Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

Intermitent issue with passwordless login

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Intermitent issue with passwordless login
# 1  
Old 07-25-2013
Question Intermitent issue with passwordless login
Hi,

I have two users login on my HPUX i.e user1 and user2.

Inorder to switch from user1 to user2 without password I generated key pair using keygen command for user id user1 and copied the its public key to the .ssh/authorized_keys file of user2.

Code:
ssh-keygen -b 2048 -t rsa

This helped to switch user1 to user2 without the need for the password.

However, what i observe is all of a sudden, especially after a long pause or when the session gets closed, switching user1 to user2 prompts for the password!! Thereafter it does not prompt.

Can you please help me debug this issue, so that it never asks for the password when switching user1 to user2 ?
# 2  
Old 07-25-2013
HP ssh with verbose
Code:
# chmod 700 ~/.ssh
# chmod 644 ~/.ssh/authorized_keys
# restorecon -R ~/.ssh

If it does not work , pls send output of the following command.

Code:
# ssh -vvv username@remote

# 3  
Old 07-26-2013
Tools
Quote:
Originally Posted by snjksh
Code:
# chmod 700 ~/.ssh
# chmod 644 ~/.ssh/authorized_keys
# restorecon -R ~/.ssh

If it does not work , pls send output of the following command.

Code:
# ssh -vvv username@remote

Thank you for your help, but i have two queries

Note: both the userids [user1 and user2] are on the same machine i.e. rootmachine
It works when i "ssh user2@rootmachine" but it does not work when i "sudo su - user2"

1. chmod and restorecon commands needs to be fire one by one on the terminal or do they need to be scripted somewhere ?

2. chmod and restorecon commands are for user1 or user 2 ?

I'v HP-UX and restrorecon does not seem to work !!

Code:
==> restorecon -R ~/.ssh
bash: restorecon: command not found

Please look at the output below.
Code:
rootmachine:/home/cosmos/user1> cd /appl/var/apache/conf
rootmachine:/appl/var/apache/conf> id
uid=3748157(user1) gid=238(cosmos)
rootmachine://appl/var/apache/conf> sudo su - user2
Password:
rootmachine://appl/var/apache/conf>
rootmachine://appl/var/apache/conf> ssh -vvv user2@rootmachine
OpenSSH_5.3p1+sftpfilecontrol-v1.3-hpn13v5, OpenSSL 0.9.8n 24 Mar 2010
HP-UX Secure Shell-A.05.30.009, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug3: RNG is ready, skipping seeding
debug2: ssh_connect: needpriv 0
debug1: Connecting to rootmachine [150.233.121.70] port 22.
debug1: Connection established.
debug1: identity file /home/cosmos/user1/.ssh/identity type -1
debug3: Not a RSA1 key file /home/cosmos/user1/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/cosmos/user1/.ssh/id_rsa type 1
debug1: identity file /home/cosmos/user1/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1+sftpfilecontrol-v1.3-hpn13v5
debug1: match: OpenSSH_5.3p1+sftpfilecontrol-v1.3-hpn13v5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1+sftpfilecontrol-v1.3-hpn13v5
debug2: fd 4 setting O_NONBLOCK
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 844
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 868
debug2: dh_gen_key: priv key bits set: 128/256
debug2: bits set: 502/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 1012
debug3: check_host_in_hostfile: filename /home/cosmos/user1/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename /home/cosmos/user1/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host 'rootmachine' is known and matches the RSA host key.
debug1: Found key in /home/cosmos/user1/.ssh/known_hosts:1
debug2: bits set: 521/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1028
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1076
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/cosmos/user1/.ssh/identity (0)
debug2: key: /home/cosmos/user1/.ssh/id_rsa (40037b20)
debug2: key: /home/cosmos/user1/.ssh/id_dsa (0)
debug3: Wrote 64 bytes for a total of 1140
debug3: input_userauth_banner
This system is restricted solely to MyCorp authorized users for legitimate business purposes only. The actual or attempted unauthorized access, use, or modification of this system is strictly prohibited by MyCorp. Unauthorized users are subject to Company disciplinary proceedings and/or criminal and civil penalties under state, federal, or other applicable domestic and foreign laws. The use of this system may be monitored and recorded for administrative and security reasons. Anyone accessing this system expressly consents to such monitoring and is advised that if monitoring reveals possible evidence of criminal activity, MyCorp may provide the evidence of such activity to law enforcement officials. All users must comply with MyCorp company policies regarding the protection of MyCorp information assets.
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/cosmos/user1/.ssh/identity
debug3: no such identity: /home/cosmos/user1/.ssh/identity
debug1: Offering public key: /home/cosmos/user1/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 368 bytes for a total of 1508
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: fp 48:23:39:01:14:e7:53:94:13:4b:3c:59:ff:98:61:e5
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type RSA
debug3: Wrote 640 bytes for a total of 2148
debug1: Authentication succeeded (publickey).
debug1: Final hpn_buffer_size = 131072
debug1: HPN Disabled: 1, HPN Buffer Size: 131072
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug3: Wrote 128 bytes for a total of 2276
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: fd 4 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: Wrote 384 bytes for a total of 2660
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 65536
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last successful login: Thu Jul 25 22:54:20 PDT 2013 on  /dev/pts/2

Last edited by Scott; 07-26-2013 at 08:40 AM.. Reason: Code tags
# 4  
Old 07-26-2013
ssh keys have nothing at all to do with sudo. You have to set up /etc/sudoers to grant you the privilege.
# 5  
Old 08-01-2013
Quote:
Originally Posted by jim mcnamara
ssh keys have nothing at all to do with sudo. You have to set up /etc/sudoers to grant you the privilege.
The issue is with paswordless login using ssh.

I wrote a switchuser.sh script as below.

Code:
more switchuser.sh
ssh $1@$(hostname)
exit 99 ;;

I was expecting that sh switchuser.sh user2 would help passwordless login.

But, instead i get the below error:

Quote:
mymac://home/myapp/user1> sh switchuser.sh user2
user2@mymac
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0777 for '/home/myapp/user1/.ssh/id_rsa' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /home/myapp/user1/.ssh/id_rsa
Password:
Kindly assist.
# 6  
Old 08-01-2013
The description of the error is pretty clear on what is failing.

Use 600 for your private key:
Code:
chmod 600 /home/myapp/user1/.ssh/id_rsa

This User Gave Thanks to verdepollo For This Post:
mohtashims
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Passwordless login gets deactivated after some time

Hi Friends, I was successfully able to login passwordlessly to server 1.1.1.2 from server 1.1.1.1 by following the below steps. I had already generated the keys using (ssh-keygen -t rsa) once and i am assuming i do not have to do that again. ssh id@1.1.1.2 mkdir -p .ssh cat... (8 Replies)
Discussion started by: srkmish
8 Replies

2. Shell Programming and Scripting

Expect script ssh passwordless login

how can i use an expect script to do a passwordless ssh login and run a script on a bunch of remote hosts? I do not want to use public key authentication as this would require me to setup the keys on the clients etc.... (2 Replies)
Discussion started by: tdubb123
2 Replies

3. Solaris

Passwordless sftp issue

Hello Experts, I am trying to setup passwordless sftp from one of linux box to solaris box. I have generated key-pair and below is the permissions of the respective files. drwx------. 2 sftpuser sftpuser 4096 Dec 17 23:57 .ssh drwx------. 2 sftpuser sftpuser 4096 Dec 17 23:57 .... (16 Replies)
Discussion started by: sai_2507
16 Replies

4. Shell Programming and Scripting

Passwordless Authentication and Anonymous login

Hi, I am in the process FTPing some of my report files from my production server to another FTP server through batch/Shell Script. This is working fine with the password less authentication. Once i place all my report files in the ftp server the end users need to download ... (3 Replies)
Discussion started by: Showdown
3 Replies

5. Solaris

[solved] Ssh passwordless login not working

This is Solaris 10 and sorce+destination are non root user. Somehow it is broke and I am not able to fix it. Already checked permissions on both servers and authorized_keys entry of destination is same as id_rsa.pub of source server. I can not regenerate keys on source server because I do not know,... (0 Replies)
Discussion started by: solaris_1977
0 Replies

6. HP-UX

Unable To Perform A "Passwordless" SSH Login To A Server

Greetings! I am trying to perform a passwordless SSH login from a HPUX 11.31 client to a HPUX 11.31 server. Whenever I do a "ssh -l root serverA" from the client, I am prompted for a password. Giving the password, I am able to successfully login. However I am trying to accomplish a... (9 Replies)
Discussion started by: Rob Sandifer
9 Replies

7. Solaris

passwordless login issue with ssh keys

Hi GUYS, Me have 2 servers, eg:: A & B id_dsa.pub key of B had been put in authorized_keys of A & Vice versa Passwordless login going from A to B. But while connecting from B to A ,its asking password Any one please help me out.. (6 Replies)
Discussion started by: racechap
6 Replies

8. Solaris

Passwordless Login between users

Hi Gurus, Wanted to know if there is a way to enable passwordless login between specific users in a Solaris (5.9)server. I copied the public key of first user into the $HOME/.ssh/authorized_keys file of the second user. But it didn't work out. Note - Am talking about users in the same... (9 Replies)
Discussion started by: Hari_Ganesh
9 Replies

9. Red Hat

authorized_keys and passwordless login

I am trying to set up ssh/scp to be able to login in w/o using a password. The man pages for ssh and ssh-keygen explain how to do this. So, using "rsa1" style, I created the public and private keys by way of ssh-keygen, then added the contents of "$HOME/.ssh/identity.pub" to a newly created... (6 Replies)
Discussion started by: mcrouch_2003
6 Replies
Login or Register to Ask a Question