Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Help troubleshooting RSA Key login attempts
Special Forums Cybersecurity Help troubleshooting RSA Key login attempts Post 302852501 by derndingle on Wednesday 11th of September 2013 04:32:07 PM
Old 09-11-2013
Help troubleshooting RSA Key login attempts
I'm stumped on an issue I'm having with RSA key based SSH logons.

I have 30 servers in a database cluster. They are all Red Hat Enterprise Linux Server release 6.4.

I want to be able to run a command on all of them from any one of them using SSH.

I generated private and public keys on each of them, pasted all the public keys together into an authorized_keys file and copied that file into ~/.ssh on each of the servers. I then wrote a script to run a command on each of the servers and it runs without prompting for a password on 29 out of the 30. On that one, it prompts for a password every time.

I thought maybe I just messed something up with my copying and pasting, so I went through the entire process again, and ended up wtih the same results. For some reason, I just can't get this one server to use it's authorized_keys file. I tried running the script from other servers in the group and it always fails on the same one. I also tried generating a key using Putty on my workstation and added it to the authorized_keys files on a few of the servers (including the problem one.) Putty failed to connect to that one server, but worked fine on all the others also.

I tried going through the whole process again with a different user ID, and it worked fine on all 30 servers. So it seems to be a problem isolated to that one user ID on the one server.

I'm out of ideas on what else to check or where to look for differences. Does anyone have any suggestions for things to check?

Thanks!
 

10 More Discussions You Might Find Interesting

1. Solaris

invalid login attempts...

I am wondering if solaris captures id's associated w/invalid login attempts? when I try to login as "test1" several (3-5) times, I do not find any userID info under "/var/adm" files: utmpx wtmpx messages lastlog Is there another location/log I should be checking? Is it necessary for... (6 Replies)
Discussion started by: mr_manny
6 Replies

2. UNIX for Dummies Questions & Answers

Register RSA Key fingerprint with JVM 1.4.2

Hi, We wish to register RSA key fingerprint with JVM 1.4.2 under UNIX environment. Any inputs how to go for it? The output we are getting as "The authenticity of host 'sxfer01.bluecrossmn.com (159.136.224.30)' can't be established. RSA key fingerprint is... (0 Replies)
Discussion started by: asawari
0 Replies

3. Shell Programming and Scripting

RSA key fingerprint needs to be avoided.

Hi All, I need to scp a folder from one host to another in a script. When I run a command , it asks me to authenticate for the RSA key fingerprint for the first time. # scp -r temp1 root@iqcarrot:/root/ The authenticity of host 'iqmango.apac.avaya.com (148.147.172.112)' can't be... (2 Replies)
Discussion started by: nua7
2 Replies

4. AIX

Invalid login attempts

How can I see the number of invalid login attempts of a user? Thanks, (9 Replies)
Discussion started by: agasamapetilon
9 Replies

5. Linux

RSA decrypt with public key ?

Dear All, I need to decrypt with private key most of the time and this works for RSA. At times I need to decrypt with public key (data is encrypted with private key). This does not seem to work via VB.Net. Is there support for such an activity in Java on Linux or Windows ? Please advise. ... (3 Replies)
Discussion started by: Sushma Y
3 Replies

6. Shell Programming and Scripting

automating RSA key pair generation

I want to automate the process of generating RSA keys. I want to remotley login to a linux machine from a windows maching without having to enter a password. For this I need to generate the RSA key pair. but I want to do this procedure on alot of linux machines. For which I was looking to automate... (2 Replies)
Discussion started by: lassimanji
2 Replies

7. UNIX for Dummies Questions & Answers

How to change the RSA key fingerprint?

Hi there, I have a Linux Debian machine with the following fingerprint : e1:95:11:46:ff:d1:e3:4a:a3:34:1a:25:b4:d8:f1:cb. I'd like to set this fingerprint to : cd:19:bd:f6:8e:00:7a:69:14:52:a1:73:cb:15:a5:ca. I have very specific reasons to do that. So please only answer if you know how... (5 Replies)
Discussion started by: chebarbudo
5 Replies

8. UNIX for Advanced & Expert Users

RSA host key addition

Guys How do i add RSA key for a host ? I was able to connect to a host some time back but now its not connectable ,via SSH. Message i get is : abhi@myHost:~/.ssh> ssh eatcid@yourHost @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION... (3 Replies)
Discussion started by: ak835
3 Replies

9. Red Hat

How to use rsa key for a different user?

Hi All, I have a scenario where from machine1 I need to establish sftp/ssh to machine2. Internet is full of examples of this how to generate they key-pair etc... but all examples assume that the account is the same on machine1 and machine2. I would like to do the following: 1) user1 on... (3 Replies)
Discussion started by: snailrider
3 Replies

10. Shell Programming and Scripting

Rsa public private key matching

Hi All, I have a requirement where i need to check if an rsa public key corresponds to a private key and hence return success or failure. Currently i am using the command diff <( ssh-keygen -y -e -f "$PRIVKEY" ) <( ssh-keygen -y -e -f "$PUBLICKEY" ) and its solving my purpose. This is in... (1 Reply)
Discussion started by: mritusmoi
1 Replies

LEARN ABOUT REDHAT

ssh-keygen

SSH-KEYGEN(1)						    BSD General Commands Manual 					     SSH-KEYGEN(1)

NAME

     ssh-keygen -- authentication key generation, management and conversion

SYNOPSIS

     ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment] [-f output_keyfile]
     ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
     ssh-keygen -i [-f input_keyfile]
     ssh-keygen -e [-f input_keyfile]
     ssh-keygen -y [-f input_keyfile]
     ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]
     ssh-keygen -l [-f input_keyfile]
     ssh-keygen -B [-f input_keyfile]
     ssh-keygen -D reader
     ssh-keygen -U reader [-f input_keyfile]

DESCRIPTION

     ssh-keygen generates, manages and converts authentication keys for ssh(1).  ssh-keygen can create RSA keys for use by SSH protocol version 1
     and RSA or DSA keys for use by SSH protocol version 2. The type of key to be generated is specified with the -t option.

     Normally each user wishing to use SSH with RSA or DSA authentication runs this once to create the authentication key in $HOME/.ssh/identity,
     $HOME/.ssh/id_dsa or $HOME/.ssh/id_rsa.  Additionally, the system administrator may use this to generate host keys, as seen in /etc/rc.

     Normally this program generates the key and asks for a file in which to store the private key.  The public key is stored in a file with the
     same name but ``.pub'' appended.  The program also asks for a passphrase.	The passphrase may be empty to indicate no passphrase (host keys
     must have an empty passphrase), or it may be a string of arbitrary length.  A passphrase is similar to a password, except it can be a phrase
     with a series of words, punctuation, numbers, whitespace, or any string of characters you want.  Good passphrases are 10-30 characters long,
     are not simple sentences or otherwise easily guessable (English prose has only 1-2 bits of entropy per character, and provides very bad
     passphrases), and contain a mix of upper and lowercase letters, numbers, and non-alphanumeric characters.	The passphrase can be changed
     later by using the -p option.

     There is no way to recover a lost passphrase.  If the passphrase is lost or forgotten, a new key must be generated and copied to the corre-
     sponding public key to other machines.

     For RSA1 keys, there is also a comment field in the key file that is only for convenience to the user to help identify the key.  The comment
     can tell what the key is for, or whatever is useful.  The comment is initialized to ``user@host'' when the key is created, but can be changed
     using the -c option.

     After a key is generated, instructions below detail where the keys should be placed to be activated.

     The options are as follows:

     -b bits
	     Specifies the number of bits in the key to create.  Minimum is 512 bits.  Generally 1024 bits is considered sufficient, and key sizes
	     above that no longer improve security but make things slower.  The default is 1024 bits.

     -c      Requests changing the comment in the private and public key files.  This operation is only supported for RSA1 keys.  The program will
	     prompt for the file containing the private keys, for the passphrase if the key has one, and for the new comment.

     -e      This option will read a private or public OpenSSH key file and print the key in a 'SECSH Public Key File Format' to stdout.  This
	     option allows exporting keys for use by several commercial SSH implementations.

