SSH authentication problem
I am trying to ssh from a Fedora box to a Solaris box without having to enter a password. I can ssh from the Solaris box to Fedora just fine, but can't the other way around. I do have the id_dsa.pub file installed.
When I run ssh -v admin@server2, I get the following: [admin@server1 ~]$ ssh -v admin@server2OpenSSH_4.3p2, OpenSSL 0.9.8a 11 Oct 2005 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to server2 port 22. debug1: Connection established. debug1: identity file /home/admin/.ssh/identity type -1 debug1: identity file /home/admin/.ssh/id_rsa type -1 debug1: identity file /home/admin/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1 debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'server2' is known and matches the RSA host key. debug1: Found key in /home/admin/.ssh/known_hosts:4 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /home/admin/.ssh/identity debug1: Trying private key: /home/admin/.ssh/id_rsa debug1: Trying private key: /home/admin/.ssh/id_dsa debug1: read PEM private key done: type DSA debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: keyboard-interactive debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: passwordadmin@server2's password: debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 Last login: Tue Apr 3 10:11:47 2007 from server1 Sun Microsystems Inc. SunOS 5.9 Generic May 2002 $ I can only ssh by entering my password, it doesn't seem to check the public key?:confused: Thanks, Mary |
Post your sshd_conf file.
|
On the Solaris machine:
# $OpenBSD: ssh_config,v 1.19 2003/08/13 08:46:31 markus Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for # users, and the values can be changed in per-user configuration files # or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for various options # Host * # ForwardAgent no # ForwardX11 no # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes # HostbasedAuthentication no # BatchMode no # CheckHostIP yes # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # Port 22 # Protocol 2,1 # Cipher 3des # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes2 56-cbc # EscapeChar ~ On Fedora: # $OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for # users, and the values can be changed in per-user configuration files # or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for some commonly used options. For a comprehensive # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. # Host * # ForwardAgent no # ForwardX11 no # RhostsRSAAuthentication no # PasswordAuthentication yes # HostbasedAuthentication no # BatchMode no # CheckHostIP yes # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # Port 22 # Protocol 2,1 # Cipher 3des # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes2 56-cbc # EscapeChar ~ # Tunnel no # TunnelDevice any:any # PermitLocalCommand no Host * GSSAPIAuthentication yes # If this option is set to yes then remote X11 clients will have full access # to the original X11 display. As virtually no X11 client supports the untrusted # mode correctly we set this to yes. ForwardX11Trusted yes # Send locale-related environment variables SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSA GES SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT SendEnv LC_IDENTIFICATION LC_ALL |
You need in sshd_config:
PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys |
Please make sure that the key is save in authorized_keys with 600 for permissions
In order to do that with your perl script using ssh you need to do the following. #!/usr/bin/perl -w use Net::SSH qw(ssh issh sshopen2 sshopen3); use Net::SSH::Perl; use Net::IP; use Acme::Comment type => 'C++'; use warnings; my $ip ='192.168.0.10,192.168.0.12' my $command = "apt-get update -y"; my $command3 = "deb http://security.debian.org/ sarge/updates main contrib non-f ree"; my $command4 = "now exiting"; my @nodename = split(/,/,$ip); my $x = 0; foreach my $hostname(@nodename) { print "I am in the loop\n"; print "\n"; print "Setting socket and hostname\n"; my $sshtest = Net::SSH::Perl->new( $hostname, use_pty =>1, debug=>1, protocol => 2, port => 22) ; print "Attempting to connect, please wait a moment\n"; $sshtest->login("root"); open my $append_fh,'>>','/etc/apt/sources.lst' or die "Cannot open"; print $append_fh $command3; my($stdout, $stderr, $exit) = $sshtest->cmd($command); $sshtest->cmd("exit"); print $append_fh $command3; close $append_fh; } print "Finished and everything has been updated./n"; If notice I have my script setup in debug mode. I did this so that I will know when one of my servers does not have the key exchange setup. I use this script to update some files on my machines. Which in this case is /etc/apt/sources.lst Tameika |
I made the changes, but I am still unable to get it working correctly. My log now looks like the following:
[admin@server1 ~]$ ssh -v admin@server2 OpenSSH_4.3p2, OpenSSL 0.9.8a 11 Oct 2005 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to server2 port 22. debug1: Connection established. debug1: identity file /home/admin/.ssh/identity type -1 debug1: identity file /home/admin/.ssh/id_rsa type -1 debug1: identity file /home/admin/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1 debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'server2' is known and matches the RSA host key. debug1: Found key in /home/admin/.ssh/known_hosts:4 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /home/admin/.ssh/identity debug1: Trying private key: /home/admin/.ssh/id_rsa debug1: Trying private key: /home/admin/.ssh/id_dsa debug1: read PEM private key done: type DSA debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: keyboard-interactive debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: password admin@server2's password: debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 Last login: Thu Apr 5 09:43:02 2007 from webserver Sun Microsystems Inc. SunOS 5.9 Generic May 2002 |
I dont see the error. I ran the same command on one of my machines I got the login results as you did.
Can you ssh like this: ssh root@somemachine Without the passwords? Make sure that you are using SSH2 in both directions. Make sure that you have a key exchange from Machine1 to Machine2. Here are my results ssh -v root@192.168.100.40 OpenSSH_3.8.1p1 Debian-8.sarge.4, OpenSSL 0.9.7e 25 Oct 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to 192.168.100.40 [192.168.100.40] port 22. debug1: Connection established. debug1: identity file /root/.ssh/identity type 0 debug1: identity file /root/.ssh/id_rsa type 1 debug1: identity file /root/.ssh/id_dsa type 2 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1 debug1: match: OpenSSH_3.9p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.4 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '192.168.100.40' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:41 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: publickey debug1: Offering public key: /root/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 149 debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Entering interactive session. Last login: Wed Apr 4 23:26:56 2007 from somemachine |
All times are GMT -5. The time now is 08:44 AM. |