Greetings,

I am having an issue with public-key generation between two machines.

Setup:

Machine A: ssh -V returns: ssh: SSH Secure Shell 3.2.5 (non-commercial version) on rs6000-ibm-aix4.3.2.0

Machine B: ssh -V returns: OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
machine B is running RH 9.0.

I wish to login to machine A from machine B w/o having to enter a password or pass-phrase.

I have created a key on Machine B via: ssh-keygen -t dsa and left the pass-phrase empty (i know this is not the highest of security, but I still want to figure out the problem here). The output from this is two files: id_dsa.pub & id_dsa . Now, I have copied and pasted the contents of id_dsa.pub into $HOME/.ssh on Machine A (into file: authorized_keys) and did a chmod 600 of that file.

Now when I am on Machine B: and I type ssh machine_A, I am STILL prompted for the password.

I tried looking a little deeper by typing: ssh -v -v machine_A I get:

$ ssh -v Machine A
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to Machine A [XXX.XXX.XX.XXX] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type -1
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: identity file /home/user/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version 3.2.5 SSH Secure Shell (non-commercial)
debug1: no match: 3.2.5 SSH Secure Shell (non-commercial)
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: dh_gen_key: priv key bits set: 130/256
debug1: bits set: 531/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'Machine A' is known and matches the DSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:3
debug1: bits set: 510/1024
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password
debug1: next auth method to try is publickey
debug1: try privkey: /home/user/.ssh/identity
debug1: try pubkey: /home/user/.ssh/id_rsa
debug1: authentications that can continue: publickey,password
debug1: try pubkey: /home/user/.ssh/id_dsa
debug1: authentications that can continue: publickey,password
debug1: next auth method to try is password
user@machine_A's password:


Does anyone know why I am not just logged in automatically???

Thanks,

zepplin611

I have written a LinuxAnswer on this - it may be worth a look:
http://www.linuxquestions.org/questions/answers.php

You are likely to get slightly better debug info with:
ssh -vvv

david,

Thanks for the link, but I had already looked at this and I am still having troubles.

here is the output from ssh -v -v

OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to supere [XXX.XXX.XX.XXX] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type -1
debug1: identity file /home/user/.ssh/id_rsa type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/user/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version 3.2.5 SSH Secure Shell (non-commercial)
debug1: no match: 3.2.5 SSH Secure Shell (non-commercial)
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,twofish128-cbc,cast128-cbc,twofish-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc,arcfour
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,twofish128-cbc,cast128-cbc,twofish-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc,arcfour
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: dh_gen_key: priv key bits set: 129/256
debug1: bits set: 523/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'Machine A' is known and matches the DSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:3
debug1: bits set: 538/1024
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password
debug1: next auth method to try is publickey
debug1: try privkey: /home/user/.ssh/identity
debug1: try privkey: /home/user/.ssh/id_rsa
debug1: try pubkey: /home/user/.ssh/id_dsa
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug1: next auth method to try is password
user@Machine A's password:

I looked into /etc/ssh2/sshd2_config and made sure that PublicKey authent was allowed (uncommented:
AllowedAuthentications publickey,password)


Can you decipher what is up?


Thanks a bunch for your time with this....
Zepplin611

It just looks like the key is being rejected. Did you use scp as I mentioned in the LinuxAnswer? This eliminate a common problem of copying line breaks when you copy and paste.

thanks for the help david...i found the issue.

I needed a $HOME/.ssh2/authorization file which lists the key used in the same directory...

all fixed!

I faced nearly the same problem with you,when I tried to setup my ssh for working for MPICH.

can you paste the content of the file authorization?

another question is why do you change your work directory to $HOME/.ssh2 ?
I noticed that you do all of things above in the directory of $HOME/.ssh.

any of your information will be very helpful for me.