     -f filename
	     Specifies the filename of the key file.

     -i      This option will read an unencrypted private (or public) key file in SSH2-compatible format and print an OpenSSH compatible private
	     (or public) key to stdout.  ssh-keygen also reads the 'SECSH Public Key File Format'.  This option allows importing keys from several
	     commercial SSH implementations.

     -l      Show fingerprint of specified public key file.  Private RSA1 keys are also supported.  For RSA and DSA keys ssh-keygen tries to find
	     the matching public key file and prints its fingerprint.

     -p      Requests changing the passphrase of a private key file instead of creating a new private key.  The program will prompt for the file
	     containing the private key, for the old passphrase, and twice for the new passphrase.

     -q      Silence ssh-keygen.  Used by /etc/rc when creating a new key.

     -y      This option will read a private OpenSSH format file and print an OpenSSH public key to stdout.

     -t type
	     Specifies the type of the key to create.  The possible values are ``rsa1'' for protocol version 1 and ``rsa'' or ``dsa'' for protocol
	     version 2.

     -B      Show the bubblebabble digest of specified private or public key file.

     -C comment
	     Provides the new comment.

     -D reader
	     Download the RSA public key stored in the smartcard in reader.

     -N new_passphrase
	     Provides the new passphrase.

     -P passphrase
	     Provides the (old) passphrase.

     -U reader
	     Upload an existing RSA private key into the smartcard in reader.

FILES

     $HOME/.ssh/identity
	     Contains the protocol version 1 RSA authentication identity of the user.  This file should not be readable by anyone but the user.
	     It is possible to specify a passphrase when generating the key; that passphrase will be used to encrypt the private part of this file
	     using 3DES.  This file is not automatically accessed by ssh-keygen but it is offered as the default file for the private key.  ssh(1)
	     will read this file when a login attempt is made.

     $HOME/.ssh/identity.pub
	     Contains the protocol version 1 RSA public key for authentication.  The contents of this file should be added to
	     $HOME/.ssh/authorized_keys on all machines where the user wishes to log in using RSA authentication.  There is no need to keep the
	     contents of this file secret.

     $HOME/.ssh/id_dsa
	     Contains the protocol version 2 DSA authentication identity of the user.  This file should not be readable by anyone but the user.
	     It is possible to specify a passphrase when generating the key; that passphrase will be used to encrypt the private part of this file
	     using 3DES.  This file is not automatically accessed by ssh-keygen but it is offered as the default file for the private key.  ssh(1)
	     will read this file when a login attempt is made.

     $HOME/.ssh/id_dsa.pub
	     Contains the protocol version 2 DSA public key for authentication.  The contents of this file should be added to
	     $HOME/.ssh/authorized_keys on all machines where the user wishes to log in using public key authentication.  There is no need to keep
	     the contents of this file secret.

     $HOME/.ssh/id_rsa
	     Contains the protocol version 2 RSA authentication identity of the user.  This file should not be readable by anyone but the user.
	     It is possible to specify a passphrase when generating the key; that passphrase will be used to encrypt the private part of this file
	     using 3DES.  This file is not automatically accessed by ssh-keygen but it is offered as the default file for the private key.  ssh(1)
	     will read this file when a login attempt is made.

     $HOME/.ssh/id_rsa.pub
	     Contains the protocol version 2 RSA public key for authentication.  The contents of this file should be added to
	     $HOME/.ssh/authorized_keys on all machines where the user wishes to log in using public key authentication.  There is no need to keep
	     the contents of this file secret.

AUTHORS

     OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
     Theo de Raadt and Dug Song removed many bugs, re-added newer features and created OpenSSH.  Markus Friedl contributed the support for SSH
     protocol versions 1.5 and 2.0.

SEE ALSO

     ssh(1), ssh-add(1), ssh-agent(1), sshd(8)

     J. Galbraith and R. Thayer, SECSH Public Key File Format, draft-ietf-secsh-publickeyfile-01.txt, March 2001, work in progress material.

BSD
								September 25, 1999							       BSD
All times are GMT -4. The time now is 11:09 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy