passwordless authentication
hi
I am not able to establish paswword less authentication between two servers even after generating the key below is the ssh debug output [orasymascp@symdrdb01 ~]$ ssh -vvv sympscdb01.symmetricom.com OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to sympscdb01.symmetricom.com [64.75.6.137] port 22. debug1: Connection established. debug1: identity file /u01/app/orasymascp/.ssh/identity type -1 debug3: Not a RSA1 key file /u01/app/orasymascp/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'Proc-Type:' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'DEK-Info:' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /u01/app/orasymascp/.ssh/id_rsa type 1 debug1: identity file /u01/app/orasymascp/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1 debug1: match: OpenSSH_3.9p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.9p1 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 130/256 debug2: bits set: 510/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /u01/app/orasymascp/.ssh/known_hosts debug3: check_host_in_hostfile: match line 2 debug3: check_host_in_hostfile: filename /u01/app/orasymascp/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug1: Host 'sympscdb01.symmetricom.com' is known and matches the RSA host key. debug1: Found key in /u01/app/orasymascp/.ssh/known_hosts:2 debug2: bits set: 506/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /u01/app/orasymascp/.ssh/identity ((nil)) debug2: key: /u01/app/orasymascp/.ssh/id_rsa (0x552abff630) debug2: key: /u01/app/orasymascp/.ssh/id_dsa ((nil)) debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug3: start over, passed a different list publickey,gssapi-with-mic,password debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup gssapi-with-mic debug3: remaining preferred: publickey,keyboard-interactive,password debug3: authmethod_is_enabled gssapi-with-mic debug1: Next authentication method: gssapi-with-mic debug3: Trying to reverse map address 64.75.6.137. debug2: we sent a gssapi-with-mic packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug2: we sent a gssapi-with-mic packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug2: we did not send a packet, disable method debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /u01/app/orasymascp/.ssh/identity debug3: no such identity: /u01/app/orasymascp/.ssh/identity debug1: Offering public key: /u01/app/orasymascp/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Trying private key: /u01/app/orasymascp/.ssh/id_dsa debug3: no such identity: /u01/app/orasymascp/.ssh/id_dsa debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password orasymascp@sympscdb01.symmetricom.com's password: debug3: packet_send2: adding 48 (len 65 padlen 15 extra_pad 64) debug2: we sent a password packet, wait for reply debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Entering interactive session. debug2: callback start debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 0 debug3: tty_make_modes: ospeed 38400 debug3: tty_make_modes: ispeed 38400 debug3: tty_make_modes: 1 3 debug3: tty_make_modes: 2 28 debug3: tty_make_modes: 3 127 debug3: tty_make_modes: 4 21 debug3: tty_make_modes: 5 4 debug3: tty_make_modes: 6 0 debug3: tty_make_modes: 7 0 debug3: tty_make_modes: 8 17 debug3: tty_make_modes: 9 19 debug3: tty_make_modes: 10 26 debug3: tty_make_modes: 12 18 debug3: tty_make_modes: 13 23 debug3: tty_make_modes: 14 22 debug3: tty_make_modes: 18 15 debug3: tty_make_modes: 30 0 debug3: tty_make_modes: 31 0 debug3: tty_make_modes: 32 0 debug3: tty_make_modes: 33 0 debug3: tty_make_modes: 34 0 debug3: tty_make_modes: 35 0 debug3: tty_make_modes: 36 1 debug3: tty_make_modes: 37 0 debug3: tty_make_modes: 38 1 debug3: tty_make_modes: 39 0 debug3: tty_make_modes: 40 0 debug3: tty_make_modes: 41 0 debug3: tty_make_modes: 50 1 debug3: tty_make_modes: 51 1 debug3: tty_make_modes: 52 0 debug3: tty_make_modes: 53 1 debug3: tty_make_modes: 54 1 debug3: tty_make_modes: 55 1 debug3: tty_make_modes: 56 0 debug3: tty_make_modes: 57 0 debug3: tty_make_modes: 58 0 debug3: tty_make_modes: 59 1 debug3: tty_make_modes: 60 1 debug3: tty_make_modes: 61 1 debug3: tty_make_modes: 62 0 debug3: tty_make_modes: 70 1 debug3: tty_make_modes: 71 0 debug3: tty_make_modes: 72 1 debug3: tty_make_modes: 73 0 debug3: tty_make_modes: 74 0 debug3: tty_make_modes: 75 0 debug3: tty_make_modes: 90 1 debug3: tty_make_modes: 91 1 debug3: tty_make_modes: 92 0 debug3: tty_make_modes: 93 0 debug2: channel 0: request shell confirm 0 debug2: fd 3 setting TCP_NODELAY debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel 0: rcvd adjust 131072 Last login: Thu Nov 27 21:55:13 2008 from 64.75.6.129 [orasymascp@sympscdb01 ~]$ Please help me out Thanks MSHERI |
Whoa, that's a lot of output:))
Check this out: http://www.linux.com/articles/34958: 1. run ssh-keygen 2. copy the public identity file to the other computer (it's a file with the extension pub, located in yout ~ or in ~/.ssh) 3. on the remote computer run Code:
cat identity-file.pub >> .ssh/authorized_keys By the way, you could use ssh-copy-id instead of steps 2 and 3. Cheers:) |
ssh
i tried that but still it is asking for the password
ssh-keygen -t dsa copied the pub file to remote machine scp id_dsa.pub sympscdb01.symmetricom.com:/u01/app/orasymascp cat id_dsa.pub >> .ssh/authorized_keys but still no luck |
Ok, that probably means you entered a non-empty passphrase when ssh-keygen prompted you which is a good thing. Now try this:
Code:
exec ssh-agent bash And then try connecting to the other computer. Keep us posted. Cheers:) |
ssh
Still no luck
[orasymascp@symdrdb01 .ssh]$ exec ssh-agent bash [orasymascp@symdrdb01 .ssh]$ ssh-add Identity added: /u01/app/orasymascp/.ssh/id_dsa (/u01/app/orasymascp/.ssh/id_dsa) [orasymascp@symdrdb01 .ssh]$ [orasymascp@symdrdb01 .ssh]$ ssh sympscdb01.symmetricom.com orasymascp@sympscdb01.symmetricom.com's password: |
I am too dumb to give up right now. Try
Code:
cat id_dsa.pub >> .ssh/authorized_keys2 |
still no luck
:scratch: |
I am baffled. What distribution are you using?
|
Red Hat Enterprise Linux ES release 4 (Nahant Update 4)
[root@symdrdb01 ~]# ssh -V OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 |
I just don't understand:))
You've done everything just the way it says here http://www.redhat.com/docs/manuals/l...nt-config.html Just for the hell of it try this: generate a new key pair, ssh-keygen -t rsa (and specify RSA as the type of key to create) copy the key to the remote system; cat id_rsa.pub > .ssh/authorized_keys Notice I said > not >> . Then try logging in. Good luck:) |
Also, I see you are using an old openssh version, (mine says
Code:
ssh -v If nothing works, consider upgrading to a newer version (2003 was a long time ago). Cheers:) |
ssh
hi
issue is with only particualr user for other user i am able to ssh without password Please help me , is there any issue with user permissions? |
Can you post current (abridged!) log output?
|
My WAG is you have StrictModes turned on for sshd (which RHEL does by default), and you've done something overly generous with home directory or .ssh subdirectory permissions.
Post the output of the following commands: $ ls -ld /home/<user_here> $ ls -ld /home/<user_here>/.ssh $ ls -l /home/<user_here>/.ssh BTW, a quick way to troubleshoot sshd issues is to tail /var/log/secure (on the sshd server). |
ssh
[orasymascp@symdrdb01 ~]$ ls -ld /u01/app/orasymascp
drwxrwxrwx 13 orasymascp dbasymascp 4096 Dec 9 19:34 /u01/app/orasymascp [orasymascp@symdrdb01 ~]$ ls -ld /u01/app/orasymascp/.ssh drwx------ 2 orasymascp dbasymascp 4096 Dec 9 16:06 /u01/app/orasymascp/.ssh [orasymascp@symdrdb01 ~]$ [orasymascp@symdrdb01 ~]$ ls -l /u01/app/orasymascp/.ssh total 8 -rw------- 1 orasymascp dbasymascp 247 Dec 9 15:52 authorized_keys -rw-r--r-- 1 orasymascp dbasymascp 468 Dec 9 15:54 known_hosts [orasymascp@symdrdb01 ~]$ |
All times are GMT -5. The time now is 07:49 PM. |