LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 02-21-2011, 10:28 PM   #1
davincey
LQ Newbie
 
Registered: Feb 2011
Posts: 6

Rep: Reputation: 0
Public key not an available authentication method


Hi folks. First time posting here so please bear with me abit

I'm trying to use publickey for authentication from my red hat 8.0 server to a destination AIX 5 server. PubKeyAuthentication is enabled on the AIX server and I have already copied the public key from my red hat server to the AIX server.

Normal ssh with password works fine but somehow it seems like public key is not an available authentication method for ssh from the linux server to the AIX server:

Authentications that can continue: password, keyboard-interactive

permissions on the AIX server are as follows:
$HOME 755
$HOME/.ssh 700
$HOME/.ssh/authorized_keys 600

Note: I did try to use ssh from the AIX server to itself, publickey is listed under Authentications that can continue and I am able to login automatically using publickey. Any ideas?
 
Old 02-22-2011, 04:32 AM   #2
davincey
LQ Newbie
 
Registered: Feb 2011
Posts: 6

Original Poster
Rep: Reputation: 0
Additional info. My server is behind a NAT firewall and there are a couple of other firewalls in between these 2 servers. My red hat server is cleared uni directional to the AIX server but bidirectional. Would that affect public key authentication? Normal ssh works fine this way though.
 
Old 02-23-2011, 12:35 PM   #3
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 15.2
Posts: 1,339

Rep: Reputation: 260Reputation: 260Reputation: 260
Two things to check:

1) start ssh with the options -vvv to investigate the negotiation

2) double check whether $HOME/.ssh/authorized_keys have the public key on a single line

Last edited by Reuti; 02-23-2011 at 12:35 PM. Reason: Typo
 
Old 02-24-2011, 10:40 PM   #4
davincey
LQ Newbie
 
Registered: Feb 2011
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Reuti View Post
Two things to check:

1) start ssh with the options -vvv to investigate the negotiation

2) double check whether $HOME/.ssh/authorized_keys have the public key on a single line
1) Tried that. Apparently publickey was not even listed as an authentication method that can continue

2) The key is fine, I used cat >> $HOME/.ssh/authorized_keys.

After testing various scenarios, it is found that if I ssh from a server within the same network, publickey is displayed as an option and I can login automatically with it. If I ssh from any server from a different network, publickey is not displayed as an authentication method that can continue. So it's either some setting on the firewall or switches that might be preventing the servers from using publickey
 
Old 02-25-2011, 06:45 AM   #5
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 15.2
Posts: 1,339

Rep: Reputation: 260Reputation: 260Reputation: 260
Yes, it's possible to set sshd up this way. Interesting is that we make it the opposite way here: allow only publickey from external and additionally password from internal adresses. The rationale in your case maybe the admin is concerned that some private key without a passphrase might end up in the wild. And there is no sign in the public part whether the private part has a passphrase assigned. This might be improved in ssh that when there is a passphrase set to have some flag in the public part, and it should be impossible to remove the passphrase lateron. And some kind of revoke feature for keys is also missing.

Do you connect always from the same external network? Maybe setting up personal hostbased authentication could work (when hostbased authentication in general is allowed).
 
Old 03-08-2011, 03:44 AM   #6
davincey
LQ Newbie
 
Registered: Feb 2011
Posts: 6

Original Poster
Rep: Reputation: 0
Finally got this resolved. My network admins put a ssh proxy in between the 2 networks. That was stopping the publickey authentication as the ssh proxy only allowed password and keyboard interactive methods. Thanks for the attn on this matter
 
Old 03-08-2011, 04:49 AM   #7
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 15.2
Posts: 1,339

Rep: Reputation: 260Reputation: 260Reputation: 260
Did he also disable the agent forwarding by setting "AllowAgentForwarding"? Otherwise it might work so that a password is necessary to be given for the ssh-proxy, but then you can login by publickey and the agent is answering this authentication. In case you want to get rid of the proxy when coyping files: you can first open a connection to the ssh-proxy and create a tunnel by:
Code:
 ssh -L 1234:final_server:22 ssh_proxy
and if you use this to connect to the final machine with:
Code:
ssh -p 1234 localhost
it should work with publickey independent of the setting of the ssh-proxy.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
help with public key authentication rookie7799 Linux - Security 8 05-26-2012 01:41 AM
SSH public key authentication Jeroen1000 Linux - Security 12 09-07-2009 05:14 AM
SSH access method: public-key + password together.... MCD555 Linux - Security 4 05-27-2009 03:46 AM
ssh to remote machine with public-key method 2007fld Linux - Security 2 08-13-2007 04:13 PM
Can't use public key authentication with SSH Noob69 Linux - General 5 01-06-2006 07:27 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 08:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration