sftp asking for password authentication but my public key is passwordless
I created a key test2_id_rsa.
The company that I am trying to send a file to has the .pub key and has applied it to their server. When I try to connect it asked me for a password. The known_host and authorized_keys files look good to me. This is what I get when I run sftp -vvv with my user to their site. I uncommented the following in the sshd_config file. RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile ~/.ssh/authorized_keys and added IdentityFile ~/.ssh/test2_id_rsa Connecting to toSite... OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 debug2: ssh_connect: needpriv 0 debug1: Connecting to toSite[111.11.11.1] port 22. debug1: Connection established. debug1: identity file /home/applfint/.ssh/id_rsa type -1 debug1: identity file /home/applfint/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version SFTP Server debug1: no match: SFTP Server debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug3: Wrote 792 bytes for a total of 813 debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 debug2: kex_parse_kexinit: ssh-rsa debug2: kex_parse_kexinit: blowfish-cbc,3des-cbc,aes128-cbc,aes128-ctr,aes192-cbc,aes192-ctr,aes256-cbc,aes256-ctr,twofish128-cbc,twofish192-cbc,twofish256-cbc,cast128-cbc debug2: kex_parse_kexinit: blowfish-cbc,3des-cbc,aes128-cbc,aes128-ctr,aes192-cbc,aes192-ctr,aes256-cbc,aes256-ctr,twofish128-cbc,twofish192-cbc,twofish256-cbc,cast128-cbc debug2: kex_parse_kexinit: hmac-sha1,hmac-md5,hmac-md5-96,hmac-sha1-96 debug2: kex_parse_kexinit: hmac-sha1,hmac-md5,hmac-md5-96,hmac-sha1-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug3: Wrote 24 bytes for a total of 837 debug2: dh_gen_key: priv key bits set: 127/256 debug2: bits set: 521/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: Wrote 144 bytes for a total of 981 debug3: check_host_in_hostfile: filename /home/applfint/.ssh/known_hosts debug3: check_host_in_hostfile: match line 6 debug3: check_host_in_hostfile: filename /home/applfint/.ssh/known_hosts debug3: check_host_in_hostfile: match line 6 debug1: Host 'toSite' is known and matches the RSA host key. debug1: Found key in /home/applfint/.ssh/known_hosts:6 debug2: bits set: 513/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: Wrote 16 bytes for a total of 997 debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug3: Wrote 48 bytes for a total of 1045 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/applfint/.ssh/id_rsa ((nil)) debug2: key: /home/applfint/.ssh/id_dsa ((nil)) debug3: Wrote 64 bytes for a total of 1109 debug3: input_userauth_banner SSH Server supporting SFTP and SCP debug1: Authentications that can continue: password,publickey,keyboard-interactive debug3: start over, passed a different list password,publickey,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/applfint/.ssh/id_rsa debug3: no such identity: /home/applfint/.ssh/id_rsa debug1: Trying private key: /home/applfint/.ssh/id_dsa debug3: no such identity: /home/applfint/.ssh/id_dsa debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug3: Wrote 96 bytes for a total of 1205 debug2: input_userauth_info_req password Enter password for healthyd debug2: input_userauth_info_req: num_prompts 1 Password: |
Hello slepthien,
Thanks for doing and including the debug messages. Your problem is here: Code:
debug1: identity file /home/applfint/.ssh/id_rsa type -1 You can try passing the -i option Code:
sftp -i ~/.ssh/test2_id_rsa In which file did you add the IdentityFile line? |
Code:
debug1: Trying private key: /home/applfint/.ssh/id_rsa |
Smokey_justme
when i run sftp -i I get sftp: illegal option -- i usage: sftp [-1Cv] [-B buffer_size] [-b batchfile] [-F ssh_config] [-o ssh_option] [-P sftp_server_path] [-R num_requests] [-S program] [-s subsystem | sftp_server] host sftp [user@]host[:file ...] sftp [user@]host[:dir[/]] sftp -b batchfile [user@]host smallpond Not sure what you are saying. Why can't I have test2_id_rsa as the primary key. I am not using the id_rsa because it was created with a password which I do not have. |
The default name for the private key file is id_dsa or id_rsa. That does not mean it can not be named something else as long is it is specified on the command line or the ~/.ssh/config file. As stated make sure it has the proper permissions.
What linux distribution / version are you running? Did you try? sftp -i ~/.ssh/test2_id_rsa username@server |
michaelk
I am using Oracle linux 6 when i run the sftp -i command it says it is an illegal option. I do not have ~/config file. The files i have edited are etc/ssh/sshd_config and etc/ssh/ssh_config |
Your correct. I'm having a bad day...
It should be sftp -o IdentityFile=~/.ssh/test2_id_rsa username@host The ~/.ssh/config file is not automatically created. ssh_config is a global client file for all users and you can create your own in your .ssh directory. You can create one to make your life bit easier. Code:
host server sftp server http://www.cyberciti.biz/faq/create-...on-linux-unix/ |
Hmm, I didn't knew there are versions out there without the -i option... Well, live and learn..
Now, michaelk already told you the solution.. I won't repeat it, but if you don't want a per-user configuration (I do recommend it in your case) then recheck your /etc/ssh/ssh_config. The line you added 'IdentityFile ~/.ssh/test2_id_rsa' must be under a host that will get parsed when connecting (by default it's for all hosts) and must be the first 'IdentityFile' line in that "section". According to the manuals it will take the first value it finds.. |
Thanks
Thanks all creating the config file worked.
I appreciate the help |
Thanks for posting back that it worked.
|
All times are GMT -5. The time now is 02:55 PM. |