LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   SFTP auto login works one way only? (https://www.linuxquestions.org/questions/linux-newbie-8/sftp-auto-login-works-one-way-only-673505/)

jchambers 10-01-2008 07:26 AM

SFTP auto login works one way only?
 
Hello all.

I have read many posts on auto login for SSH but can not figure this one out.


Code:

#ssh-keygen -t rsa

-rw-r--r-- 1 root root  415 2008-10-01 04:07 authorized_keys
-rw------- 1 root root 1.7K 2008-09-30 18:47 id_rsa
-rw-r--r-- 1 root root  413 2008-09-30 18:47 id_rsa.pub
-rw-r--r-- 1 root root  884 2008-10-01 03:33 known_hosts

Example:

Server A cannot auto login (sftp) to server B

Server B can auto login (sftp) to server A



Server A: Debian (etch)
Linux 2.6.18-4-amd64 #1 SMP Mon Mar 26 11:36:53 CEST 2007 x86_64 GNU/Linux

Server B: Debian (etch)
Linux 2.6.18-5-686 #1 SMP Fri Jun 1 00:47:00 UTC 2007 i686 GNU/Linux


My only thought is that something changed in the newest version of Etch.
Any ideas?


Jon

ilikejam 10-01-2008 09:43 AM

Hi.

Check the permissions on the home directories as well as the .ssh directories and the keys.

Also, try running ssh -vvv in both directions to see if there's anything interesting.

Dave

jchambers 10-01-2008 02:14 PM

Thank you for the reply.

I keep getting blacklisted on the server I am trying to auto ssh to.
/var/logs/auth.log

Oct 1 10:43:50 www sshd[2444]: Public key 4f:d7:71:27:51:bf:5e:a9:b7:af:2c:82:0d:2a:bb:53 blacklisted (see ssh-vulnkey(1))


You got me on the right track, though it turns out it is a problem between the new version of open-ssh and prior versions. From what I read if both servers do not have the newest version it will not work. I upgraded both servers with openssl_0.9.8.


http://www.ducea.com/2008/05/14/ssh-vulnkey-a/


My problem is that my x86_64 version wil not upgrade to the newest version.

64 bit
Code:

ii  openssh-blacklist                0.1.1                                list of blacklisted OpenSSH RSA and DSA keys
ii  openssh-client                    1:4.7p1-8                            secure shell client, an rlogin/rsh/rcp repla
ii  openssh-server                    1:4.7p1-8                            secure shell server, an rshd replacement
ii  ssh                              1:5.1p1-2                            secure shell client and server (metapackage)
ii  openssl                          0.9.8c-4etch3                        Secure Socket Layer (SSL) binary and related

i686
Code:

ri  openssh-blacklist                0.1.1                                list of blacklisted OpenSSH RSA and DSA keys
ii  openssh-client                    4.3p2-9etch3                        Secure shell client, an rlogin/rsh/rcp repla
ii  openssh-server                    4.3p2-9etch3                        Secure shell server, an rshd replacement
ii  ssh                              4.3p2-9etch3                        Secure shell client and server (transitional
openssl                          0.9.8c-4etch3                        Secure Socket Layer (SSL) binary and related

Anyway to bypass the black list?

ilikejam 10-02-2008 06:49 AM

You can get around this by regenerating your host keys. Should be something like:

# ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
# ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa

This will cause any client to shout about key fingerprints when the SSH/SFTP in, which may break automated pub-priv key logins until the new host fingerprints are accepted, so be warned.

Dave

jchambers 10-08-2008 01:33 PM

[solved]
 
Well I figured it out.

http://www.debian.org/security/2008/dsa-1571

http://wiki.debian.org/SSLkeys

Turns out that I needed to do this:
Code:

rm /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server

Then it recreated the keys without black listing them.

Thanks for your help Dave.
Your suggestions led me to the answer.

Jon

saleemsupra 01-02-2009 05:03 AM

i am using fedora7 64 i want to login to other machine by rsh without password. there is no xinetd in my /etc dir. rsh appears only in /usr/bin/rsh or in pam.d directory.

please help me how can i configure rsh and login using rsh command?


Thanks

Saleemsupra

jchambers 01-03-2009 02:29 PM

Hi saleemsupra.

I setup ssh using "ssh-keygen -t rsa", then copied the id_rsa.pub key to the authorized_keys file of the remote server/user to connect to. Manually login once using ssh or sftp to the remote server. After that is setup it seems to work well for me.


#rsh -l [remote user] -p [remote port] [url / IP] [command]

#rsh -l myuser -p 22 192.168.2.55 echo


I hope that helps to answer your question.

Jon


All times are GMT -5. The time now is 09:17 AM.