I am currently setting up rdiff-backup to use ssh to connect and remotely backup and retrieve data. I am doing so by creating rsa keys for each server and copying the relevant key to the /.ssh folder on the relevant server.

All seems to work well when severs running solaris 8 with ssh 3.6.1 are talking to each other, but I have one server running solaris 6 with ssh 3.0.1 and it will not except the key being sent to it from the connecting server.

The connecting server is running solaris 8 with ssh 3.6.1.

On the Solaris 6 server in the / directory instead of a .ssh folder there is a .ssh2 folder. I have tried placing the public rsa key for the connecting server in the file "authorized_keys" and then "authorized_keys2" with no success.

Any suggestions??

Regards Tim

ssh -C -v 250
OpenSSH_3.6.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090702f
debug1: Reading configuration data //.ssh/config
debug1: Applying options for 250
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: Connecting to 195.248.193.250 [195.248.193.250] port 22.
debug1: Connection established.
debug1: identity file /.ssh/id_rsa_250 type 1
debug1: Remote protocol version 2.0, remote software version 3.0.1 SSH Secure Shell
debug1: match: 3.0.1 SSH Secure Shell pat 3.0.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 zlib
debug1: kex: client->server aes128-cbc hmac-md5 zlib
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host '195.248.193.250' is known and matches the DSA host key.
debug1: Found key in /.ssh/known_hosts:5
debug1: ssh_dss_verify: signature correct
debug1: Enabling compression at level 6.
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /.ssh/id_rsa_250
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
root@195.248.193.250's password:

When you try and connect from machine A to machine B, do you get any kind of errors, or does it just fall back to the password prompt after it fails on the key?

Have you also tried specifying the key that you want to use when testing with the ssh client using the -i switch poited at your identity file?

What does the sshd_config file look like on the system you are trying to connect to? Perhaps it's not set to use auth keys?

UPDATE: Woops. Sorry, I didn't see the end there. So you are getting the password prompt. From the rest of the debug it does look like you are getting in with the key but then get prompted for auth again. I know this is really basic, but have you checked perms on your SSH server's .ssh/authorized_keys file to make certain they are mode 600? One final thing... have you tried openinging both your identity file on the client and the authorized_keys file in a text editor to verify that the key string is one line without returns at the end? That usually seems to be the most common cause of getting the password prompt with auth keys set up in my experience.

Thanks for replying to my plea for help.

On server a the .ssh folder is named ".ssh" where on server be the folder is named ".ssh2".

Could this be something to do with my problems?

Worth a shot to create a .ssh directory on system B and then copy your authorization key to that dir from .ssh2 (note I stated copy, not move).

It going to be hard to find someone with the same versions that you are attempting to use - plus the fact that there have been security issues with the older version you are running. It may be easier in the long run to upgrade to the one you are running currently on the other servers.

Well I would prefer to upgrade the version on server B. Only problem is I managed to kill a server earler on in this week when I tried up grading ssh.
I installed ssh and found it would not work due to my "prng not being seeded".
I have had problems before when trying to install ssh after "yassp" has all ready been installed. so I rolled backup the yassp and restarted which had the same effect of sitting out on a limb of a tree with saw cutting the wrong side. Luckely the murdered email server was only running a Communigate Pro post office, which is the easiest program ever to install and recover.

This server B is our DNS server and I'm not over confidant I could rebuild it if I needed to.

Well... I re-iterate what RTM said. Try copying your .ssh2 dir to .ssh and see if that fixes the problem. Also, check your 'sshd_config' file and see where the "AuthorizedKeysFile" option is set to look for your server side authorized_keys file. The line should normally look like this:

AuthorizedKeysFile .ssh/authorized_keys

Or... if you want to use the .ssh2 dir, then it should look like this:

AuthorizedKeysFile .ssh2/authorized_keys

I'm not sure where your sshd_config file would be located on your server, so you might need to use 'find' to locate it.

Thanks for all the help guys. I have come across a document on the web saying that if I want to connect via keys from openssh to ssh I need to convert the openssh key to ssh. I will have a play with this and see how it goes.

Once again I appriciate all the advice I have recieved.

regards,

Tim