SSH Public key Authentication Issue Post: 302480495

Sponsored Content

Operating Systems Linux Red Hat SSH Public key Authentication Issue Post 302480495 by maverick_here on Wednesday 15th of December 2010 05:46:45 AM

12-15-2010

Registered User

SSH Public key Authentication Issue

Hi All;

I have an issue with password less authentication via ssh ( v2)

I have two servers Server A and Server B, following are the server details

Code:

Server A 

OS - HP UX B.11.11 U 9000/800
SSH - OpenSSH_4.3p2-hpn, OpenSSL 0.9.7i 14 Oct 2005
HP-UX Secure Shell-A.04.30.000, HP-UX Secure Shell version


Server B 

OS - Red Hat Enterprise Linux AS release 4 (Nahant Update 3)
SSH -OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003

I have copied the public keys across both the servers and pasted them in authorized_keys file. Following are the things i have checked

a] .ssh -- direcotry permission is set to 700 on both boxes
b] authorized_keys file is 640 in terms of permission

The issue is I m able to connect to Server A from Server B as user xyz ( whose keys have been exchanged for paswordless auth) .When I try the same from Server B to Server A I fail and it prompts me for a password.

Following is the debug log

Code:

ssh -v ServerA
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to ServerA [xx.xx.xx.xx] port 22.
debug1: Connection established.
debug1: identity file /home/xyz/.ssh/identity type -1
debug1: identity file /home/xyz/.ssh/id_rsa type 1
debug1: identity file /home/xyz/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2-hpn
debug1: match: OpenSSH_4.3p2-hpn pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'uxcati02' is known and matches the RSA host key.
debug1: Found key in /home/xyz/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/xyz/.ssh/identity
debug1: Offering public key: /home/xyz/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/xyz/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:

Any ideas

Thanks
Syed

maverick_here

View Public Profile for maverick_here

Find all posts by maverick_here

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

SSH Public key method

do we need root access for the remote server to ssh without a password(i.e by using id_rsa.pub method)???

2. UNIX for Advanced & Expert Users

SSH - Public key

When should one have to generate a public key on a Server when the public key is already created and used by other clients? Thanks, Rahul.

3. Shell Programming and Scripting

Generate Public Key when the server is not ssh enabled

I am writing a script that needs to access various servers some of which are not ssh enabled. In order to access the ssh enabled servers I am using the following command to generate the public key : ssh-keygen -t rsa Is there a similar command for the other servers as well. If I try to use...

4. UNIX for Advanced & Expert Users

Generate Public key for non ssh enabled servers

5. AIX

ssh public key setup questions.

Hi all, I have N number of AIX hosts, where I need to login frequently and do some routine tasks (run some scripts). I need to setup ssh public/private key, so I can auto-login via a master (wrapper) script and run each script in each server. I am trying to setup/generate ssh keys, but am...

6. UNIX for Dummies Questions & Answers

Public Key Authentication over SSH and Sudo-ing Implementation

Hi, We are currently implementing an Identity Management application which has several Unix systems as its target system. A pre-defined connector will be installed to provide connection between the Identity Management application and the Unix target system. The connection will use Public Key...

7. Solaris

Solaris 8 ssh public key authentication issue - Server refused our key

Hi, I've used the following way to set ssh public key authentication and it is working fine on Solaris 10, RedHat Linux and SuSE Linux servers without any problem. But I got error 'Server refused our key' on Solaris 8 system. Solaris 8 uses SSH2 too. Why? Please help. Thanks. ...

8. UNIX for Dummies Questions & Answers

how to create a public/private key using ssh-keygen

Hi, please guide me create a public/private key using ssh-keygen, lets say I have been access to server named pngpcdb1with a userid and password ...!!! and also please explain in detail the concept of these keys and ssh as I was planning to use them in ftp related scripts..! Thanks in...

9. UNIX for Advanced & Expert Users

SSH public key failing without error message

My password-free ssh connection has worked in the past but has stopped working and I can't get it going again. The files in .ssh on both source and target are set to 600: drwx------ 2 ingres 1024 Mar 2 13:57 . drwxr-xr-x 25 ingres 2048 Mar 29 09:38 .. -rw------- 1 ingres ...

10. Shell Programming and Scripting

Public key issue

I generated a public key that we are using for ssh and sftp but I noticed that I am still being asked for a password when I run my script. is there something I need to put in my script? Our linux guy said he placed keys on both servers.

LEARN ABOUT DEBIAN

mussh

MUSSH(1)							   MUltihost SSH							  MUSSH(1)

NAME

       mussh - MUltihost SSH

SYNOPSIS

       mussh [ OPTIONS ] <-h host...  | -H hostfile > [-c cmd ] [-C scriptfile ]

DESCRIPTION

       mussh  is a shell script that allows you to execute a command or script over ssh(1) on multiple hosts with one command. When possible mussh
       will use ssh-agent(1) and RSA/DSA keys to minimize the need to enter your password more than once.

OPTIONS

       --help Prints full help text.

       -d     Same as -d 1

       -d 0   Turns debug mode off.

       -d 1   On STDERR prints out basic actions and ssh-agent activity and which host is being connected to.

       -d 2   Includes all of the output from -d1, the list of hosts, the command/script as it will be executed on each host, and a lot more.

       -v     Same as -v 1

       -v 1   Sets ssh in debug1 mode by passing "-v" to ssh.

       -v 2   Sets ssh in debug2 mode by passing "-v -v" to ssh.

       -v 3   Sets ssh in debug3 mode by passing "-v -v -v" to ssh.

       -m [n] Run concurrently on 'n' hosts at a time (asynchronous).  Use '0' (zero) for infinite. (default)

       -q     No output unless necessary.  This will cancel -d and -v if after them on the command line.  It also suppresses the  output  of  each
	      host.  This will NOT suppress the password/passphrase prompts required to log into each host.

       -i <identity> [identity ..]
	      Load  an identity file.  When -i is used, the specified identity file(s) is loaded instead of the default identity.  You can load as
	      many RSA/DSA identities as you'd like.

       -o <ssh-args>
	      Args to pass to ssh with -o option.  See the ssh(1) man page for more info on the -o option.

       -a     Force loading ssh-agent.	Without this flag, mussh will not load another agent when one is already loaded.

       -A     Do NOT load ssh-agent.  If no agent is loaded you will be prompted for a password or passphrase by ssh for each host.  If you do not
	      have RSA/DSA keys for the destination hosts, this will save you some hassle.

       -b     Print each hosts' output in a block without mingling with other hosts' output.

       -B     Allow hosts' output to mingle. (default)

       -u     Unique.	Eliminate  duplicate  hosts.  (default) If you a host or user@host occurs more than once across files specified with -H or
	      hosts specified with -h, the host or user@host is used only once.

       -U     Do NOT make host list unique.  This simply overrides the -u flag.  This will cause scripts to be executed on  duplicate  hosts  once
	      per listing.

       -P     Do  NOT fall back to passwords on any host.  This will skip hosts where keys fail.  If you use this with '-d' you'll still see which
	      hosts failed.

       -l <login>
	      Use 'login' when no other is specified with hostname.

       -L <login>
	      Force use of 'login' name on all hosts.  These can be handy for adding 'root@' to hostnames kept in a file for -H option.   With	-h
	      it means you get to type less.

       -s <shell>
	      Path to shell on remote host. (Default: bash)

       -t <secs>
	      Timeout setting for each session.  (requires openssh 3.8 or newer)

       -V     Print version info and exit.

PROXY ARGS

       -p [user@]<host>
	      Host to use as proxy.  (Must have mussh installed)

       -po <ssh-args>
	      Args to pass to ssh on proxy with -o option.

HOST ARGS

       -h [user@]<host> [[user@]<host> ..]
	      Add a host to list of hosts.  May be used more than once.

       -H <file> [file ..]
	      Add contents of file(s) to list of hosts.  Files should have one host per line.  Use "#" for comments.

COMMAND ARGS

       If neither is specified, commands will be read from standard input.

       -c <command>
	      Add a command or quoted list of commands and args to list of commands to be executed on each host.  May be used more than once.

       -C <file> [file ..]
	      Add file contents to list of commands to be executed on each host.  May be used more than once.

PROXY MODE

       When proxying, mussh can use a single remote server to as a bastion host.  All hosts will be connected to from the central host rather than
       from the computer where you are initially running mussh.  This can be handy when you only have access to one machine behind a firewall.

       The proxy host must have OpenSSH 2.3 or greater, or an sshd that works with ForwardAgent under ssh2.  Proxy server  must  also  have  mussh
       installed in your PATH.	To verify that it is in your path use "ssh user@proxy 'which mussh'".  Use "ssh user@proxy 'echo $PATH'" to deter-
       mine what your path is.

SSH-AGENT INTERACTION
       Assuming that you're not turning off the agent with '-A' mussh will attempt to use ssh-agent(1).  Normally mussh will get rid of the  agent
       when it exits.  See EXAMPLES for examples.

EXAMPLES

       There is an EXAMPLES file with detailed examples.

       The basic command:
	      $ mussh -h foo bar baz

       A simple command:
	      $ mussh -h foo bar baz -c 'rpm -e emacs'

       A simple command asynchronously:
	      $ mussh -h foo bar baz -c 'rpm -e emacs' -m

       Using a specific key:
	      $ mussh -h foo bar baz -c 'rpm -e emacs' -i ~/.ssh/my_other.key

       Loading a list of hosts from a file:
	      $ mussh -H /tmp/hostlist.txt -c 'rpm -e emacs'

       Loading a script from a file:
	      $ mussh -h foo bar baz -C /tmp/scriptfile.sh

BUGS

       Please report any bugs at http://sourceforge.net/projects/mussh/

AUTHOR

       Dave Fogarty <doughnut at doughnut dot net>

SEE ALSO

       ssh(1), ssh-agent(1)

Doughnut							    August 2005 							  MUSSH(1)