LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   sftp asking for password authentication but my public key is passwordless (https://www.linuxquestions.org/questions/linux-newbie-8/sftp-asking-for-password-authentication-but-my-public-key-is-passwordless-4175497288/)

slepthien 03-06-2014 01:29 PM
sftp asking for password authentication but my public key is passwordless
 
I created a key test2_id_rsa.
The company that I am trying to send a file to has the .pub key and has applied it to their server.

When I try to connect it asked me for a password.
The known_host and authorized_keys files look good to me.

This is what I get when I run sftp -vvv with my user to their site.

I uncommented the following in the sshd_config file.

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile ~/.ssh/authorized_keys

and added IdentityFile ~/.ssh/test2_id_rsa

Connecting to toSite...
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug2: ssh_connect: needpriv 0
debug1: Connecting to toSite[111.11.11.1] port 22.
debug1: Connection established.
debug1: identity file /home/applfint/.ssh/id_rsa type -1
debug1: identity file /home/applfint/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version SFTP Server
debug1: no match: SFTP Server
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 813
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: blowfish-cbc,3des-cbc,aes128-cbc,aes128-ctr,aes192-cbc,aes192-ctr,aes256-cbc,aes256-ctr,twofish128-cbc,twofish192-cbc,twofish256-cbc,cast128-cbc
debug2: kex_parse_kexinit: blowfish-cbc,3des-cbc,aes128-cbc,aes128-ctr,aes192-cbc,aes192-ctr,aes256-cbc,aes256-ctr,twofish128-cbc,twofish192-cbc,twofish256-cbc,cast128-cbc
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5,hmac-md5-96,hmac-sha1-96
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5,hmac-md5-96,hmac-sha1-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 837
debug2: dh_gen_key: priv key bits set: 127/256
debug2: bits set: 521/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 981
debug3: check_host_in_hostfile: filename /home/applfint/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 6
debug3: check_host_in_hostfile: filename /home/applfint/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 6
debug1: Host 'toSite' is known and matches the RSA host key.
debug1: Found key in /home/applfint/.ssh/known_hosts:6
debug2: bits set: 513/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 997
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1045
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/applfint/.ssh/id_rsa ((nil))
debug2: key: /home/applfint/.ssh/id_dsa ((nil))
debug3: Wrote 64 bytes for a total of 1109
debug3: input_userauth_banner
SSH Server supporting SFTP and SCP
debug1: Authentications that can continue: password,publickey,keyboard-interactive
debug3: start over, passed a different list password,publickey,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/applfint/.ssh/id_rsa
debug3: no such identity: /home/applfint/.ssh/id_rsa
debug1: Trying private key: /home/applfint/.ssh/id_dsa
debug3: no such identity: /home/applfint/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: Wrote 96 bytes for a total of 1205
debug2: input_userauth_info_req
password
Enter password for healthyd
debug2: input_userauth_info_req: num_prompts 1
Password:

Smokey_justme 03-06-2014 01:59 PM
Hello slepthien,

Thanks for doing and including the debug messages. Your problem is here:

Code:
debug1: identity file /home/applfint/.ssh/id_rsa type -1
[...]
debug1: Trying private key: /home/applfint/.ssh/id_rsa
debug3: no such identity: /home/applfint/.ssh/id_rsa
debug1: Trying private key: /home/applfint/.ssh/id_dsa
debug3: no such identity: /home/applfint/.ssh/id_dsa
It seems that sftp is using ~/.ssh/id_rsa (default) key for the connection (and it doesn't find it)...

You can try passing the -i option
Code:
sftp -i ~/.ssh/test2_id_rsa
just to see if the key works

In which file did you add the IdentityFile line?

smallpond 03-06-2014 02:00 PM
Code:
debug1: Trying private key: /home/applfint/.ssh/id_rsa
debug3: no such identity: /home/applfint/.ssh/id_rsa
This says it doesn't see your private key on the client machine. You can't rename it, it has to be in that directory with that name and permissions 0600. the id_rsa.pub file has to be appended to the authorized_keys file on the server.

slepthien 03-06-2014 02:07 PM
Smokey_justme
when i run sftp -i
I get
sftp: illegal option -- i
usage: sftp [-1Cv] [-B buffer_size] [-b batchfile] [-F ssh_config]
[-o ssh_option] [-P sftp_server_path] [-R num_requests]
[-S program] [-s subsystem | sftp_server] host
sftp [user@]host[:file ...]
sftp [user@]host[:dir[/]]
sftp -b batchfile [user@]host

smallpond
Not sure what you are saying. Why can't I have test2_id_rsa as the primary key. I am not using the id_rsa because it was created with a password which I do not have.

michaelk 03-06-2014 02:32 PM
The default name for the private key file is id_dsa or id_rsa. That does not mean it can not be named something else as long is it is specified on the command line or the ~/.ssh/config file. As stated make sure it has the proper permissions.

What linux distribution / version are you running?

Did you try?
sftp -i ~/.ssh/test2_id_rsa username@server

slepthien 03-06-2014 02:46 PM
michaelk
I am using Oracle linux 6

when i run the sftp -i command it says it is an illegal option.

I do not have ~/config file.
The files i have edited are etc/ssh/sshd_config and etc/ssh/ssh_config

michaelk 03-06-2014 03:05 PM
Your correct. I'm having a bad day...

It should be

sftp -o IdentityFile=~/.ssh/test2_id_rsa username@host

The ~/.ssh/config file is not automatically created. ssh_config is a global client file for all users and you can create your own in your .ssh directory.

You can create one to make your life bit easier.
Code:
host server
    hostname server.name.whatever
    IdentityFile ~/.ssh/test2_id_rsa
    user username
Then all you need on the command line is
sftp server


http://www.cyberciti.biz/faq/create-...on-linux-unix/

Smokey_justme 03-07-2014 12:23 AM
Hmm, I didn't knew there are versions out there without the -i option... Well, live and learn..

Now, michaelk already told you the solution.. I won't repeat it, but if you don't want a per-user configuration (I do recommend it in your case) then recheck your /etc/ssh/ssh_config.

The line you added 'IdentityFile ~/.ssh/test2_id_rsa' must be under a host that will get parsed when connecting (by default it's for all hosts) and must be the first 'IdentityFile' line in that "section". According to the manuals it will take the first value it finds..

slepthien 03-07-2014 08:47 AM
Thanks
 
Thanks all creating the config file worked.
I appreciate the help

michaelk 03-07-2014 08:49 AM
Thanks for posting back that it worked.


All times are GMT -5. The time now is 02:55 PM.