Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: SSH Keys Authentication keeps asking for password
Top Forums UNIX for Dummies Questions & Answers SSH Keys Authentication keeps asking for password Post 302652993 by RedSpyder on Friday 8th of June 2012 08:36:08 AM
Old 06-08-2012
Data SSH Keys Authentication keeps asking for password
Hi!

Im trying to set access from ServerA(SunOS) to ServerB(Some custom Linux with Keyboard Interactive login) with SSH Keys. As a proof of concept I was able to do it between 2 virtual machines. Now in my real life scenario it isnt working.

I created the keys in ServerA, copied them to ServerB, chmod'd .ssh folders to 700 on both ServerA,B.

For me *it seems* its working, but at the end it still falls back to Keyboard Interactive. Here is the log of what I get.

Code:
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /xxx/.ssh/identity type -1
debug1: identity file /xxx/.ssh/id_rsa type 1
debug1: identity file /xxx/.ssh/id_dsa type -1
debug1: Logging to host: xxx.xxx.xxx.xxx
debug1: Local user: xxx Remote user: xxx
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2
debug1: match: OpenSSH_4.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1.4
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: Peer sent proposed langtags, ctos:
debug1: Peer sent proposed langtags, stoc:
debug1: We proposed langtags, ctos: en-US
debug1: We proposed langtags, stoc: en-US
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 125/256
debug1: bits set: 1039/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'XXX.XXX.XXX.XXX' is known and matches the RSA host key.
debug1: Found key in /XXX/.ssh/known_hosts:1
debug1: bits set: 1061/2048
debug1: ssh_rsa_verify: signature correct
debug1: newkeys: mode 1
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /XXXX/.ssh/identity
debug1: Trying public key: /xxx/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /xxx/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:

Why it still asks for my password?

Thanks in advance
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

SSH with RSA keys - error contacting the authentication agent

Hi all, Basic Requirement: To SFTP large files (usually 10GB). We use webMethods 6.1.2 (installed on Unix) as the orchstrator and make underlying Unix system calls to do the processing. That is, if we have to SFTP a large file - webMethods will invoke a Perl script on the underlying Unix... (2 Replies)
Discussion started by: sandeeppotdar
2 Replies

2. HP-UX

sftp/scp/ssh script with password as authentication

Hello, Do you guys know set of commands that can incorporate to sftp/scp/ssh to add password in a script to automate file transfer. Our client is not using ssh keys authentication so we are force to create a script to pass the password into the script to transfer files via sftp/scp/ssh. We... (4 Replies)
Discussion started by: james_falco
4 Replies

3. Red Hat

SSH Prompts for Password After Keys Setup Successfully

I setup the keys between 2 servers, but my user account has no password specified for it (never set one up on the account for security reasons). When I try to SSH to the server, SSH prompts for a password that doesn't exist (so I can never connect successfully). Note: 'passwd -d Rynok' removes... (3 Replies)
Discussion started by: Rynok
3 Replies

4. AIX

ssh keys - no password prompt from AIX to RPA

hello, i am running an AIX 5.3 machine and i want to connect via ssh to the RPA Management site without prompting for password. i already had a public key of this server as i use the same thing for ssh connection with other AIX machines. i connected to the RPA Management Site and i run the... (9 Replies)
Discussion started by: omonoiatis9
9 Replies

5. Red Hat

prompting for passwords even i configured ssh password less authentication

There are two servers : 1. Site 2. Testing from site server i want to connect testing server with ssh password less authentication. i generated public and private keys with ssh-keygen -t rsa on site server. cat id_rsa >> authorized_keys cat id_rsa.pub >> authorized_keys i... (15 Replies)
Discussion started by: rehantayyab82
15 Replies

6. UNIX for Dummies Questions & Answers

[SSH-RSA] Still prompting for password after generating keys

Hello, I'm trying to perform these operations without entering any password, as user "fzd":fzd@machine1> scp /tmp/srcFile1 fzd@machine2:/tmp/$destFile fzd@machine1> scp fzd@machine2:/tmp/$srcFile /tmp/$destFilebut alsofzd@machine1> scp /tmp/srcFile1 machine2:/tmp/$destFile fzd@machine1> scp... (6 Replies)
Discussion started by: fzd
6 Replies

7. Shell Programming and Scripting

How to run commands on remote server using ssh password less authentication?

Hi, I need to run a script located in a directory on remote server by using ssh authentication from my local unix server. Can anyone help me in this. I have tried the below command. It worked for echo command but when i tried to open a file using cat command it is showing "cat: cannot open... (6 Replies)
Discussion started by: ssk250
6 Replies

8. Linux

Linux password aging and ssh keys

Recently I have been playing with password ageing and the usage of ssh keys. I have found that if usePAM yes (default) is set in the /etc/ssh/sshd_config file then any password ageing and inactiivity can adversely affect a client with ssh keys. For example: Set PASS_MAX_DAYS to 60 in... (5 Replies)
Discussion started by: smurphy_it
5 Replies

9. Shell Programming and Scripting

SFTP or scp with password in a batch script without using SSH keys and expect script

Dear All, I have a requirement where I have to SFTP or SCP a file in a batch script. Unfortunately, the destination server setup is such that it doesn't allow for shell command line login. So, I am not able to set up SSH keys. My source server is having issues with Expect. So, unable to use... (5 Replies)
Discussion started by: ss112233
5 Replies

10. UNIX for Beginners Questions & Answers

Help with password 'maintenance' or maybe I just need to generate ssh keys?

Hi gurus, I am NOT the SA of the servers so very limited on what I can do. Basically the scenario is like this: Every 6 months our password expires and we have to reset them to comply to some password rules. Thing is users, me included, tend to have plaintext copy of this difficult to... (2 Replies)
Discussion started by: newbie_01
2 Replies

LEARN ABOUT NETBSD

pam_ssh

PAM_SSH(8)						    BSD System Manager's Manual 						PAM_SSH(8)

NAME

     pam_ssh -- authentication and session management with SSH private keys

SYNOPSIS

     [service-name] module-type control-flag pam_ssh [options]

DESCRIPTION

     The SSH authentication service module for PAM provides functionality for two PAM categories: authentication and session management.  In terms
     of the module-type parameter, they are the ``auth'' and ``session'' features.

   SSH Authentication Module
     The SSH authentication component provides a function to verify the identity of a user (pam_sm_authenticate()), by prompting the user for a
     passphrase and verifying that it can decrypt the target user's SSH key using that passphrase.

     The following options may be passed to the authentication module:

     use_first_pass  If the authentication module is not the first in the stack, and a previous module obtained the user's password, that password
		     is used to authenticate the user.	If this fails, the authentication module returns failure without prompting the user for a
		     password.	This option has no effect if the authentication module is the first in the stack, or if no previous modules
		     obtained the user's password.

     try_first_pass  This option is similar to the use_first_pass option, except that if the previously obtained password fails, the user is
		     prompted for another password.

     nullok	     Normally, keys with no passphrase are ignored for authentication purposes.  If this option is set, keys with no passphrase
		     will be taken into consideration, allowing the user to log in with a blank password.

   SSH Session Management Module
     The SSH session management component provides functions to initiate (pam_sm_open_session()) and terminate (pam_sm_close_session()) sessions.
     The pam_sm_open_session() function starts an SSH agent, passing it any private keys it decrypted during the authentication phase, and sets
     the environment variables the agent specifies.  The pam_sm_close_session() function kills the previously started SSH agent by sending it a
     SIGTERM.

     The following options may be passed to the session management module:

     want_agent  Start an agent even if no keys were decrypted during the authentication phase.

FILES

     $HOME/.ssh/identity  SSH1 RSA key
     $HOME/.ssh/id_rsa	  SSH2 RSA key
     $HOME/.ssh/id_dsa	  SSH2 DSA key
     $HOME/.ssh/id_ecdsa  SSH2 ECDSA key

SEE ALSO

     ssh-agent(1), pam.conf(5), pam(8)

AUTHORS

     The pam_ssh module was originally written by Andrew J. Korty <ajk@iu.edu>.  The current implementation was developed for the FreeBSD Project
     by ThinkSec AS and NAI Labs, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
     (``CBOSS''), as part of the DARPA CHATS research program.	This manual page was written by Mark R V Murray <markm@FreeBSD.org>.

SECURITY CONSIDERATIONS

     The pam_ssh module implements what is fundamentally a password authentication scheme.  Care should be taken to only use this module over a
     secure session (secure TTY, encrypted session, etc.), otherwise the user's SSH passphrase could be compromised.

     Additional consideration should be given to the use of pam_ssh.  Users often assume that file permissions are sufficient to protect their SSH
     keys, and thus use weak or no passphrases.  Since the system administrator has no effective means of enforcing SSH passphrase quality, this
     has the potential to expose the system to security risks.

BSD
								 December 16, 2011							       BSD
All times are GMT -4. The time now is 07:26 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy