| LinuxAnswers Discussion This forum is to discuss articles posted to LinuxAnswers. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
|
12-15-2003, 09:09 PM
|
#1
|
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep: 
|
DISCUSSION: Public key authentication with ssh
This thread is to discuss the article titled: Public key authentication with ssh |
|
|
|
|
12-22-2003, 01:06 AM
|
#2
|
|
Member
Registered: Mar 2003
Location: Rockford, Illinois
Distribution: Slackware Debian
Posts: 86
Rep:
|
I followed the instructions and I still get prompted for a password.
Code:
pcurry@lisacomp:~/.ssh$ ssh -vv teacup
OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10, SSH protocols 1.5/2.0, OpenSSL 0x0090703f
debug1: Reading configuration data /home/pcurry/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug2: ssh_connect: needpriv 0
debug1: Connecting to teacup [192.168.0.2] port 22.
debug1: Connection established.
debug1: identity file /home/pcurry/.ssh/identity type -1
debug1: identity file /home/pcurry/.ssh/id_rsa type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/pcurry/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.7.1p2
debug1: match: OpenSSH_3.7.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 124/256
debug2: bits set: 1582/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'teacup' is known and matches the RSA host key.
debug1: Found key in /home/pcurry/.ssh/known_hosts:2
debug2: bits set: 1539/3191
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/pcurry/.ssh/identity
debug1: Trying private key: /home/pcurry/.ssh/id_rsa
debug1: Offering public key: /home/pcurry/.ssh/id_dsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
pcurry@teacup's password:
Code:
]Check that "~/.ssh/authorized_keys" exists on the server and contains a line the same as "~/.ssh/id_dsa.pub" on the client.
They are the same.
I can ssh without a password from slackware to debian, but I cannot do it from debian to slackware.
Last edited by XavierP; 09-06-2006 at 03:08 PM.
|
|
|
|
|
01-22-2004, 02:10 AM
|
#3
|
|
Member
Registered: Dec 2002
Location: CA,USA
Distribution: RHCE in training :)
Posts: 57
Rep:
|
Thank you for the tutorial. I found it extremely useful.
|
|
|
|
|
06-10-2004, 01:17 AM
|
#4
|
|
LQ Newbie
Registered: Jun 2004
Posts: 19
Rep: 
|
A ssh login to B, it was successful.
B ssh login to A, secure connection refused.
By allowing/enabling port 22, what else could be blocking the SSH login?
Last edited by yoowin; 06-15-2004 at 02:38 AM.
|
|
|
|
|
06-19-2004, 04:22 PM
|
#5
|
|
Member
Registered: Dec 2003
Location: munich
Distribution: Fedora Core 4
Posts: 141
Rep:
|
i have the same problem as yoowlin,
from fedora to debian i can login without a password, but from debian to fedora it ask for pasrword... my ssh --v host ist the same as the one posted here...
thanks
leg
|
|
|
|
|
06-22-2004, 01:31 AM
|
#7
|
|
Member
Registered: Dec 2003
Location: munich
Distribution: Fedora Core 4
Posts: 141
Rep:
|
now i have solve the problem. i jusst used rsa and renamed the file ~/.ssh/id_rsa.pub (or ~/.ssh/id_dsa.pub) in ~/.ssh/identity.pub and the file ~/.ssh/id_rsa in ~/.ssh/identity
now it works...
what is the difference between rsa and dsa? is dsa more secure?
thankx a lot for the discussion,
leg
|
|
|
|
|
07-07-2004, 09:18 AM
|
#8
|
|
LQ Newbie
Registered: Apr 2004
Location: miami, fl
Distribution: mac os x, suse pro & sbs 2000
Posts: 24
Rep:
|
i am also having similar issue
I am using ssh from my ibook to connect to my Fedora 2 box on my home network. i am able to connect using the password but i cant get the keys to work. i having been trying to get this to work for more than 4 or 5 days now. Any help would be greatly appreciated. I would really like to get this working please help.
jason
|
|
|
|
|
09-30-2004, 12:19 AM
|
#9
|
|
LQ Newbie
Registered: Sep 2004
Location: Texas
Distribution: Mandrake, Debian
Posts: 1
Rep:
|
found a solution?
I had to do this for a class project. I found this information extreemly infomrative, and helpful, thanks!
I had the same problem trying to get mine to work. I did a chmod on the server: <chmod 600 authorized_keys>
and then it started working. no password required!
hope this helps.
P.S. This was a debian to debian connection following the steps outlined in the guide.
|
|
|
|
|
01-08-2005, 03:24 PM
|
#10
|
|
Member
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736
Rep:
|
I'm trying to use Putty on Windows to access my remote machines. How can I get this working? How can I present my public key (on Windows) to the remote server so it can check the key? I've been reading elsewhere how people are using the private key under the "Auth" section of Putty, but mine's not working. The screen blanks out before I can see what the error was.
|
|
|
|
|
01-08-2005, 03:53 PM
|
#11
|
|
Member
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736
Rep:
|
Nevermind... I got it. All I had to do was open the private key in PuttyGen and save it in Putty's own format. After that, it worked fine.
|
|
|
|
|
02-22-2005, 02:28 AM
|
#12
|
|
Member
Registered: Jun 2004
Location: San Francisco
Distribution: Slackware, Ubuntu, RHEL, OS X
Posts: 159
Rep:
|
thanks gointomexico,
That is exactly what I needed.
david_ross,
Maybe this should be added to the article, I think the problem would only occur when the authorized_keys file has NOT been created automatically (as in FC3) Apparently if it is world readable then there can be no connection (though no usable error data is generated which is a pain in the ass). So just for safety sake you could tell everyone to chmod 600 their authorized_keys file.
|
|
|
|
|
03-17-2005, 11:54 AM
|
#13
|
|
LQ Newbie
Registered: Feb 2005
Posts: 1
Rep:
|
For those who are still having problems: make sure that not only your "authorized_keys"/"authorized_keys2" files are not readable to world, but also that entire ".ssh" directory is not world-readable:
chmod 700 ~/.ssh
chmod 700 ~/.ssh/authorized_keys
|
|
|
|
|
04-20-2005, 04:13 AM
|
#14
|
|
LQ Newbie
Registered: Jul 2003
Posts: 22
Rep:
|
puttygen problem
pls. help.
I'm having problem with puttygen. Everytime i tried to login my Linux box is still asking me for my password. Here's what i did
1. Generated a public key from puttygen. I used ssh v2
2. Saved the private and public key in my Win2k desktop.
3. Copied the public key to my $HOME/.ssh/authorized_keys2 directory
4. Added the private key to puttgen for remote connection.
what else did i forget?
|
|
|
|
|
06-21-2005, 09:19 AM
|
#15
|
|
Member
Registered: Oct 2003
Posts: 48
Rep:
|
I'm still not able to connect without a password.
Here is my debug notes when I run -vv
Code:
[trichard@testserv110 trichard]$ ssh -vv trichard@ftpserv111
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug2: ssh_connect: needpriv 0
debug1: Connecting to ftpserv111 [192.168.0.111] port 22.
debug1: Connection established.
debug1: identity file /home/trichard/.ssh/identity type -1
debug1: identity file /home/trichard/.ssh/id_rsa type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/trichard/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 127/256
debug2: bits set: 1623/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ftpserv111' is known and matches the RSA host key.
debug1: Found key in /home/trichard/.ssh/known_hosts:1
debug2: bits set: 1592/3191
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/trichard/.ssh/identity
debug1: Trying private key: /home/trichard/.ssh/id_rsa
debug1: Offering public key: /home/trichard/.ssh/id_dsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
trichard@ftpserv111's password:
I have checked and the ~/.ssh/authorized_keys" exists on the server and contains a line the same as "~/.ssh/id_dsa.pub"
Any one know how to solve this,
Thanks
Troy
Last edited by XavierP; 09-06-2006 at 03:09 PM.
|
|
|
|
All times are GMT -5. The time now is 10:10 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
