Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: SSH Public key Authentication Issue
Operating Systems Linux Red Hat SSH Public key Authentication Issue Post 302480495 by maverick_here on Wednesday 15th of December 2010 05:46:45 AM
Old 12-15-2010
SSH Public key Authentication Issue
Hi All;

I have an issue with password less authentication via ssh ( v2)

I have two servers Server A and Server B, following are the server details


Code:
Server A 

OS - HP UX B.11.11 U 9000/800
SSH - OpenSSH_4.3p2-hpn, OpenSSL 0.9.7i 14 Oct 2005
HP-UX Secure Shell-A.04.30.000, HP-UX Secure Shell version


Server B 

OS - Red Hat Enterprise Linux AS release 4 (Nahant Update 3)
SSH -OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003

I have copied the public keys across both the servers and pasted them in authorized_keys file. Following are the things i have checked

a] .ssh -- direcotry permission is set to 700 on both boxes
b] authorized_keys file is 640 in terms of permission

The issue is I m able to connect to Server A from Server B as user xyz ( whose keys have been exchanged for paswordless auth) .When I try the same from Server B to Server A I fail and it prompts me for a password.

Following is the debug log

Code:
ssh -v ServerA
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to ServerA [xx.xx.xx.xx] port 22.
debug1: Connection established.
debug1: identity file /home/xyz/.ssh/identity type -1
debug1: identity file /home/xyz/.ssh/id_rsa type 1
debug1: identity file /home/xyz/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2-hpn
debug1: match: OpenSSH_4.3p2-hpn pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'uxcati02' is known and matches the RSA host key.
debug1: Found key in /home/xyz/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/xyz/.ssh/identity
debug1: Offering public key: /home/xyz/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/xyz/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:

Any ideas

Thanks
Syed
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

SSH Public key method

do we need root access for the remote server to ssh without a password(i.e by using id_rsa.pub method)??? (1 Reply)
Discussion started by: roshanjain2
1 Replies

2. UNIX for Advanced & Expert Users

SSH - Public key

When should one have to generate a public key on a Server when the public key is already created and used by other clients? Thanks, Rahul. (6 Replies)
Discussion started by: rahulrathod
6 Replies

3. Shell Programming and Scripting

Generate Public Key when the server is not ssh enabled

I am writing a script that needs to access various servers some of which are not ssh enabled. In order to access the ssh enabled servers I am using the following command to generate the public key : ssh-keygen -t rsa Is there a similar command for the other servers as well. If I try to use... (1 Reply)
Discussion started by: ravneet123
1 Replies

4. UNIX for Advanced & Expert Users

Generate Public key for non ssh enabled servers

I am writing a script that needs to access various servers some of which are not ssh enabled. In order to access the ssh enabled servers I am using the following command to generate the public key : ssh-keygen -t rsa Is there a similar command for the other servers as well. If I try to use... (1 Reply)
Discussion started by: ravneet123
1 Replies

5. AIX

ssh public key setup questions.

Hi all, I have N number of AIX hosts, where I need to login frequently and do some routine tasks (run some scripts). I need to setup ssh public/private key, so I can auto-login via a master (wrapper) script and run each script in each server. I am trying to setup/generate ssh keys, but am... (6 Replies)
Discussion started by: haroon_a
6 Replies

6. UNIX for Dummies Questions & Answers

Public Key Authentication over SSH and Sudo-ing Implementation

Hi, We are currently implementing an Identity Management application which has several Unix systems as its target system. A pre-defined connector will be installed to provide connection between the Identity Management application and the Unix target system. The connection will use Public Key... (1 Reply)
Discussion started by: tristanD
1 Replies

7. Solaris

Solaris 8 ssh public key authentication issue - Server refused our key

Hi, I've used the following way to set ssh public key authentication and it is working fine on Solaris 10, RedHat Linux and SuSE Linux servers without any problem. But I got error 'Server refused our key' on Solaris 8 system. Solaris 8 uses SSH2 too. Why? Please help. Thanks. ... (1 Reply)
Discussion started by: aixlover
1 Replies

8. UNIX for Dummies Questions & Answers

how to create a public/private key using ssh-keygen

Hi, please guide me create a public/private key using ssh-keygen, lets say I have been access to server named pngpcdb1with a userid and password ...!!! and also please explain in detail the concept of these keys and ssh as I was planning to use them in ftp related scripts..! Thanks in... (1 Reply)
Discussion started by: rahul125
1 Replies

9. UNIX for Advanced & Expert Users

SSH public key failing without error message

My password-free ssh connection has worked in the past but has stopped working and I can't get it going again. The files in .ssh on both source and target are set to 600: drwx------ 2 ingres 1024 Mar 2 13:57 . drwxr-xr-x 25 ingres 2048 Mar 29 09:38 .. -rw------- 1 ingres ... (9 Replies)
Discussion started by: Catullus
9 Replies

10. Shell Programming and Scripting

Public key issue

I generated a public key that we are using for ssh and sftp but I noticed that I am still being asked for a password when I run my script. is there something I need to put in my script? Our linux guy said he placed keys on both servers. (2 Replies)
Discussion started by: MJCreations
2 Replies

LEARN ABOUT DEBIAN

ka-forwarder

KA-FORWARDER(8) 					       AFS Command Reference						   KA-FORWARDER(8)

NAME

       ka-forwarder - Forward AFS Authentication Server requests to another server

SYNOPSIS

       ka-forwarder [-p <port>] <server>[/<port>] [...]

DESCRIPTION

       ka-forwarder listens for requests for an AFS Authentication Server and forwards them to a remove fakeka server.	fakeka is a server that
       answers AFS Authentication Server protocol requests using a regular Kerberos KDC and is provided with some Kerberos 5 implementations.
       fakeka has to run on the same host as the Kerberos KDC, however, and AFS clients send all native AFS authentication requests to the AFS
       database servers.  If you don't want to run your Kerberos KDCs and your AFS database servers on the same host, run ka-forwarder on the AFS
       database servers and point it to fakeka running on the Kerberos KDCs.

       ka-forwarder takes one or more servers to which to forward the requests.  The default port on the remote server to which to forward the
       command is 7004, but a different port can be specified by following the server name with a slash ("/") and the port number.  If multiple
       servers are given, ka-forwarder will send queries to each server in turn in a round-robin fashion.

CAUTIONS

       Due to the way that ka-forwarder distinguishes from client requests and server responses, any messages from one of the servers to which ka-
       forwarder is forwarding will be considered a reply rather than a command and will not be forwarded.  This means that the servers running
       fakeka will not be able to use native AFS authentication requests and rely on ka-forwarder to send the requests to the right server.

       ka-forwarder does not background itself.  It should either be run in the background via the shell, or run via the Basic OverSeer Server
       (see bosserver(8)).

OPTIONS

       -p <port>
	   By default, ka-forwarder listens to the standard AFS Authentication Server port (7004).  To listen to a different port, specify it with
	   the -p option.

EXAMPLES

       Forward AFS Authentication Server requests to the fakeka servers on kdc1.example.com and kdc2.example.com:

	   % ka-forwarder kdc1.example.com kdc2.example.com &

       Note the "&" to tell the shell to run this command in the background.

PRIVILEGE REQUIRED

       ka-forwarder only has to listen to port 7004 and therefore does not require any special privileges unless a privileged port is specified
       with the -p option.

SEE ALSO

       bosserver(8), fakeka(8), kaserver(8)

COPYRIGHT

       Copyright 2006 Russ Allbery <rra@stanford.edu>

       This documentation is covered by the IBM Public License Version 1.0.  This man page was written by Russ Allbery for OpenAFS.

OpenAFS 							    2012-03-26							   KA-FORWARDER(8)
All times are GMT -4. The time now is 07:15 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy