passwordless authentication
 

hi

I am not able to establish paswword less authentication between two servers even after generating the key

below is the ssh debug output

[orasymascp@symdrdb01 ~]$ ssh -vvv sympscdb01.symmetricom.com
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to sympscdb01.symmetricom.com [64.75.6.137] port 22.
debug1: Connection established.
debug1: identity file /u01/app/orasymascp/.ssh/identity type -1
debug3: Not a RSA1 key file /u01/app/orasymascp/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /u01/app/orasymascp/.ssh/id_rsa type 1
debug1: identity file /u01/app/orasymascp/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 130/256
debug2: bits set: 510/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /u01/app/orasymascp/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug3: check_host_in_hostfile: filename /u01/app/orasymascp/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'sympscdb01.symmetricom.com' is known and matches the RSA host key.
debug1: Found key in /u01/app/orasymascp/.ssh/known_hosts:2
debug2: bits set: 506/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /u01/app/orasymascp/.ssh/identity ((nil))
debug2: key: /u01/app/orasymascp/.ssh/id_rsa (0x552abff630)
debug2: key: /u01/app/orasymascp/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-with-mic,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 64.75.6.137.
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /u01/app/orasymascp/.ssh/identity
debug3: no such identity: /u01/app/orasymascp/.ssh/identity
debug1: Offering public key: /u01/app/orasymascp/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /u01/app/orasymascp/.ssh/id_dsa
debug3: no such identity: /u01/app/orasymascp/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
orasymascp@sympscdb01.symmetricom.com's password:
debug3: packet_send2: adding 48 (len 65 padlen 15 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 0
debug3: tty_make_modes: ospeed 38400
debug3: tty_make_modes: ispeed 38400
debug3: tty_make_modes: 1 3
debug3: tty_make_modes: 2 28
debug3: tty_make_modes: 3 127
debug3: tty_make_modes: 4 21
debug3: tty_make_modes: 5 4
debug3: tty_make_modes: 6 0
debug3: tty_make_modes: 7 0
debug3: tty_make_modes: 8 17
debug3: tty_make_modes: 9 19
debug3: tty_make_modes: 10 26
debug3: tty_make_modes: 12 18
debug3: tty_make_modes: 13 23
debug3: tty_make_modes: 14 22
debug3: tty_make_modes: 18 15
debug3: tty_make_modes: 30 0
debug3: tty_make_modes: 31 0
debug3: tty_make_modes: 32 0
debug3: tty_make_modes: 33 0
debug3: tty_make_modes: 34 0
debug3: tty_make_modes: 35 0
debug3: tty_make_modes: 36 1
debug3: tty_make_modes: 37 0
debug3: tty_make_modes: 38 1
debug3: tty_make_modes: 39 0
debug3: tty_make_modes: 40 0
debug3: tty_make_modes: 41 0
debug3: tty_make_modes: 50 1
debug3: tty_make_modes: 51 1
debug3: tty_make_modes: 52 0
debug3: tty_make_modes: 53 1
debug3: tty_make_modes: 54 1
debug3: tty_make_modes: 55 1
debug3: tty_make_modes: 56 0
debug3: tty_make_modes: 57 0
debug3: tty_make_modes: 58 0
debug3: tty_make_modes: 59 1
debug3: tty_make_modes: 60 1
debug3: tty_make_modes: 61 1
debug3: tty_make_modes: 62 0
debug3: tty_make_modes: 70 1
debug3: tty_make_modes: 71 0
debug3: tty_make_modes: 72 1
debug3: tty_make_modes: 73 0
debug3: tty_make_modes: 74 0
debug3: tty_make_modes: 75 0
debug3: tty_make_modes: 90 1
debug3: tty_make_modes: 91 1
debug3: tty_make_modes: 92 0
debug3: tty_make_modes: 93 0
debug2: channel 0: request shell confirm 0
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 131072
Last login: Thu Nov 27 21:55:13 2008 from 64.75.6.129
[orasymascp@sympscdb01 ~]$


Please help me out

Thanks
MSHERI

Whoa, that's a lot of output:))

Check this out:
http://www.linux.com/articles/34958:

1. run ssh-keygen
2. copy the public identity file to the other computer (it's a file with the extension pub, located in yout ~ or in ~/.ssh)
3. on the remote computer run

4. you're good to go.

By the way, you could use ssh-copy-id instead of steps 2 and 3. Cheers:)

ssh
 

i tried that but still it is asking for the password

ssh-keygen -t dsa
copied the pub file to remote machine

scp id_dsa.pub sympscdb01.symmetricom.com:/u01/app/orasymascp

cat id_dsa.pub >> .ssh/authorized_keys

but still no luck

Ok, that probably means you entered a non-empty passphrase when ssh-keygen prompted you which is a good thing. Now try this:

http://en.wikipedia.org/wiki/Ssh-agent

And then try connecting to the other computer. Keep us posted. Cheers:)

ssh
 

Still no luck

[orasymascp@symdrdb01 .ssh]$ exec ssh-agent bash
[orasymascp@symdrdb01 .ssh]$ ssh-add
Identity added: /u01/app/orasymascp/.ssh/id_dsa (/u01/app/orasymascp/.ssh/id_dsa)
[orasymascp@symdrdb01 .ssh]$
[orasymascp@symdrdb01 .ssh]$ ssh sympscdb01.symmetricom.com
orasymascp@sympscdb01.symmetricom.com's password:

I am too dumb to give up right now. Try

still no luck
:scratch:

I am baffled. What distribution are you using?

Red Hat Enterprise Linux ES release 4 (Nahant Update 4)

[root@symdrdb01 ~]# ssh -V
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003

I just don't understand:))
You've done everything just the way it says here http://www.redhat.com/docs/manuals/l...nt-config.html

Just for the hell of it try this:
generate a new key pair, ssh-keygen -t rsa (and specify RSA as the type of key to create)
copy the key to the remote system; cat id_rsa.pub > .ssh/authorized_keys

Notice I said > not >> . Then try logging in. Good luck:)

Also, I see you are using an old openssh version, (mine says
)
If nothing works, consider upgrading to a newer version (2003 was a long time ago). Cheers:)

ssh
 

hi

issue is with only particualr user
for other user i am able to ssh without password

Please help me , is there any issue with user permissions?

Can you post current (abridged!) log output?

My WAG is you have StrictModes turned on for sshd (which RHEL does by default), and you've done something overly generous with home directory or .ssh subdirectory permissions.

Post the output of the following commands:

$ ls -ld /home/<user_here>

$ ls -ld /home/<user_here>/.ssh

$ ls -l /home/<user_here>/.ssh

BTW, a quick way to troubleshoot sshd issues is to tail /var/log/secure (on the sshd server).

ssh
 

[orasymascp@symdrdb01 ~]$ ls -ld /u01/app/orasymascp
drwxrwxrwx 13 orasymascp dbasymascp 4096 Dec 9 19:34 /u01/app/orasymascp
[orasymascp@symdrdb01 ~]$ ls -ld /u01/app/orasymascp/.ssh
drwx------ 2 orasymascp dbasymascp 4096 Dec 9 16:06 /u01/app/orasymascp/.ssh
[orasymascp@symdrdb01 ~]$
[orasymascp@symdrdb01 ~]$ ls -l /u01/app/orasymascp/.ssh
total 8
-rw------- 1 orasymascp dbasymascp 247 Dec 9 15:52 authorized_keys
-rw-r--r-- 1 orasymascp dbasymascp 468 Dec 9 15:54 known_hosts
[orasymascp@symdrdb01 ~]$