script ssh-copy-id might help you.

Soadyheid 05-19-2015 09:59 AM
Quote:
I have 2 linux boxes
HP-UX B11.11 is not Linux. It's an HP proprietary operating system which runs on PA-RISC processors. If I remember correctly you require licences per processor to run it?

Sorry, a diversion from the question asked... :(

Play Bonny!

:hattip:

wpeckham 05-19-2015 09:10 PM
quite right
 
You are correct, and I should have stated things clearly. I stand (sit, actually) corrected.

I have used the technique between boxes running various flavors of Linux, BSD, HP-UX, AIX, VMS, and Solaris. Some running OpenSSH and some running the SSH2 commercial product. For some ( in particular where the SSH2 is involved) there are slight differences, but the basic technique works the same.

It even works between Windows NT (and NT server) running the cygwin compile of OpenSSH and a Linux or Unix box, but I have not tested on more recent Windows products. I assume I could make that work also, it has simply not come up for a test. I thought Microsoft was getting a bit 'odd' with NT, and Vista rather proved me right.
(Still, I did not think them suicidal until I saw Win2012 server! ick!)

xombboxer 05-20-2015 05:13 AM
Trying debug
 
Still it asks for password, any help ?

This is what I see after running
Code:
ssh -i hpux_dsa -vv user@hostname
Code:
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to hostname [xx.xx.xx.xx] port 22.
debug1: Connection established.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file hpux_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7p1+sftpfilecontrol-v1.2-hpn12v17
debug1: match: OpenSSH_4.7p1+sftpfilecontrol-v1.2-hpn12v17 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 125/256
debug2: bits set: 507/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'hostname' is known and matches the RSA host key.
debug1: Found key in /ahome/vobadmin/.ssh/known_hosts:161
debug2: bits set: 512/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: hpux_dsa (0x7ffecd996230)
#########################################################
# This computer system is private property. Use of this #
# system is restricted to authorized users only and    #
# shall be limited to activities permitted under        #
# applicable law. In addition, users must comply with  #
# the owner's acceptable use and other applicable      #
# policies. Unauthorized access, use, or modification  #
# of this system is strictly prohibited and may result  #
# in criminal prosecution, civil action, or employee    #
# discipline. Users of this system should have no      #
# expectation of privacy irrespective of any security  #
# measures imposed by the owner of this system since    #
# such measures are solely for the benefit of the      #
# owner. Activities on this system may be monitored,    #
# recorded, and subject to audit. Use of this system,  #
# authorized or unauthorized, constitutes consent to    #
# such monitoring and recording.                        #
#########################################################

debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: hpux_dsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
vobadmin@hostname's password:

wpeckham 05-20-2015 07:19 AM
interesting
 
Check the man pages on each platform, there may be detail we are missing.
Also
Check the permissions on the home and .ssh folders. I would expect a clear indicator if this was wrong, but the packages for non-linux systems can vary from the standard to which I am accustomed.
and
examine the logs on the target machine for sshd entries. There may be a clue there: that is what logs are FOR!

Let us know what you find please.


All times are GMT -5. The time now is 06:51 AM.