SSH Public key Authentication Issue Post: 302480495

Sponsored Content

Operating Systems Linux Red Hat SSH Public key Authentication Issue Post 302480495 by maverick_here on Wednesday 15th of December 2010 05:46:45 AM

12-15-2010

Registered User

SSH Public key Authentication Issue

Hi All;

I have an issue with password less authentication via ssh ( v2)

I have two servers Server A and Server B, following are the server details

Code:

Server A 

OS - HP UX B.11.11 U 9000/800
SSH - OpenSSH_4.3p2-hpn, OpenSSL 0.9.7i 14 Oct 2005
HP-UX Secure Shell-A.04.30.000, HP-UX Secure Shell version


Server B 

OS - Red Hat Enterprise Linux AS release 4 (Nahant Update 3)
SSH -OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003

I have copied the public keys across both the servers and pasted them in authorized_keys file. Following are the things i have checked

a] .ssh -- direcotry permission is set to 700 on both boxes
b] authorized_keys file is 640 in terms of permission

The issue is I m able to connect to Server A from Server B as user xyz ( whose keys have been exchanged for paswordless auth) .When I try the same from Server B to Server A I fail and it prompts me for a password.

Following is the debug log

Code:

ssh -v ServerA
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to ServerA [xx.xx.xx.xx] port 22.
debug1: Connection established.
debug1: identity file /home/xyz/.ssh/identity type -1
debug1: identity file /home/xyz/.ssh/id_rsa type 1
debug1: identity file /home/xyz/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2-hpn
debug1: match: OpenSSH_4.3p2-hpn pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'uxcati02' is known and matches the RSA host key.
debug1: Found key in /home/xyz/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/xyz/.ssh/identity
debug1: Offering public key: /home/xyz/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/xyz/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:

Any ideas

Thanks
Syed

maverick_here

View Public Profile for maverick_here

Find all posts by maverick_here

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

SSH Public key method

do we need root access for the remote server to ssh without a password(i.e by using id_rsa.pub method)???

2. UNIX for Advanced & Expert Users

SSH - Public key

When should one have to generate a public key on a Server when the public key is already created and used by other clients? Thanks, Rahul.

3. Shell Programming and Scripting

Generate Public Key when the server is not ssh enabled

I am writing a script that needs to access various servers some of which are not ssh enabled. In order to access the ssh enabled servers I am using the following command to generate the public key : ssh-keygen -t rsa Is there a similar command for the other servers as well. If I try to use...

4. UNIX for Advanced & Expert Users

Generate Public key for non ssh enabled servers

5. AIX

ssh public key setup questions.

Hi all, I have N number of AIX hosts, where I need to login frequently and do some routine tasks (run some scripts). I need to setup ssh public/private key, so I can auto-login via a master (wrapper) script and run each script in each server. I am trying to setup/generate ssh keys, but am...

6. UNIX for Dummies Questions & Answers

Public Key Authentication over SSH and Sudo-ing Implementation

Hi, We are currently implementing an Identity Management application which has several Unix systems as its target system. A pre-defined connector will be installed to provide connection between the Identity Management application and the Unix target system. The connection will use Public Key...

7. Solaris

Solaris 8 ssh public key authentication issue - Server refused our key

Hi, I've used the following way to set ssh public key authentication and it is working fine on Solaris 10, RedHat Linux and SuSE Linux servers without any problem. But I got error 'Server refused our key' on Solaris 8 system. Solaris 8 uses SSH2 too. Why? Please help. Thanks. ...

8. UNIX for Dummies Questions & Answers

how to create a public/private key using ssh-keygen

Hi, please guide me create a public/private key using ssh-keygen, lets say I have been access to server named pngpcdb1with a userid and password ...!!! and also please explain in detail the concept of these keys and ssh as I was planning to use them in ftp related scripts..! Thanks in...

9. UNIX for Advanced & Expert Users

SSH public key failing without error message

My password-free ssh connection has worked in the past but has stopped working and I can't get it going again. The files in .ssh on both source and target are set to 600: drwx------ 2 ingres 1024 Mar 2 13:57 . drwxr-xr-x 25 ingres 2048 Mar 29 09:38 .. -rw------- 1 ingres ...

10. Shell Programming and Scripting

Public key issue

I generated a public key that we are using for ssh and sftp but I noticed that I am still being asked for a password when I run my script. is there something I need to put in my script? Our linux guy said he placed keys on both servers.

LEARN ABOUT OSF1

kas_create

KAS_CREATE(8)						       AFS Command Reference						     KAS_CREATE(8)

NAME

       kas_create - Creates an entry in the Authentication Database

SYNOPSIS

       kas create -name <name of user>
	   [-initial_password <initial password>]
	   [-admin_username <admin principal to use for authentication>]
	   [-password_for_admin <admin password>] [-cell <cell name>]
	   [-servers <explicit list of authentication servers>+]
	   [-noauth] [-help]

       kas c -na <name of user> [-i <initial password>]
	   [-a <admin principal to use for authentication>]
	   [-p <admin password>] [-c <cell name>]
	   [-s <explicit list of authentication servers>+] [-no] [-h]

DESCRIPTION

       The kas create command creates an entry in the Authentication Database for the user named by the -name argument.

       To avoid having the account's initial password echo visibly at the shell prompt, omit the -initial_password argument; the command
       interpreter prompts for the password and does not echo it visibly.  Whether or not -initial_password is omitted, the Authentication Server
       converts the password into a form suitable for use as an encryption key, and records it in the entry's key field.

       To alter settings in an Authentication Database entry, use the kas setfields command. To examine an entry, use the kas examine command. To
       list every entry in the database, use the kas list command.

OPTIONS

       -name <name of user>
	   Names the new Authentication Database entry. Because it is the name under which the user logs in, it must obey the restrictions that
	   many operating systems impose on user names (usually, to contain no more than eight lowercase letters).

       -initial_password <initial password>
	   Sets the user's password; provide a character string that can include uppercase and lowercase letters, numerals and punctuation. The
	   Authentication Server scrambles the string into an octal string suitable for use as an encryption key before placing it in the entry's
	   key field. If this argument is omitted, the command interpreter prompts for the string and does not echo it visibly.

       -admin_username <admin principal>
	   Specifies the user identity under which to authenticate with the Authentication Server for execution of the command. For more details,
	   see kas(8).

       -password_for_admin <admin password>
	   Specifies the password of the command's issuer. If it is omitted (as recommended), the kas command interpreter prompts for it and does
	   not echo it visibly. For more details, see kas(8).

       -cell <cell name>
	   Names the cell in which to run the command. For more details, see kas(8).

       -servers <authentication servers>
	   Names each machine running an Authentication Server with which to establish a connection. For more details, see kas(8).

       -noauth
	   Assigns the unprivileged identity "anonymous" to the issuer. For more details, see kas(8).

       -help
	   Prints the online help for this command. All other valid options are ignored.

EXAMPLES

       The following example shows the prompts that appear when an administrator logged in as "admin" creates an Authentication Database entry for
       the user "smith", and does not include either the -initial_password or -password_for_admin arguments.

	  % kas create smith
	  Password for admin:
	  initial_password:
	  Verifying, please re-enter initial_password:

PRIVILEGE REQUIRED

       The issuer must have the "ADMIN" flag set on his or her Authentication Database entry.

SEE ALSO

       kas(8), kas_examine(8), kas_list(8), kas_setfields(8)

COPYRIGHT

       IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

       This documentation is covered by the IBM Public License Version 1.0.  It was converted from HTML to POD by software written by Chas
       Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.

OpenAFS 							    2012-03-26							     KAS_CREATE(8)