Sponsored Content
Operating Systems Linux Red Hat SSH Public key Authentication Issue Post 302480495 by maverick_here on Wednesday 15th of December 2010 05:46:45 AM
Old 12-15-2010
SSH Public key Authentication Issue

Hi All;

I have an issue with password less authentication via ssh ( v2)

I have two servers Server A and Server B, following are the server details


Code:
Server A 

OS - HP UX B.11.11 U 9000/800
SSH - OpenSSH_4.3p2-hpn, OpenSSL 0.9.7i 14 Oct 2005
HP-UX Secure Shell-A.04.30.000, HP-UX Secure Shell version


Server B 

OS - Red Hat Enterprise Linux AS release 4 (Nahant Update 3)
SSH -OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003

I have copied the public keys across both the servers and pasted them in authorized_keys file. Following are the things i have checked

a] .ssh -- direcotry permission is set to 700 on both boxes
b] authorized_keys file is 640 in terms of permission

The issue is I m able to connect to Server A from Server B as user xyz ( whose keys have been exchanged for paswordless auth) .When I try the same from Server B to Server A I fail and it prompts me for a password.

Following is the debug log

Code:
ssh -v ServerA
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to ServerA [xx.xx.xx.xx] port 22.
debug1: Connection established.
debug1: identity file /home/xyz/.ssh/identity type -1
debug1: identity file /home/xyz/.ssh/id_rsa type 1
debug1: identity file /home/xyz/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2-hpn
debug1: match: OpenSSH_4.3p2-hpn pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'uxcati02' is known and matches the RSA host key.
debug1: Found key in /home/xyz/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/xyz/.ssh/identity
debug1: Offering public key: /home/xyz/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/xyz/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:

Any ideas

Thanks
Syed
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

SSH Public key method

do we need root access for the remote server to ssh without a password(i.e by using id_rsa.pub method)??? (1 Reply)
Discussion started by: roshanjain2
1 Replies

2. UNIX for Advanced & Expert Users

SSH - Public key

When should one have to generate a public key on a Server when the public key is already created and used by other clients? Thanks, Rahul. (6 Replies)
Discussion started by: rahulrathod
6 Replies

3. Shell Programming and Scripting

Generate Public Key when the server is not ssh enabled

I am writing a script that needs to access various servers some of which are not ssh enabled. In order to access the ssh enabled servers I am using the following command to generate the public key : ssh-keygen -t rsa Is there a similar command for the other servers as well. If I try to use... (1 Reply)
Discussion started by: ravneet123
1 Replies

4. UNIX for Advanced & Expert Users

Generate Public key for non ssh enabled servers

I am writing a script that needs to access various servers some of which are not ssh enabled. In order to access the ssh enabled servers I am using the following command to generate the public key : ssh-keygen -t rsa Is there a similar command for the other servers as well. If I try to use... (1 Reply)
Discussion started by: ravneet123
1 Replies

5. AIX

ssh public key setup questions.

Hi all, I have N number of AIX hosts, where I need to login frequently and do some routine tasks (run some scripts). I need to setup ssh public/private key, so I can auto-login via a master (wrapper) script and run each script in each server. I am trying to setup/generate ssh keys, but am... (6 Replies)
Discussion started by: haroon_a
6 Replies

6. UNIX for Dummies Questions & Answers

Public Key Authentication over SSH and Sudo-ing Implementation

Hi, We are currently implementing an Identity Management application which has several Unix systems as its target system. A pre-defined connector will be installed to provide connection between the Identity Management application and the Unix target system. The connection will use Public Key... (1 Reply)
Discussion started by: tristanD
1 Replies

7. Solaris

Solaris 8 ssh public key authentication issue - Server refused our key

Hi, I've used the following way to set ssh public key authentication and it is working fine on Solaris 10, RedHat Linux and SuSE Linux servers without any problem. But I got error 'Server refused our key' on Solaris 8 system. Solaris 8 uses SSH2 too. Why? Please help. Thanks. ... (1 Reply)
Discussion started by: aixlover
1 Replies

