SSH/RSAAuthentication Problems


 
Thread Tools Search this Thread
Operating Systems Solaris SSH/RSAAuthentication Problems
# 1  
Old 01-16-2013
SSH/RSAAuthentication Problems

I'm attempting to setup RSA Authentication for a particular user on two servers. A script runs via crontab, logs into one server and transfers data from the server1 to server2. Another script via cron, runs on server2, connects to server 1 and transfers data to it. However, I'm having issues configuring ssh/RSA authentication. An RSA key was generated on server1, then id_rsa.pub was copied to server2 in authorized_keys.


Here's my debug results:

Code:
[user@server1 .ssh]$ ssh -v -l user server2
Sun_SSH_1.1.4, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to server2 [XXX.XXX.XX.XXX] port XX.
debug1: Connection established.
debug1: identity file /export/home/user/.ssh/identity type -1
debug1: identity file /export/home/user/.ssh/id_rsa type 1
debug1: identity file /export/home/user/.ssh/id_dsa type -1
debug1: Logging to host: server2
debug1: Local user: user Remote user: user
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.4
debug1: match: Sun_SSH_1.1.4 pat Sun_SSH_1.1.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1.4
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: Peer sent proposed langtags, ctos: en-CA,en-US,es,es-MX,fr,fr-CA,i-default
debug1: Peer sent proposed langtags, stoc: en-CA,en-US,es,es-MX,fr,fr-CA,i-default
debug1: We proposed langtags, ctos: i-default
debug1: We proposed langtags, stoc: i-default
debug1: Negotiated lang: i-default
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: C
debug1: Remote: Negotiated messages locale: C
debug1: dh_gen_key: priv key bits set: 133/256
debug1: bits set: 1587/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'server2' is known and matches the RSA host key.
debug1: Found key in /export/home/user/.ssh/known_hosts:2
debug1: bits set: 1638/3191
debug1: ssh_rsa_verify: signature correct
debug1: newkeys: mode 1
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: Next authentication method: gssapi-with-mic
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: Next authentication method: publickey
debug1: Trying private key: /export/home/user/.ssh/identity
debug1: Trying public key: /export/home/user/.ssh/id_rsa
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Trying private key: /export/home/user/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:

# 2  
Old 01-16-2013
Maybe you should use authorized_keys2 instead authorized_keys or you should add server1 name and ip into /etc/hosts on server2 if they don't use dns.
# 3  
Old 01-22-2013
Quote:
Originally Posted by GP81
Maybe you should use authorized_keys2 instead authorized_keys or you should add server1 name and ip into /etc/hosts on server2 if they don't use dns.
etc/hosts is read only, even for root. How is this modifiable? In the meantime, I'll attempt to generate the key with authorized_keys2.

---------- Post updated at 10:01 AM ---------- Previous update was at 09:11 AM ----------

I've used these instructions. With the exception, using RSA rather than DSA and passphrase is blank.

Howto Linux / UNIX setup SSH with DSA public key authentication (password less login)


Is something missing here?

---------- Post updated at 10:47 AM ---------- Previous update was at 10:01 AM ----------

After executing the following command on server1, it connects without prompting for password. However, server2 to server1, still prompts. Any ideas?

Code:
$ exec /usr/bin/ssh-agent $SHELL
$ ssh-add

# 4  
Old 01-22-2013
I wasn't sure last time because i was setup ssh keys long time ago.
Now I know that there is no need to add anything to /etc/hosts.
Anyway to modify read-only file with vi, you must use
Code:
[esc]:!w

I tested ssh key exchange. It is very simple for me and i didn't have any problems with this.
Example:
Code:
user1@server1 # cd
user1@server1 # pwd
/export/home/user1
user1@server1 # ssh-keygen -t rsa
user1@server1 # scp ./.ssh/id_rsa.pub user2@server2:./.ssh/user1_server1_id_rsa.pub
user2@server2 # pwd
/export/home/user2/.ssh
user2@server2 # cat user1_server1_id_rsa.pub >> authorized_keys

Now I have passwordless ssh login from server1 to server2. On server1 I have account with user1 login, on server2 account with user2 login.
There is no need to change any file permissions. I leave passphrase blank.
To setup login from server2 to server1 you must repeat above steps. Remember to use apropriate user account.
Check your files and directoriese names and path to that files and directories. Maybe there is some mistake.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Ssh-keygen problems

For some reason, when I try copying my public key to the server, despite it showing as being successful: rob@linux044:~$ ssh-copy-id -i /home/rob/Work/Keys/keys.txt.pub !@#$%.com /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/rob/Work/Keys/keys.txt.pub"... (7 Replies)
Discussion started by: Circuits
7 Replies

2. UNIX for Dummies Questions & Answers

Baffled by problems with ssh and samba

I have made a complete botch of trying to install both ssh and samba, having followed numerous tutorials - all claiming to be easy to follow and stating that it is easy. The last attempt @ ssh was going really well until the copy id stage roy@roy-1011PX:~$ ssh-copy-id -i /home/roy/.ssh/id_dsa.pub... (8 Replies)
Discussion started by: Royalist
8 Replies

3. Debian

SSH chroot jail problems

Firstly Hi everyone :) I setup SFTP and SSH jail using this tutorial: http://www.howtoforge.com/chrooted-ssh-sftp-tutorial-debian-lenny SFTP jail works however now when I try to SSH it accepts my password and then just goes to a blank screen. Type any command and the shell session is... (11 Replies)
Discussion started by: pokey144
11 Replies

4. AIX

Problems with SSH/SFTP between AIX and Mainframe

Hi, I'm not sure if this has been solved in this forum already but please do help me out if possible. Basically, I've already setup a passwordless SSH connection between 2 AIX IDs (say ID-1 and ID-2) with a Mainframe server ID (say MVSID). I'm able to successfully do an SSH from the AIX server to... (1 Reply)
Discussion started by: sambeet
1 Replies

5. AIX

Problems with SSH / telnet

Hey, I have upgraded 3 servers from SSH Tectia 4.0.3 to SSH Tectia 6.0.2. 2 of them are working fine but one server suddenly began to have troubles after about 2 hours. Now it is impossible to login to this server using SSH and even telnet. When SSH is running on this particular server, the CPU... (20 Replies)
Discussion started by: Hille
20 Replies

6. AIX

Problems installing SSH on AIX 5.2

Hi all. I'm a newbie around here and starting an "adventure" through AIX OS's. I'm having a few troubles when i try to install OpenSSH 4.7.0.5201 through smitty installp. I have all prerequisites already installed on my server. As you can see below, my problem is only with the SSH Server.... (7 Replies)
Discussion started by: celotibau
7 Replies

7. UNIX for Advanced & Expert Users

SSH problems

I am trying to ssh into a remote sun server, however I get X11 forwarding error. I have checked sshd_config file and X11 forwarding is enabled. Also xhost command doesnt give any output, it doesnt even return the prompt.I have to Ctrl C out of the situation. any suggestions anyone?? (1 Reply)
Discussion started by: ysk
1 Replies

8. Solaris

OS Problems -no DNS & SSH not working

I just installed Solaris 6/10 without any problems but I didn't connect the network cable when I installed it. Here are my problems: -I can access webpages using IP addrsses but not with domain names -ssh is installed but it is not running ('ps -e | grep sshd' didn't show it) I have been... (4 Replies)
Discussion started by: kungpow
4 Replies

9. Cybersecurity

D'oh! More SSH problems

But this time it's not the implementation, it's the protocol. Check this out for a description: http://lasecwww.epfl.ch/memo_ssl.shtml There's a little more general information found in links on Slashdot's story here. Don't rush out and replace your sshd, though. This attack apparently only... (1 Reply)
Discussion started by: LivinFree
1 Replies

10. News, Links, Events and Announcements

More SSH Problems.....

See: http://www.cert.org/advisories/CA-2002-36.html and http://www.rapid7.com/News/pr021216-ssh.html (1 Reply)
Discussion started by: Neo
1 Replies
Login or Register to Ask a Question