LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-31-2008, 10:20 AM   #1
goober3
LQ Newbie
 
Registered: Aug 2008
Posts: 11

Rep: Reputation: 0
pub key authentication


I've tried everything but cannot get openssh to work with public key authentication. My server is CentOS 4.2, im using ssh-2 and openssh version is 5.1. Below is the output from ssh -v (i've changed the names to protect the innocent)

Code:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/john/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
john@server.domain.net's password:
I've jacked up my sshd_config file to no end but here is what i currently have.

Code:
Port 5348
Protocol 2
#ListenAddress 192.168.1.2
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin no
StrictModes yes
MaxAuthTries 5

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Change to no to disable s/key passwords
ChallengeResponseAuthentication yes
#ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing, 
# and session processing. If this is enabled, PAM authentication will 
# be allowed through the ChallengeResponseAuthentication mechanism. 
# Depending on your PAM configuration, this may bypass the setting of 
# PasswordAuthentication, PermitEmptyPasswords, and 
# "PermitRootLogin without-password". If you just want the PAM account and 
# session checks to run without PAM authentication, then enable this but set 
# ChallengeResponseAuthentication=no
#UsePAM no
#UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#ShowPatchLevel no

# no default banner path
Banner /etc/ssh/sshd-banner

# override default of no subsystems
Subsystem       sftp    /usr/libexec/openssh/sftp-server
NOTE: I currently have allow password so that i can ssh in to the server and edit the file. When I turn password off, I can't ssh in so I know that part works.

I've also set the permissions of the .ssh directory and authorized_keys file as prescribed thruout the web. But, I'm not sure who should be owner of these and the path. Currently the path is /root/.ssh/authorized_keys and the owner:group is john:john. I've also tried setting the path to same location as the openssh server but to no avail.

Any help?

P.S I am linux newbie
 
Old 08-31-2008, 10:25 AM   #2
goober3
LQ Newbie
 
Registered: Aug 2008
Posts: 11

Original Poster
Rep: Reputation: 0
additional comments

I'm using dsa and I've tried ssh-keygen as well as the Passwords and Encryption keys tool in ubuntu 8.04. Also, when it comes time for the dsa passphrase, I am never asked.
 
Old 09-03-2008, 11:29 PM   #3
mohdshakir
Member
 
Registered: Jan 2006
Distribution: gentoo, slackware
Posts: 36

Rep: Reputation: 15
I guess there's nothing wrong with your sshd_config, but you might want to try the tutorial below to correctly create and transfer your key to the server;
Configure passwordless ssh login

Last edited by mohdshakir; 07-12-2010 at 01:32 AM. Reason: URL update
 
Old 09-04-2008, 12:40 AM   #4
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Read through this post. You will note that the problem ended up being a permissions issue of various key files as described therein.

http://www.linuxquestions.org/questi...prompt-664733/
 
Old 09-06-2008, 09:54 AM   #5
goober3
LQ Newbie
 
Registered: Aug 2008
Posts: 11

Original Poster
Rep: Reputation: 0
I've changed my permissions but it still doesnt work. I get
rexec line 84: Unsupported option UsePAM
In my /var/log/messages on the server after I try to ssh in.

On the client side, this is what is see
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/dale/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
 
Old 09-06-2008, 09:17 PM   #6
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Which machine gives you the rexec error? What is the client machine telling you?

Can you show

ls -lad ~/.ssh

and

ls -la ~/.ssh

for both the client and server machines
 
Old 09-07-2008, 07:55 AM   #7
goober3
LQ Newbie
 
Registered: Aug 2008
Posts: 11

Original Poster
Rep: Reputation: 0
from server
total 32
drwxr-xr-x 2 root root 4096 Sep 6 08:38 .
drwxr-x--- 20 root root 4096 Sep 7 06:47 ..
-rw-r--r-- 1 root root 398 Sep 6 08:37 authorized_keys
-rw-r--r-- 1 root root 606 Aug 29 10:27 authorized_keys2

from client
drwx------ 2 dale dale 4096 2008-09-06 14:37 .
drwxr-xr-x 60 dale dale 4096 2008-09-07 06:29 ..
-rw------- 1 dale dale 1743 2008-09-06 08:32 id_rsa
-rw-r--r-- 1 dale dale 630 2008-09-06 14:37 id_rsa.keystore
-rw-r--r-- 1 dale dale 398 2008-09-06 08:32 id_rsa.pub
-rw-r--r-- 1 dale dale 540 2008-09-06 08:50 known_hosts

NOTE that now, I've tried rsa keys to work but still nothing. Also I'm not using the authorized_keys2. I'm beginning to wonder if its not a client side issue. I have a linksys router with DD-WRT installed and I can log on there through ssh either if I use keys. I tried generating a key serverside but that doesnt work either.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh public key authentication teacup Linux - Networking 4 11-27-2011 11:27 PM
To login to a server using pub key ZAMO Linux - Server 11 06-05-2008 08:28 AM
GNUgpg & Kgpg export pub key issue imagineaxion Linux - Security 2 09-23-2006 04:35 PM
using rsync with cron & pub. key kmitz Fedora 0 01-14-2005 08:01 AM
Public key authentication problem Gameon Linux - Security 7 01-02-2004 06:33 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 08:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration