Login or Register to Ask a Question and Join Our Community


Linux

Ssh key doesn't match

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Linux Ssh key doesn't match
# 1  
Old 02-18-2016
Ssh key doesn't match
I'm loged on server A as user infa8. I want to login via ssh key on server B as user ussdsc.

destination server (B) is a redHat 6.2.
Permissions for ussdsc@B for home, ssh and authorized_keys:
Code:
[ussdsc@ussdpos:/home]$ ls -ltr | grep ussdsc
drwxr-xr-x. 29 ussdsc    mobifon     4096 Feb 18 11:43 ussdsc
[ussdsc@ussdpos:/home]$ getfacl ussdsc
# file: ussdsc
# owner: ussdsc
# group: mobifon
user::rwx
group::r-x
other::r-x

[ussdsc@B:/home]$ cd ussdsc
[ussdsc@B:~]$ ls -altr | grep ssh
-rw-------.  1 ussdsc grup      86 Feb  2 10:41 .lesshst
drwxr-xr-x.  2 ussdsc grup  4096 Feb 18 11:43 .ssh
[ussdsc@B:~]$
[ussdsc@B:~]$ getfacl .ssh
# file: .ssh
# owner: ussdsc
# group: grup
user::rwx
group::r-x
other::r-x

[ussdsc@B:~]$ cd .ssh
[ussdsc@B:~/.ssh]$ ls -altr auth*
-rw-r--r--. 1 ussdsc grup 395 Feb 18 11:43 authorized_keys
[ussdsc@B:~/.ssh]$ getfacl authorized_keys
# file: authorized_keys
# owner: ussdsc
# group: grup
user::rw-
group::r--
other::r--

ssh -vvv logs:
Code:
bash-4.3$ ssh -vvv ussdsc@ussdpos
OpenSSH_5.5p1+sftpfilecontrol-v1.3-hpn13v7, OpenSSL 0.9.8k 25 Mar 2009
HP-UX Secure Shell-A.05.50.015, HP-UX Secure Shell version
debug1: Reading configuration data /infa8/home/.ssh/config
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug3: RNG is ready, skipping seeding
debug2: ssh_connect: needpriv 0
debug1: Connecting to ussdpos [10.134.1.38] port 22.
debug1: Connection established.
debug1: identity file /infa8/home/.ssh/identity type -1
debug1: identity file /infa8/home/.ssh/identity-cert type -1
debug3: Not a RSA1 key file /infa8/home/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /infa8/home/.ssh/id_rsa type 1
debug1: identity file /infa8/home/.ssh/id_rsa-cert type -1
debug3: Not a RSA1 key file /infa8/home/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /infa8/home/.ssh/id_dsa type 2
debug1: identity file /infa8/home/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Remote is NON-HPN aware
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1+sftpfilecontrol-v1.3-hpn13v7
debug2: fd 3 setting O_NONBLOCK
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 112/256
debug2: bits set: 492/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: host ussdpos filename /infa8/home/.ssh/known_hosts
debug3: check_host_in_hostfile: host ussdpos filename /infa8/home/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 118
debug3: check_host_in_hostfile: host 10.134.1.38 filename /infa8/home/.ssh/known_hosts
debug3: check_host_in_hostfile: host 10.134.1.38 filename /infa8/home/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 117
debug1: Host 'ussdpos' is known and matches the RSA host key.
debug1: Found key in /infa8/home/.ssh/known_hosts:118
debug2: bits set: 536/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /infa8/home/.ssh/identity (0)
debug2: key: /infa8/home/.ssh/id_rsa (4003e6a0)
debug2: key: /infa8/home/.ssh/id_dsa (4003e6d0)
debug3: input_userauth_banner
The  access  to  this  system  is  restricted  and  is  granted  based  only
on individual  and  authorized  user  ID  and  password.  Any  access  to  the
system  using  an  ID  and  a  password  which  have  not  been  alocated  to
you  under  a  contract  or  by  law,  or  any  other  unauthorized  access on
this  system,  forcing  or  avoiding  access  restrictions  is  considered  a
crime  and  shall  be  prosecuted  according  to  the  Romanian  criminal law.

Continuing  the  access  procedure  is  considered  as  an  understanding  of
the  above  warning  and  of  the  consequences  of  not  respecting  it.

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Miscellaneous failure
No credentials cache found

debug1: Miscellaneous failure
No credentials cache found

debug1:


debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /infa8/home/.ssh/identity
debug3: no such identity: /infa8/home/.ssh/identity
debug1: Offering public key: /infa8/home/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering public key: /infa8/home/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
ussdsc@B's password:

and logs from /var/log/secure (ssh log level: DEBUG):
Code:
Feb 18 11:35:36 B sshd[12391]: debug1: Forked child 12593.
Feb 18 11:35:36 B sshd[12593]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Feb 18 11:35:36 B sshd[12593]: debug1: inetd sockets after dupping: 3, 3
Feb 18 11:35:36 B sshd[12593]: Connection from <ip>  port 55604
Feb 18 11:35:36 B sshd[12593]: debug1: Client protocol version 2.0; client software version OpenSSH_5.5p1+sftpfilecontrol-v1.3-hpn13v7
Feb 18 11:35:36 B sshd[12593]: debug1: match: OpenSSH_5.5p1+sftpfilecontrol-v1.3-hpn13v7 pat OpenSSH*
Feb 18 11:35:36 B sshd[12593]: debug1: Enabling compatibility mode for protocol 2.0
Feb 18 11:35:36 B sshd[12593]: debug1: Local version string SSH-2.0-OpenSSH_5.3
Feb 18 11:35:36 B sshd[12595]: debug1: permanently_set_uid: 74/74
Feb 18 11:35:36 B sshd[12595]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
Feb 18 11:35:36 B sshd[12595]: debug1: SSH2_MSG_KEXINIT sent
Feb 18 11:35:36 B sshd[12595]: debug1: SSH2_MSG_KEXINIT received
Feb 18 11:35:36 B sshd[12595]: debug1: kex: client->server aes128-ctr hmac-md5 none
Feb 18 11:35:36 B sshd[12595]: debug1: kex: server->client aes128-ctr hmac-md5 none
Feb 18 11:35:36 B sshd[12595]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
Feb 18 11:35:36 B sshd[12595]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Feb 18 11:35:36 B sshd[12595]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Feb 18 11:35:36 B sshd[12595]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Feb 18 11:35:36 ussdpos sshd[12595]: debug1: SSH2_MSG_NEWKEYS sent
Feb 18 11:35:36 B sshd[12595]: debug1: expecting SSH2_MSG_NEWKEYS
Feb 18 11:35:36 B sshd[12595]: debug1: SSH2_MSG_NEWKEYS received
Feb 18 11:35:36 B sshd[12595]: debug1: KEX done
Feb 18 11:35:36 B sshd[12595]: debug1: userauth-request for user ussdsc service ssh-connection method none
Feb 18 11:35:36 B sshd[12595]: debug1: attempt 0 failures 0
Feb 18 11:35:36 B sshd[12593]: debug1: PAM: initializing for "ussdsc"
Feb 18 11:35:36 B sshd[12593]: debug1: PAM: setting PAM_RHOST to "serpens.connex.ro"
Feb 18 11:35:36 B sshd[12593]: debug1: PAM: setting PAM_TTY to "ssh"
Feb 18 11:35:36 B sshd[12595]: debug1: userauth_send_banner: sent
Feb 18 11:35:36 B sshd[12595]: debug1: userauth-request for user ussdsc service ssh-connection method publickey
Feb 18 11:35:36 B sshd[12595]: debug1: attempt 1 failures 0
Feb 18 11:35:36 B sshd[12595]: debug1: test whether pkalg/pkblob are acceptable
Feb 18 11:35:36 B sshd[12593]: debug1: temporarily_use_uid: 501/501 (e=0/0)
Feb 18 11:35:36 B sshd[12593]: debug1: trying public key file /home/ussdsc/.ssh/authorized_keys
Feb 18 11:35:36 B sshd[12593]: debug1: restore_uid: 0/0
Feb 18 11:35:36 B sshd[12593]: debug1: temporarily_use_uid: 501/501 (e=0/0)
Feb 18 11:35:36 B sshd[12593]: debug1: trying public key file /home/ussdsc/.ssh/authorized_keys
Feb 18 11:35:36 B sshd[12593]: debug1: restore_uid: 0/0
Feb 18 11:35:36 B sshd[12593]: Failed publickey for ussdsc from 10.230.169.55 port 55604 ssh2
Feb 18 11:35:36 B sshd[12595]: debug1: userauth-request for user ussdsc service ssh-connection method publickey
Feb 18 11:35:36 B sshd[12595]: debug1: attempt 2 failures 1
Feb 18 11:35:36 B sshd[12595]: debug1: test whether pkalg/pkblob are acceptable
Feb 18 11:35:36 B sshd[12593]: debug1: temporarily_use_uid: 501/501 (e=0/0)
Feb 18 11:35:36 B sshd[12593]: debug1: trying public key file /home/ussdsc/.ssh/authorized_keys
Feb 18 11:35:36 B sshd[12593]: debug1: restore_uid: 0/0
Feb 18 11:35:36 B sshd[12593]: debug1: temporarily_use_uid: 501/501 (e=0/0)
Feb 18 11:35:36 B sshd[12593]: debug1: trying public key file /home/ussdsc/.ssh/authorized_keys
Feb 18 11:35:36 B sshd[12593]: debug1: restore_uid: 0/0
Feb 18 11:35:36 B sshd[12593]: Failed publickey for ussdsc from <ip>  port 55604 ssh2
Feb 18 11:35:41 B sshd[12595]: debug1: userauth-request for user ussdsc service ssh-connection method password
Feb 18 11:35:41 B sshd[12595]: debug1: attempt 3 failures 2
Feb 18 11:35:41 B sshd[12593]: Failed none for ussdsc from 10.230.169.55 port 55604 ssh2
Feb 18 11:35:41 B sshd[12595]: Connection closed by <ip>
Feb 18 11:35:41 B sshd[12595]: debug1: do_cleanup
Feb 18 11:35:41 B sshd[12593]: debug1: do_cleanup
Feb 18 11:35:41 B sshd[12593]: debug1: PAM: cleanup

For comparison purposes, I will show the corresponding logs (ssh -vvv & /var/log/secure) for anothe SUCCESSFUL login with ssh key FROM the same user/server: infa8@A towards the same server, but as a different user: opc_op@B

ssh -vvv
Code:
bash-4.3$ ssh -vvv opc_op@B
OpenSSH_5.5p1+sftpfilecontrol-v1.3-hpn13v7, OpenSSL 0.9.8k 25 Mar 2009
HP-UX Secure Shell-A.05.50.015, HP-UX Secure Shell version
debug1: Reading configuration data /infa8/home/.ssh/config
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug3: RNG is ready, skipping seeding
debug2: ssh_connect: needpriv 0
debug1: Connecting to ussdpos [<ip>] port 22.
debug1: Connection established.
debug1: identity file /infa8/home/.ssh/identity type -1
debug1: identity file /infa8/home/.ssh/identity-cert type -1
debug3: Not a RSA1 key file /infa8/home/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /infa8/home/.ssh/id_rsa type 1
debug1: identity file /infa8/home/.ssh/id_rsa-cert type -1
debug3: Not a RSA1 key file /infa8/home/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /infa8/home/.ssh/id_dsa type 2
debug1: identity file /infa8/home/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Remote is NON-HPN aware
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1+sftpfilecontrol-v1.3-hpn13v7
debug2: fd 3 setting O_NONBLOCK
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 130/256
debug2: bits set: 522/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: host ussdpos filename /infa8/home/.ssh/known_hosts
debug3: check_host_in_hostfile: host ussdpos filename /infa8/home/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 118
debug3: check_host_in_hostfile: host <ip> filename /infa8/home/.ssh/known_hosts
debug3: check_host_in_hostfile: host <ip> filename /infa8/home/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 117
debug1: Host 'ussdpos' is known and matches the RSA host key.
debug1: Found key in /infa8/home/.ssh/known_hosts:118
debug2: bits set: 518/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /infa8/home/.ssh/identity (0)
debug2: key: /infa8/home/.ssh/id_rsa (4003e6a0)
debug2: key: /infa8/home/.ssh/id_dsa (4003e6d0)
debug3: input_userauth_banner
<message>

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Miscellaneous failure
No credentials cache found

debug1: Miscellaneous failure
No credentials cache found

debug1:


debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /infa8/home/.ssh/identity
debug3: no such identity: /infa8/home/.ssh/identity
debug1: Offering public key: /infa8/home/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp <fingerprint>
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).

and /var/log/messages:
Code:
Feb 18 11:36:33 B sshd[12391]: debug1: Forked child 12753.
Feb 18 11:36:33 B sshd[12753]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Feb 18 11:36:34 B sshd[12753]: debug1: inetd sockets after dupping: 3, 3
Feb 18 11:36:34 B sshd[12753]: Connection from <ip> port 61384
Feb 18 11:36:34 B sshd[12753]: debug1: Client protocol version 2.0; client software version OpenSSH_5.5p1+sftpfilecontrol-v1.3-hpn13v7
Feb 18 11:36:34 B sshd[12753]: debug1: match: OpenSSH_5.5p1+sftpfilecontrol-v1.3-hpn13v7 pat OpenSSH*
Feb 18 11:36:34 B sshd[12753]: debug1: Enabling compatibility mode for protocol 2.0
Feb 18 11:36:34 B sshd[12753]: debug1: Local version string SSH-2.0-OpenSSH_5.3
Feb 18 11:36:34 B sshd[12758]: debug1: permanently_set_uid: 74/74
Feb 18 11:36:34 B sshd[12758]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
Feb 18 11:36:34 B sshd[12758]: debug1: SSH2_MSG_KEXINIT sent
Feb 18 11:36:34 B sshd[12758]: debug1: SSH2_MSG_KEXINIT received
Feb 18 11:36:34 B sshd[12758]: debug1: kex: client->server aes128-ctr hmac-md5 none
Feb 18 11:36:34 B sshd[12758]: debug1: kex: server->client aes128-ctr hmac-md5 none
Feb 18 11:36:34 B sshd[12758]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
Feb 18 11:36:34 B sshd[12758]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Feb 18 11:36:34 B sshd[12758]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Feb 18 11:36:34 B sshd[12758]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Feb 18 11:36:34 B sshd[12758]: debug1: SSH2_MSG_NEWKEYS sent
Feb 18 11:36:34 B sshd[12758]: debug1: expecting SSH2_MSG_NEWKEYS
Feb 18 11:36:34 B sshd[12758]: debug1: SSH2_MSG_NEWKEYS received
Feb 18 11:36:34 B sshd[12758]: debug1: KEX done
Feb 18 11:36:34 B sshd[12758]: debug1: userauth-request for user opc_op service ssh-connection method none
Feb 18 11:36:34 B sshd[12758]: debug1: attempt 0 failures 0
Feb 18 11:36:34 B sshd[12753]: debug1: PAM: initializing for "opc_op"
Feb 18 11:36:34 B sshd[12753]: debug1: PAM: setting PAM_RHOST to "serpens.connex.ro"
Feb 18 11:36:34 B sshd[12753]: debug1: PAM: setting PAM_TTY to "ssh"
Feb 18 11:36:34 B sshd[12758]: debug1: userauth_send_banner: sent
Feb 18 11:36:34 B sshd[12758]: debug1: userauth-request for user opc_op service ssh-connection method publickey
Feb 18 11:36:34 B sshd[12758]: debug1: attempt 1 failures 0
Feb 18 11:36:34 B sshd[12758]: debug1: test whether pkalg/pkblob are acceptable
Feb 18 11:36:34 B sshd[12753]: debug1: temporarily_use_uid: 777/177 (e=0/0)
Feb 18 11:36:34 B sshd[12753]: debug1: trying public key file /home/opc_op/.ssh/authorized_keys
Feb 18 11:36:34 B sshd[12753]: debug1: fd 7 clearing O_NONBLOCK
Feb 18 11:36:34 B sshd[12753]: debug1: matching key found: file /home/opc_op/.ssh/authorized_keys, line 1
Feb 18 11:36:34 B sshd[12753]: Found matching RSA key: <key>
Feb 18 11:36:34 B sshd[12753]: debug1: restore_uid: 0/0
Feb 18 11:36:34 B sshd[12758]: Postponed publickey for opc_op from 10.230.169.55 port 61384 ssh2
Feb 18 11:36:34 B sshd[12758]: debug1: userauth-request for user opc_op service ssh-connection method publickey
Feb 18 11:36:34 B sshd[12758]: debug1: attempt 2 failures 0
Feb 18 11:36:34 B sshd[12753]: debug1: temporarily_use_uid: 777/177 (e=0/0)
Feb 18 11:36:34 B sshd[12753]: debug1: trying public key file /home/opc_op/.ssh/authorized_keys
Feb 18 11:36:34 B sshd[12753]: debug1: fd 7 clearing O_NONBLOCK
Feb 18 11:36:34 B sshd[12753]: debug1: matching key found: file /home/opc_op/.ssh/authorized_keys, line 1
Feb 18 11:36:34 B sshd[12753]: Found matching RSA key: <key>
Feb 18 11:36:34 B sshd[12753]: debug1: restore_uid: 0/0
Feb 18 11:36:34 B sshd[12753]: debug1: ssh_rsa_verify: signature correct
Feb 18 11:36:34 B sshd[12753]: debug1: do_pam_account: called
Feb 18 11:36:34 B sshd[12753]: Accepted publickey for opc_op from 10.230.169.55 port 61384 ssh2
Feb 18 11:36:34 B sshd[12753]: debug1: monitor_child_preauth: opc_op has been authenticated by privileged process
Feb 18 11:36:34 B sshd[12753]: debug1: temporarily_use_uid: 777/177 (e=0/0)
Feb 18 11:36:34 B sshd[12753]: debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
Feb 18 11:36:34 B sshd[12753]: debug1: restore_uid: 0/0
Feb 18 11:36:34 B sshd[12753]: debug1: SELinux support enabled
Feb 18 11:36:34 B sshd[12753]: debug1: PAM: establishing credentials
Feb 18 11:36:34 B sshd[12753]: pam_unix(sshd:session): session opened for user opc_op by (uid=0)
Feb 18 11:36:34 B sshd[12753]: User child is on pid 12784
Feb 18 11:36:34 B sshd[12784]: debug1: PAM: establishing credentials
Feb 18 11:36:34 B sshd[12784]: debug1: permanently_set_uid: 777/177
Feb 18 11:36:34 B sshd[12784]: debug1: Entering interactive session for SSH2.
Feb 18 11:36:34 B sshd[12784]: debug1: server_init_dispatch_20
Feb 18 11:36:34 B sshd[12784]: debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384
Feb 18 11:36:34 B sshd[12784]: debug1: input_session_request
Feb 18 11:36:34 B sshd[12784]: debug1: channel 0: new [server-session]
Feb 18 11:36:34 B sshd[12784]: debug1: session_new: session 0
Feb 18 11:36:34 B sshd[12784]: debug1: session_open: channel 0
Feb 18 11:36:34 B sshd[12784]: debug1: session_open: session 0: link with channel 0
Feb 18 11:36:34 B sshd[12784]: debug1: server_input_channel_open: confirm session
Feb 18 11:36:34 B sshd[12784]: debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
Feb 18 11:36:34 B sshd[12784]: debug1: server_input_channel_req: channel 0 request pty-req reply 1
Feb 18 11:36:34 B sshd[12784]: debug1: session_by_channel: session 0 channel 0
Feb 18 11:36:34 B sshd[12784]: debug1: session_input_channel_req: session 0 req pty-req
Feb 18 11:36:34 B sshd[12784]: debug1: Allocating pty.
Feb 18 11:36:34 B sshd[12753]: debug1: session_new: session 0
Feb 18 11:36:34 B sshd[12784]: debug1: session_pty_req: session 0 alloc /dev/pts/2
Feb 18 11:36:34 B sshd[12784]: debug1: Ignoring unsupported tty mode opcode 11 (0xb)
Feb 18 11:36:34 B sshd[12784]: debug1: Ignoring unsupported tty mode opcode 16 (0x10)
Feb 18 11:36:34 B sshd[12784]: debug1: server_input_channel_req: channel 0 request shell reply 1
Feb 18 11:36:34 B sshd[12784]: debug1: session_by_channel: session 0 channel 0
Feb 18 11:36:34 B sshd[12784]: debug1: session_input_channel_req: session 0 req shell
Feb 18 11:36:34 B sshd[12785]: debug1: Setting controlling tty using TIOCSCTTY.

home, .ssh and authorized_keys have identical permissions for both users. authorized_keys have the same content:
Code:
[ussdsc@ussdpos:~/.ssh]$ ls -ltr /home/opc_op/.ssh/authorized_keys
-rw-r--r--. 1 opc_op opc_grup395 Feb 18 10:20 /home/opc_op/.ssh/authorized_keys
[ussdsc@B:~/.ssh]$
[ussdsc@B:~/.ssh]$ ls -ltr /home/ussdsc/.ssh/authorized_keys
-rw-r--r--. 1 ussdsc grup 395 Feb 18 11:43 /home/ussdsc/.ssh/authorized_keys
[ussdsc@B:~/.ssh]$
[ussdsc@B:~/.ssh]$ diff /home/opc_op/.ssh/authorized_keys /home/ussdsc/.ssh/authorized_keys

any idea why I cannot connect with ssh key as ussdsc@B ?
It seems that the key simply doesn;t match with ussdc's authorized_keys but the same key matches to opc_op's authorized_keys (which has the same content/permissions etc..)
# 2  
Old 02-18-2016
Your public key (the external account connecting to the ussdsc user) has to exist in the remote authorized_keys file. Can you find it there? Since obviously you can login over there and look at things in that remote directory.
# 3  
Old 02-18-2016
Quote:
Originally Posted by jim mcnamara
Your public key (the external account connecting to the ussdsc user) has to exist in the remote authorized_keys file. Can you find it there? Since obviously you can login over there and look at things in that remote directory.
hi Jim,

yes, the public key infa8@A /infa8/home/.ssh/id_rsa.pub exists in both /home/opc_op/.ssh/authorized_keys and /home/ussdsc/.ssh/authorized_keys as I pointed earlier I can login as user opc_op@B but not as ussdsc@B (starting from the same point infa8@A)

As a side note: I do have direct root access on both servers, I just to solve this issue for the users.
Last edited by rbatte1; 07-06-2016 at 01:05 PM.. Reason: Added some ICODE tags for clarity
# 4  
Old 02-18-2016
Hi,
your policies of ".ssh" directory of user ussdsc in server B is rwxr-xr-x.
Can you change these with rwx------ and retry ?

Regards.
# 5  
Old 02-18-2016
Quote:
Originally Posted by disedorgue
Hi,
your policies of ".ssh" directory of user ussdsc in server B is rwxr-xr-x.
Can you change these with rwx------ and retry ?

Regards.
hi disedorgue,

yes, tried that too with the same result.
# 6  
Old 02-18-2016
Ok,
Why group of /home/ussdsc is "mobifon" and group of ".ssh" and "authorized_keys" is "grup" and not "mobifon" ?
# 7  
Old 02-18-2016
Quote:
Originally Posted by disedorgue
Ok,
Why group of /home/ussdsc is "mobifon" and group of ".ssh" and "authorized_keys" is "grup" and not "mobifon" ?
I edited mobifon to 'grup' but missed some instances Smilie
there are the same user:group ownerships for homedir, .ssh and auth_keys file.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Match tab-delimited files based on key

I thought I had this figured out but was wrong so am humbly asking for help. The task is to add an additional column to FILE 1 based on records in FILE 2. The key is in COLUMN 1 for FILE 1 and in COLUMN 1 OR COLUMN 2 for FILE 2. I want to add the third column from FILE 2 to the beginning of... (8 Replies)
Discussion started by: andmal
8 Replies

2. Shell Programming and Scripting

Sdiff doesn't try and compare to closest match

In the example below i would want the extensions to match. Is there any other utility or script to achieve this. Kindly help. Example: sdiff sourceFileNames targetFileNames 17021701P.blf | 17021901P.ibk 17021701P.chn | 17021901P.irk 17021701P.bmr | 17021901P.dyd 17021701P.dpf |... (7 Replies)
Discussion started by: jamilpasha
7 Replies

3. Shell Programming and Scripting

Rsync in bash script doesn't work even after placing pub key in target server

Hello Friends, My bash script is like this #!/bin/bash # request Bourne shell as shell for job #$ -S /bin/bash # assume current working directory as paths #$ -cwd #$ -N rsync-copy # # print date and time date rsync -rltD --progress "ssh -i /home/myname/.ssh/id_rsa"... (4 Replies)
Discussion started by: jacobs.smith
4 Replies

4. HP-UX

SSH2 - signature didn't match with host key

I am trying to complete ssh2 connection between HP-UX and CoreFTP. The host key authentication fails with signature didn't match. See below output. I can connect to this CoreFTP from my Windows desktop, and connect to a multitude of other servers from the HP-UX system as well, but have... (2 Replies)
Discussion started by: Stars
2 Replies

5. Shell Programming and Scripting

Swap usage by top and free command doesn't match

Its rather confusing, the output of top command is below: The "swap" field of top is described by the manpage as: "The swapped out portion of a task's total virtual memory image." But the output of free command suggests something else and it does tally with the output of swapon... (3 Replies)
Discussion started by: proactiveaditya
3 Replies

6. Solaris

Solaris 8 ssh public key authentication issue - Server refused our key

Hi, I've used the following way to set ssh public key authentication and it is working fine on Solaris 10, RedHat Linux and SuSE Linux servers without any problem. But I got error 'Server refused our key' on Solaris 8 system. Solaris 8 uses SSH2 too. Why? Please help. Thanks. ... (1 Reply)
Discussion started by: aixlover
1 Replies

7. Shell Programming and Scripting

Using ssh to add register key on ssh server

Hi, I want to use ssh to add a register key on remote ssh server. Since there are space characters in my register key string, it always failed. If there is no space characters in the string, it worked fine. The following is what I have tried. It seems that "ssh" command doesn't care about double... (9 Replies)
Discussion started by: leaftree
9 Replies

8. UNIX for Dummies Questions & Answers

My output doesn't match anything...and the program is pretty simple

This is what I have: #include <stdio.h> int main (void) { int integerVar; int floatingVar; int doubleVar; int charVar; integerVar = 100; floatingVar = 331.79; doubleVar = 8.44e+11; charVar = 'W'; _Bool boolVar; boolVar = 0; ... (3 Replies)
Discussion started by: pwanda
3 Replies

9. UNIX for Dummies Questions & Answers

echo $PATH doesn't match $HOME/.profile

This is on a Solaris 9 box, but I feel like a noob, so I am posting here. When I echo $PATH I get a lot of duplicate paths and extra stuff I don't need. What I want is just what I set up in my home dir under .profile My login shell=/bin/bash I checked the following and there are no path... (1 Reply)
Discussion started by: Veestan
1 Replies

10. Cybersecurity

SSH key code versus server key code

Hi, When logging in using SSH access (to a remotely hosted account), I received a prompt to accept a server's key fingerprint. Wrote that string of code down for comparision. Already emailed my host for their listing of the string of code for the server's key fingerprint (for comparison,... (1 Reply)
Discussion started by: Texan
1 Replies
Login or Register to Ask a Question