LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
 
Search this Thread
Old 07-08-2013, 02:49 AM   #1
geeth4sg
LQ Newbie
 
Registered: Feb 2008
Posts: 12

Rep: Reputation: 0
ssh problem


I am getting ssh error, below is the log of ssh

ebug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: degas-engineering/us-east/degas-engineering
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering public key: servertestingkey
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering public key: newgitserver
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering public key: herble
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering public key: server13
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering public key: server13s
Received disconnect from 54.224.79.75: 2: Too many authentication failures for root


Regards,
Sg..
 
Old 07-08-2013, 03:04 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,416

Rep: Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970
You've not really said what your specific problem is here, but presumably it's because you're not getting a password prompt? You have a lot of private keys there and it basically looks like you're not managing them effectively. Conventionally you'd only use a single key for each client machine, so only have one key to offer, and then fall back to a password. from the names of the keys, i'm guessing you'rem adding all keys to all machines, so really your first plan of action is really to understand the architecture behind preshard keys properly, and then to remove all but one of the keys, possibly even deleting all of them on all servers and creating a new si gle one on a per machine basis.

Last edited by acid_kewpie; 07-08-2013 at 03:13 AM.
 
Old 07-08-2013, 04:18 AM   #3
geeth4sg
LQ Newbie
 
Registered: Feb 2008
Posts: 12

Original Poster
Rep: Reputation: 0
Chris,

Thanks for your suggestions.

I've configured ssh without password where servers are in ec2.

The below options are enabled in my client ssh .

/etc/ssh/ssh_config

IdentityFile /root/degas-engineering/us-east/degas-engineering


/etc/profile.d/ssh-agent.sh

SSHAGENT=/usr/bin/ssh-agent
SSHAGENTARGS="-s"
SSH_ENV="/root/.ssh/environment"

# start the ssh-agent
function start_agent {
#echo "Initializing new SSH agent..."
# spawn ssh-agent
ssh-agent | sed 's/^echo/#echo/' > "$SSH_ENV"
echo succeeded
chmod 600 "$SSH_ENV"
. "$SSH_ENV" > /dev/null
ssh-add
}


# Source SSH settings, if applicable

if [ -f "${SSH_ENV}" ]; then
. "${SSH_ENV}" > /dev/null
#ps ${SSH_AGENT_PID} doesn't work under cywgin
ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
start_agent;
}
else
start_agent;
fi

Server side:

/etc/ssh_config

StrictHostKeyChecking no

/etc/sshd_config

PasswordAuthentication no


I could login the another server with this key which is slackware 13.7.

I trying this for slack 14 64 bit.

Regards,
sg,,
 
Old 07-08-2013, 04:31 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,416

Rep: Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970
yoru distribution of choice is irrlevant, SSH *MUST* work the same on any system.

are all your keys in /root/degas-engineering/us-east/degas-engineering then?
 
Old 07-08-2013, 07:23 AM   #5
geeth4sg
LQ Newbie
 
Registered: Feb 2008
Posts: 12

Original Poster
Rep: Reputation: 0
Thanks for the reply...

In the below path have only one key ie : degas-engineering

/root/degas-engineering/us-east/degas-engineering
 
Old 07-08-2013, 07:35 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,416

Rep: Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970
well that's not a key, that's a file that could contain multiple keys. Add a few more -v's to the ssh command and I think it'll say which file each key is coming from.
 
Old 07-09-2013, 12:31 AM   #7
geeth4sg
LQ Newbie
 
Registered: Feb 2008
Posts: 12

Original Poster
Rep: Reputation: 0
this is the key Chris.. I could login another using this key.

Please find the below log..

debug1: identity file /root/degas-engineering/us-east/degas-engineering type 1
debug1: identity file /root/degas-engineering/us-east/degas-engineering-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5
debug1: match: OpenSSH_5.5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ec2-23-20-202-10.compute-1.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:82
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: degas-engineering/us-east/degas-engineering
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
Last login: Mon Jul 8 09:13:18 2013 from 1.22.214.66
Linux 2.6.34.
root@system:~#
 
Old 07-09-2013, 06:18 AM   #8
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,416

Rep: Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970
sure, but that's the first one offered in the original output too, so if all you want is for that key to be accepted, you should just need to add it to the authorized_hosts on the remote end. As I originally stated, it really isn't clear what you perceive the issue to be here, or rather, what you expect "working" to look like.

Last edited by acid_kewpie; 07-09-2013 at 06:19 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Chroot SSH problem: ssh working, not SFTP & SCP. NaCo Linux - Security 3 02-01-2009 02:23 AM
ssh-agent, ssh-add and ssh-keygen AND CVS raylpc Linux - General 2 11-19-2008 02:50 AM
SSH problem - ssh-add not respond FerkoPica Linux - Security 6 05-07-2006 03:47 PM
ssh problem after creating an ssh alias. porotothorpe Linux - General 2 01-25-2006 07:56 PM


All times are GMT -5. The time now is 04:08 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration