Sponsored Content
Operating Systems Linux Red Hat SSH Public key Authentication Issue Post 302480495 by maverick_here on Wednesday 15th of December 2010 05:46:45 AM
Old 12-15-2010
SSH Public key Authentication Issue

Hi All;

I have an issue with password less authentication via ssh ( v2)

I have two servers Server A and Server B, following are the server details


Code:
Server A 

OS - HP UX B.11.11 U 9000/800
SSH - OpenSSH_4.3p2-hpn, OpenSSL 0.9.7i 14 Oct 2005
HP-UX Secure Shell-A.04.30.000, HP-UX Secure Shell version


Server B 

OS - Red Hat Enterprise Linux AS release 4 (Nahant Update 3)
SSH -OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003

I have copied the public keys across both the servers and pasted them in authorized_keys file. Following are the things i have checked

a] .ssh -- direcotry permission is set to 700 on both boxes
b] authorized_keys file is 640 in terms of permission

The issue is I m able to connect to Server A from Server B as user xyz ( whose keys have been exchanged for paswordless auth) .When I try the same from Server B to Server A I fail and it prompts me for a password.

Following is the debug log

Code:
ssh -v ServerA
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to ServerA [xx.xx.xx.xx] port 22.
debug1: Connection established.
debug1: identity file /home/xyz/.ssh/identity type -1
debug1: identity file /home/xyz/.ssh/id_rsa type 1
debug1: identity file /home/xyz/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2-hpn
debug1: match: OpenSSH_4.3p2-hpn pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'uxcati02' is known and matches the RSA host key.
debug1: Found key in /home/xyz/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/xyz/.ssh/identity
debug1: Offering public key: /home/xyz/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/xyz/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:

Any ideas

Thanks
Syed
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

SSH Public key method

do we need root access for the remote server to ssh without a password(i.e by using id_rsa.pub method)??? (1 Reply)
Discussion started by: roshanjain2
1 Replies

2. UNIX for Advanced & Expert Users

SSH - Public key

When should one have to generate a public key on a Server when the public key is already created and used by other clients? Thanks, Rahul. (6 Replies)
Discussion started by: rahulrathod
6 Replies

3. Shell Programming and Scripting

Generate Public Key when the server is not ssh enabled

I am writing a script that needs to access various servers some of which are not ssh enabled. In order to access the ssh enabled servers I am using the following command to generate the public key : ssh-keygen -t rsa Is there a similar command for the other servers as well. If I try to use... (1 Reply)
Discussion started by: ravneet123
1 Replies

4. UNIX for Advanced & Expert Users

Generate Public key for non ssh enabled servers

I am writing a script that needs to access various servers some of which are not ssh enabled. In order to access the ssh enabled servers I am using the following command to generate the public key : ssh-keygen -t rsa Is there a similar command for the other servers as well. If I try to use... (1 Reply)
Discussion started by: ravneet123
1 Replies

5. AIX

ssh public key setup questions.

Hi all, I have N number of AIX hosts, where I need to login frequently and do some routine tasks (run some scripts). I need to setup ssh public/private key, so I can auto-login via a master (wrapper) script and run each script in each server. I am trying to setup/generate ssh keys, but am... (6 Replies)
Discussion started by: haroon_a
6 Replies

6. UNIX for Dummies Questions & Answers

Public Key Authentication over SSH and Sudo-ing Implementation

Hi, We are currently implementing an Identity Management application which has several Unix systems as its target system. A pre-defined connector will be installed to provide connection between the Identity Management application and the Unix target system. The connection will use Public Key... (1 Reply)
Discussion started by: tristanD
1 Replies

7. Solaris

Solaris 8 ssh public key authentication issue - Server refused our key

Hi, I've used the following way to set ssh public key authentication and it is working fine on Solaris 10, RedHat Linux and SuSE Linux servers without any problem. But I got error 'Server refused our key' on Solaris 8 system. Solaris 8 uses SSH2 too. Why? Please help. Thanks. ... (1 Reply)
Discussion started by: aixlover
1 Replies

8. UNIX for Dummies Questions & Answers

how to create a public/private key using ssh-keygen

Hi, please guide me create a public/private key using ssh-keygen, lets say I have been access to server named pngpcdb1with a userid and password ...!!! and also please explain in detail the concept of these keys and ssh as I was planning to use them in ftp related scripts..! Thanks in... (1 Reply)
Discussion started by: rahul125
1 Replies

9. UNIX for Advanced & Expert Users

SSH public key failing without error message

My password-free ssh connection has worked in the past but has stopped working and I can't get it going again. The files in .ssh on both source and target are set to 600: drwx------ 2 ingres 1024 Mar 2 13:57 . drwxr-xr-x 25 ingres 2048 Mar 29 09:38 .. -rw------- 1 ingres ... (9 Replies)
Discussion started by: Catullus
9 Replies

10. Shell Programming and Scripting

Public key issue

I generated a public key that we are using for ssh and sftp but I noticed that I am still being asked for a password when I run my script. is there something I need to put in my script? Our linux guy said he placed keys on both servers. (2 Replies)
Discussion started by: MJCreations
2 Replies
KAS_STATISTICS(8)					       AFS Command Reference						 KAS_STATISTICS(8)

NAME
kas_statistics - Displays statistics from an Authentication Server process SYNOPSIS
kas statistics [-admin_username <admin principal to use for authentication>] [-password_for_admin <admin password>] [-cell <cell name>] [-servers <explicit list of authentication servers>+] [-noauth] [-help] kas sta [-a <admin principal to use for authentication>] [-p <admin password>] [-c <cell name>] [-s <explicit list of authentication servers>+] [-n] [-h] DESCRIPTION
The kas statistics command displays statistics from the Authentication Server running on one of the cell's database server machines. Use the -servers argument to name a specific machine, or the command interpreter chooses one at random from all the database server machines with which it has established connections. CAUTIONS
The -servers argument is not available in interactive mode, making it impossible to specify a certain machine. OPTIONS
-admin_username <admin principal> Specifies the user identity under which to authenticate with the Authentication Server for execution of the command. For more details, see kas(8). -password_for_admin <admin password> Specifies the password of the command's issuer. If it is omitted (as recommended), the kas command interpreter prompts for it and does not echo it visibly. For more details, see kas(8). -cell <cell name> Names the cell in which to run the command. For more details, see kas(8). -servers <authentication servers>+ Names each machine running an Authentication Server with which to establish a connection. For more details, see kas(8). -noauth Assigns the unprivileged identity "anonymous" to the issuer. For more details, see kas(8). -help Prints the online help for this command. All other valid options are ignored. OUTPUT
The information in the output includes: o The number of allocation and freeing operations the Authentication Server has performed, and how many password change requests it has processed. o An indication of its hash table use. o The server machine's IP address in hexadecimal and the date when the current instance of the Authentication Server started. o The number of requests and aborted requests for various services: authentication, ticket granting, password setting, entry listing, and so on. o The amount of CPU time that the Authentication Server has used to process requests since it started. The amount is not accurate on all system types, however. o The number of entries in the Authentication Database that are marked with the "ADMIN" flag. EXAMPLES
In the following example, an administrator using the admin account gathers statistics from the Authentication Server running on the machine "fs1.abc.com". % kas statistics -servers fs1.abc.com 56 allocs, 46 frees, 0 password changes Hash table utilization = 0.100000% From host bfff21a7 started at Tue Mar 23 12:42:02 1999: of 88 requests for Authenticate, 18 were aborted. of 14 requests for GetTicket, 0 were aborted. of 4 requests for CreateUser, 1 were aborted. of 12 requests for SetFields, 4 were aborted. of 3 requests for DeleteUser, 0 were aborted. of 23 requests for GetEntry, 4 were aborted. of 18 requests for ListEntry, 0 were aborted. of 2 requests for GetStats, 1 were aborted. of 2 requests for GetRandomKey, 0 were aborted. Used 6.015 seconds of CPU time. 3 admin accounts PRIVILEGE REQUIRED
The issuer must have the "ADMIN" flag set on his or her Authentication Database entry. SEE ALSO
kas(8) COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved. This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. OpenAFS 2012-03-26 KAS_STATISTICS(8)
All times are GMT -4. The time now is 04:01 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy