SSH password-less login issue between linux and solaris
Hello Gurus,
I am trying to set up bidirectional password-less login between a linux and a Solaris. The way I am doing is very simple, which is creating pub/priv key pairs on each host and add the pub key to each other's authorized_keys file:
ssh-keygen -t rsa (I tried dsa, and it didn't work aslo)
Surprisingly enough, having done the same set up on both machines, only linux->solaris trusted connection works while solaris->linux does not
Here is the verbose logs I got when I try to ssh to linux from the solaris:
Code:
debug1: Next authentication method: publickey
debug1: Trying private key: /home/nyfcgstg/.ssh/identity
debug3: no such identity: /home/nyfcgstg/.ssh/identity
debug1: Offering public key: /home/nyfcgstg/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug2: input_userauth_pk_ok: fp 80:58:a9:ba:b7:f8:5d:21:16:bd:4c:f8:d1:e0:04:dc
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type RSA
Connection closed by xx.xx.xx.xxx
debug1: Calling cleanup 0x41afc(0x0)
After reading the private key the connection just closed by the Solaris.
The same pub key of linux is accepted by other Linux boxes so I am thinking this can be a cross-platform issue?
Open ssh on Linux: OpenSSH_5.2p1_q1.g463c730, OpenSSL 0.9.8k 25 Mar 2009
Open ssh on Solaris:OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep 2003
Any pointers will be appreciated.
Aaron
Moderator's Comments:
edit by bakunin: Please view this code tag video for how to use code tags when posting code and data.
Hi,
I would like to login from a Sun server running ssh:
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
to
ssh: SSH Secure Shell 3.0.1 on sparc-sun-solaris2.6
How can I achieve this?
Thanks a million in advance (1 Reply)
There is two server, server A and server B. In server A, I would like to login ssh to server B without typing password. (no need for ssh2)
Therefore, I do the followings:
Server A:
>cd ~
>mkdir .ssh
>ssh-keygen -t dsa -f .ssh/id_dsa
Then copy the file id_dsa.pub to Server B
Server B:... (2 Replies)
Hi Gurus
I have a few Sol 5.9 servers and i have enabled password less authentication between them for my user ID. Often i have found that when my password has expired,the login fails.
Resetting my password reenables the keys.
Do i need to do something to avoid this scenario or is this... (2 Replies)
Hi All,
I am facing issue in setting up passwordless login through ssh on two Solaris-10 boxes. user-id ravrwa from server tsapiq04-zrwdq01 should be able to login to server tsbrit03 as cpsuserq, which is not happening. I am not sure where is the problem, while keys are already all set. Here is... (14 Replies)
Hello friends,
I have the problem with password less login in solaris 10.
Issue : In solaris 10 I have 2 different users on is oracle and the other is archmon. when I try to ssh to the other server from oracle it is successful but when I try to ssh from archmon it fails, and it asks for the... (1 Reply)
Hello,
I can't seem to get the password less login to work on one of my SLES 11 servers. My ssh agent lets me login to all my other servers, which are Solaris 10, RHEL 5, and SLES 11 servers. Some servers mount my home directory and others don't.
The server that I'm having an issue with doesn't... (7 Replies)
Hi,
I have setup password less ssh connection between Server A and Server B and I am able to connect with User2.
But my requirement is, User 1 run a script in Server A to ssh into Server B as User 2 but it is asking password every time I execute.
Server A:
Login as User 1 and execute sh... (8 Replies)
I am using redhat 6.4 and i want to login ssh without password kindly guide me (2 Replies)
Discussion started by: kannansoft1985
2 Replies
LEARN ABOUT SUNOS
ssh-add
ssh-add(1) User Commands ssh-add(1)NAME
ssh-add - add RSA or DSA identities to the authentication agent
SYNOPSIS
ssh-add [-lLdDxX] [-t life] [ file ...]
DESCRIPTION
The ssh-add utility adds RSA or DSA identities to the authentication agent, ssh-agent(1). When run without arguments, it attempts to add
all of the files $HOME/.ssh/identity (RSA v1), $HOME/.ssh/id_rsa (RSA v2), and $HOME/.ssh/id_dsa (DSA v2) that exist. If more than one of
the private keys exists, an attempt to decrypt each with the same passphrase will be made before reprompting for a different passphrase.
The passphrase is read from the user's tty or by running the program defined in SSH_ASKPASS (see below).
The authentication agent must be running.
OPTIONS
The following options are supported:
-d Instead of adding the identity, this option removes the identity from the agent.
-D Deletes all identities from the agent.
-l Lists fingerprints of all identities currently represented by the agent.
-L Lists public key parameters of all identities currently represented by the agent.
-t life Sets a maximum lifetime when adding identities to an agent. The lifetime may be specified in seconds or in a time format specified
in sshd(1M).
-x Locks the agent with a password.
-X Unlocks the agent.
ENVIRONMENT VARIABLES
DISPLAY If ssh-add needs a passphrase, it will read the passphrase from the current terminal if it was run from a terminal. If ssh-
SSH_ASKPASS add does not have a terminal associated with it but DISPLAY and SSH_ASKPASS are set, it will execute the program specified
by SSH_ASKPASS and open an X11 window to read the passphrase. This is particularly useful when calling ssh-add from a
.Xsession or related script.
SSH_AUTH_SOCK Identifies the path of a unix-domain socket used to communicate with the agent.
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error occurred.
FILES
These files should not be readable by anyone but the user. Notice that ssh-add ignores a file if it is accessible by others. It is possible
to specify a passphrase when generating the key; that passphrase will be used to encrypt the private part of this file.
If these files are stored on a network file system it is assumed that either the protection provided in the file themselves or the trans-
port layer of the network file system provides sufficient protection for the site policy. If this is not the case, then it is recommended
the key files are stored on removable media or locally on the relevant hosts.
Recommended names for the DSA and RSA key files:
$HOME/.ssh/identity Contains the RSA authentication identity of the user for protocol version 1.
$HOME/.ssh/identity.pub Contains the public part of the RSA authentication identity of the user for protocol version 1.
$HOME/.ssh/id_dsa Contains the private DSA authentication identity of the user.
$HOME/.ssh/id_dsa.pub Contains the public part of the DSA authentication identity of the user.
$HOME/.ssh/id_rsa Contains the private RSA authentication identity of the user.
$HOME/.ssh/id_rsa.pub Contains the public part of the RSA authentication identity of the user.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWsshu |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO ssh(1), ssh-agent(1), ssh-keygen(1), sshd(1M), attributes(5)
To view license terms, attribution, and copyright for OpenSSH, the default path is /var/sadm/pkg/SUNWsshdr/install/copyright. If the
Solaris operating environment has been installed anywhere other than the default, modify the given path to access the file at the installed
location.
AUTHORS
OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
Theo de Raadt and Dug Song removed many bugs, added newer features and created Open SSH. Markus Friedl contributed the support for SSH pro-
tocol versions 1.5 and 2.0.
SunOS 5.10 9 Jan 2004 ssh-add(1)
10-11-2012
