RSA authentication problem while logging in remote server from client
 

Hi,
I am trying to do ssh sever 2 from server 1 using RSA key. I generated RSA with out involving passwords. I followed below steps for generating keys.

On server2:
Generated RSA key by following command
[16:25:53:roamware@AMSVMRQM-ATT]>ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/opt/Roamware/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /opt/Roamware/.ssh/id_rsa.
Your public key has been saved in /opt/Roamware/.ssh/id_rsa.pub.
The key fingerprint is:
4c:6c:d1:0f:f7:26:1f:e7:1d:e1:e2:85:07:1b:5c:9d roamware@AMSVMRQM-ATT

[16:26:04:roamware@AMSVMRQM-ATT]>ls ~/.ssh
id_rsa id_rsa.pub

[16:30:22:roamware@AMSVMRQM-ATT]>scp -r id_rsa.pub 10.232.69.144:/opt/Roamware/.ssh
The authenticity of host '10.232.69.144 (10.232.69.144)' can't be established.
RSA key fingerprint is 0a:ff:0b:ef:92:6a:bd:57:0c:46:22:47:45:b9:68:87.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.232.69.144' (RSA) to the list of known hosts.

|-----------------------------------------------------------------|
| This system is for the use of authorized users only. |
| Individuals using this computer system without authority, or in |
| excess of their authority, are subject to having all of their |
| activities on this system monitored and recorded by system |
| personnel. |
| |
| In the course of monitoring individuals improperly using this |
| system, or in the course of system maintenance, the activities |
| of authorized users may also be monitored. |
| |
| Anyone using this system expressly consents to such monitoring |
| and is advised that if such monitoring reveals possible |
| evidence of criminal activity, system personnel may provide the |
| evidence of such monitoring to law enforcement officials. |
|-----------------------------------------------------------------|

Password:
id_rsa.pub 100% |*************************************************************************************************** ******************| 231 00:00
[16:35:02:roamware@AMSVMRQM-ATT]>

On server 2:
----------
[16:10:31:roamware@AMSRQMIMAS]>ls -l
total 2
-rw-r--r-- 1 roamware roamware 231 Jun 9 16:35 id_rsa.pub
[16:35:46:roamware@AMSRQMIMAS]>cat id_rsa.pub >>authorized_keys

[16:37:07:roamware@AMSRQMIMAS]>chmod 600 authorized_keys

From server 1 trying to login but still it is prompting for password

[16:38:16:roamware@AMSVMRQM-ATT]>ssh roamware@10.232.69.144 -v
Sun_SSH_1.1.2, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to 10.232.69.144 [10.232.69.144] port 22.
debug1: Connection established.
debug1: identity file /opt/Roamware/.ssh/identity type -1
debug1: identity file /opt/Roamware/.ssh/id_rsa type 1
debug1: identity file /opt/Roamware/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.2
debug1: match: Sun_SSH_1.1.2 pat Sun_SSH_1.1.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1.2
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: Peer sent proposed langtags, ctos: en-CA,en-US,es-MX,es,fr,fr-CA,i-default
debug1: Peer sent proposed langtags, stoc: en-CA,en-US,es-MX,es,fr,fr-CA,i-default
debug1: We proposed langtags, ctos: en-US
debug1: We proposed langtags, stoc: en-US
debug1: Negotiated lang: en-US
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: en_US.UTF-8
debug1: Remote: Negotiated messages locale: en_US.UTF-8
debug1: dh_gen_key: priv key bits set: 120/256
debug1: bits set: 1558/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.232.69.144' is known and matches the RSA host key.
debug1: Found key in /opt/Roamware/.ssh/known_hosts:1
debug1: bits set: 1537/3191
debug1: ssh_rsa_verify: signature correct
debug1: newkeys: mode 1
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: got SSH2_MSG_SERVICE_ACCEPT

|-----------------------------------------------------------------|
| This system is for the use of authorized users only. |
| Individuals using this computer system without authority, or in |
| excess of their authority, are subject to having all of their |
| activities on this system monitored and recorded by system |
| personnel. |
| |
| In the course of monitoring individuals improperly using this |
| system, or in the course of system maintenance, the activities |
| of authorized users may also be monitored. |
| |
| Anyone using this system expressly consents to such monitoring |
| and is advised that if such monitoring reveals possible |
| evidence of criminal activity, system personnel may provide the |
| evidence of such monitoring to law enforcement officials. |
|-----------------------------------------------------------------|

debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: Next authentication method: gssapi-with-mic
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: Next authentication method: publickey
debug1: Trying private key: /opt/Roamware/.ssh/identity
debug1: Trying public key: /opt/Roamware/.ssh/id_rsa
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Trying private key: /opt/Roamware/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:

What is the output of the following from both systems?

ls -la /opt/Roamware/.ssh/

HI, Thanks for the reply. Please find the below outputs from both systems

[08:45:20:roamware@AMSRQMIMAS]>ls -la /opt/Roamware/.ssh/
total 8
drwx------ 2 roamware roamware 512 Jun 9 16:36 .
drwxrwxr-x 24 roamware roamware 1024 Jun 9 15:30 ..
-rw------- 1 roamware roamware 231 Jun 9 16:36 authorized_keys
-rw-r--r-- 1 roamware roamware 231 Jun 9 16:35 id_rsa.pub

[08:45:04:roamware@AMSVMRQM-ATT]>ls -la /opt/Roamware/.ssh/
total 10
drwxr-xr-x 2 roamware roamware 512 Jun 9 16:35 .
drwxrwxr-x 24 roamware roamware 1024 Jun 9 15:35 ..
-rw------- 1 roamware roamware 887 Jun 9 16:26 id_rsa
-rw-r--r-- 1 roamware roamware 231 Jun 9 16:26 id_rsa.pub
-rw-r--r-- 1 roamware roamware 223 Jun 9 16:35 known_hosts

That looks ok. Although, you can remove the id_rsa.pub from AMSRQMIMAS.

Check two more things:

1) In your sshd_config file (/etc/ssh/sshd_config?), what value do you have for "AuthorizedKeysFile"?

2) What do you see in /var/log/secure on AMSRQMIMAS when you try to log in from AMSVMRQM-ATT?