RSA authentication problem while logging in remote server from client
Hi,
I am trying to do ssh sever 2 from server 1 using RSA key. I generated RSA with out involving passwords. I followed below steps for generating keys. On server2: Generated RSA key by following command [16:25:53:roamware@AMSVMRQM-ATT]>ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/opt/Roamware/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /opt/Roamware/.ssh/id_rsa. Your public key has been saved in /opt/Roamware/.ssh/id_rsa.pub. The key fingerprint is: 4c:6c:d1:0f:f7:26:1f:e7:1d:e1:e2:85:07:1b:5c:9d roamware@AMSVMRQM-ATT [16:26:04:roamware@AMSVMRQM-ATT]>ls ~/.ssh id_rsa id_rsa.pub [16:30:22:roamware@AMSVMRQM-ATT]>scp -r id_rsa.pub 10.232.69.144:/opt/Roamware/.ssh The authenticity of host '10.232.69.144 (10.232.69.144)' can't be established. RSA key fingerprint is 0a:ff:0b:ef:92:6a:bd:57:0c:46:22:47:45:b9:68:87. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.232.69.144' (RSA) to the list of known hosts. |-----------------------------------------------------------------| | This system is for the use of authorized users only. | | Individuals using this computer system without authority, or in | | excess of their authority, are subject to having all of their | | activities on this system monitored and recorded by system | | personnel. | | | | In the course of monitoring individuals improperly using this | | system, or in the course of system maintenance, the activities | | of authorized users may also be monitored. | | | | Anyone using this system expressly consents to such monitoring | | and is advised that if such monitoring reveals possible | | evidence of criminal activity, system personnel may provide the | | evidence of such monitoring to law enforcement officials. | |-----------------------------------------------------------------| Password: id_rsa.pub 100% |*************************************************************************************************** ******************| 231 00:00 [16:35:02:roamware@AMSVMRQM-ATT]> On server 2: ---------- [16:10:31:roamware@AMSRQMIMAS]>ls -l total 2 -rw-r--r-- 1 roamware roamware 231 Jun 9 16:35 id_rsa.pub [16:35:46:roamware@AMSRQMIMAS]>cat id_rsa.pub >>authorized_keys [16:37:07:roamware@AMSRQMIMAS]>chmod 600 authorized_keys From server 1 trying to login but still it is prompting for password [16:38:16:roamware@AMSVMRQM-ATT]>ssh roamware@10.232.69.144 -v Sun_SSH_1.1.2, SSH protocols 1.5/2.0, OpenSSL 0x0090704f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to 10.232.69.144 [10.232.69.144] port 22. debug1: Connection established. debug1: identity file /opt/Roamware/.ssh/identity type -1 debug1: identity file /opt/Roamware/.ssh/id_rsa type 1 debug1: identity file /opt/Roamware/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.2 debug1: match: Sun_SSH_1.1.2 pat Sun_SSH_1.1.* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-Sun_SSH_1.1.2 debug1: use_engine is 'yes' debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers debug1: pkcs11 engine initialization complete debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible Unknown code 0 ) debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: Peer sent proposed langtags, ctos: en-CA,en-US,es-MX,es,fr,fr-CA,i-default debug1: Peer sent proposed langtags, stoc: en-CA,en-US,es-MX,es,fr,fr-CA,i-default debug1: We proposed langtags, ctos: en-US debug1: We proposed langtags, stoc: en-US debug1: Negotiated lang: en-US debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: Remote: Negotiated main locale: en_US.UTF-8 debug1: Remote: Negotiated messages locale: en_US.UTF-8 debug1: dh_gen_key: priv key bits set: 120/256 debug1: bits set: 1558/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '10.232.69.144' is known and matches the RSA host key. debug1: Found key in /opt/Roamware/.ssh/known_hosts:1 debug1: bits set: 1537/3191 debug1: ssh_rsa_verify: signature correct debug1: newkeys: mode 1 debug1: set_newkeys: setting new keys for 'out' mode debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: set_newkeys: setting new keys for 'in' mode debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: got SSH2_MSG_SERVICE_ACCEPT |-----------------------------------------------------------------| | This system is for the use of authorized users only. | | Individuals using this computer system without authority, or in | | excess of their authority, are subject to having all of their | | activities on this system monitored and recorded by system | | personnel. | | | | In the course of monitoring individuals improperly using this | | system, or in the course of system maintenance, the activities | | of authorized users may also be monitored. | | | | Anyone using this system expressly consents to such monitoring | | and is advised that if such monitoring reveals possible | | evidence of criminal activity, system personnel may provide the | | evidence of such monitoring to law enforcement officials. | |-----------------------------------------------------------------| debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive debug1: Next authentication method: gssapi-keyex debug1: Next authentication method: gssapi-with-mic debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible Unknown code 0 ) debug1: Next authentication method: publickey debug1: Trying private key: /opt/Roamware/.ssh/identity debug1: Trying public key: /opt/Roamware/.ssh/id_rsa debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive debug1: Trying private key: /opt/Roamware/.ssh/id_dsa debug1: Next authentication method: keyboard-interactive Password: |
What is the output of the following from both systems?
ls -la /opt/Roamware/.ssh/ |
HI, Thanks for the reply. Please find the below outputs from both systems
[08:45:20:roamware@AMSRQMIMAS]>ls -la /opt/Roamware/.ssh/ total 8 drwx------ 2 roamware roamware 512 Jun 9 16:36 . drwxrwxr-x 24 roamware roamware 1024 Jun 9 15:30 .. -rw------- 1 roamware roamware 231 Jun 9 16:36 authorized_keys -rw-r--r-- 1 roamware roamware 231 Jun 9 16:35 id_rsa.pub [08:45:04:roamware@AMSVMRQM-ATT]>ls -la /opt/Roamware/.ssh/ total 10 drwxr-xr-x 2 roamware roamware 512 Jun 9 16:35 . drwxrwxr-x 24 roamware roamware 1024 Jun 9 15:35 .. -rw------- 1 roamware roamware 887 Jun 9 16:26 id_rsa -rw-r--r-- 1 roamware roamware 231 Jun 9 16:26 id_rsa.pub -rw-r--r-- 1 roamware roamware 223 Jun 9 16:35 known_hosts |
That looks ok. Although, you can remove the id_rsa.pub from AMSRQMIMAS.
Check two more things: 1) In your sshd_config file (/etc/ssh/sshd_config?), what value do you have for "AuthorizedKeysFile"? 2) What do you see in /var/log/secure on AMSRQMIMAS when you try to log in from AMSVMRQM-ATT? |
All times are GMT -5. The time now is 07:03 AM. |