8. UNIX for Dummies Questions & Answers

how to create a public/private key using ssh-keygen

Hi, please guide me create a public/private key using ssh-keygen, lets say I have been access to server named pngpcdb1with a userid and password ...!!! and also please explain in detail the concept of these keys and ssh as I was planning to use them in ftp related scripts..! Thanks in... (1 Reply)
Discussion started by: rahul125
1 Replies

9. UNIX for Advanced & Expert Users

SSH public key failing without error message

My password-free ssh connection has worked in the past but has stopped working and I can't get it going again. The files in .ssh on both source and target are set to 600: drwx------ 2 ingres 1024 Mar 2 13:57 . drwxr-xr-x 25 ingres 2048 Mar 29 09:38 .. -rw------- 1 ingres ... (9 Replies)
Discussion started by: Catullus
9 Replies

10. Shell Programming and Scripting

Public key issue

I generated a public key that we are using for ssh and sftp but I noticed that I am still being asked for a password when I run my script. is there something I need to put in my script? Our linux guy said he placed keys on both servers. (2 Replies)
Discussion started by: MJCreations
2 Replies
SSH-ADD(1)						    BSD General Commands Manual 						SSH-ADD(1)

NAME
ssh-add -- adds RSA or DSA identities to the authentication agent SYNOPSIS
ssh-add [-lLdDxX] [-t life] [file ...] ssh-add -s reader ssh-add -e reader DESCRIPTION
ssh-add adds RSA or DSA identities to the authentication agent, ssh-agent(1). When run without arguments, it adds the files $HOME/.ssh/id_rsa, $HOME/.ssh/id_dsa and $HOME/.ssh/identity. Alternative file names can be given on the command line. If any file requires a passphrase, ssh-add asks for the passphrase from the user. The passphrase is read from the user's tty. ssh-add retries the last passphrase if multiple identity files are given. The authentication agent must be running and must be an ancestor of the current process for ssh-add to work. The options are as follows: -l Lists fingerprints of all identities currently represented by the agent. -L Lists public key parameters of all identities currently represented by the agent. -d Instead of adding the identity, removes the identity from the agent. -D Deletes all identities from the agent. -x Lock the agent with a password. -X Unlock the agent. -t life Set a maximum lifetime when adding identities to an agent. The lifetime may be specified in seconds or in a time format specified in sshd(8). -s reader Add key in smartcard reader. -e reader Remove key in smartcard reader. FILES
$HOME/.ssh/identity Contains the protocol version 1 RSA authentication identity of the user. $HOME/.ssh/id_dsa Contains the protocol version 2 DSA authentication identity of the user. $HOME/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. Identity files should not be readable by anyone but the user. Note that ssh-add ignores identity files if they are accessible by others. ENVIRONMENT
DISPLAY and SSH_ASKPASS If ssh-add needs a passphrase, it will read the passphrase from the current terminal if it was run from a terminal. If ssh-add does not have a terminal associated with it but DISPLAY and SSH_ASKPASS are set, it will execute the program specified by SSH_ASKPASS and open an X11 window to read the passphrase. This is particularly useful when calling ssh-add from a .Xsession or related script. (Note that on some machines it may be necessary to redirect the input from /dev/null to make this work.) SSH_AUTH_SOCK Identifies the path of a unix-domain socket used to communicate with the agent. DIAGNOSTICS
Exit status is 0 on success, 1 if the specified command fails, and 2 if ssh-add is unable to contact the authentication agent. AUTHORS
OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt and Dug Song removed many bugs, re-added newer features and created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. SEE ALSO
ssh(1), ssh-agent(1), ssh-keygen(1), sshd(8) BSD
September 25, 1999 BSD
All times are GMT -4. The time now is 05:40 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy