04-09-2004
shh authorization problem
I have ssh setup on 2 boxes ( aix / linux ).
building a batchjob i have made a plaintext key.
I force the command in the authorized_keys file
running from aix -> linux
ssh -i ~/.ssh/batchkey user@remote works perfect
but from linux -> aix
it get the following
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/noluser/.ssh/batchkey
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
it is offering the publickey but still goes to asking the password.
Same debug on aix -> linux gives
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /bunolleken/users/joeri/.ssh/batchkey
debug1: Remote: Forced command: date
??? why ???
10 More Discussions You Might Find Interesting
1. OS X (Apple)
I am building an installable package (.pkg) with PackageMaker 1.1.11 (that's the one that comes with Panther).
The package is for installing things both to /Applications and to some folders in /Library (/Library/StartupItems and a new folder that I'm putting in /Library).
I do (obviously) not... (4 Replies)
Discussion started by: ropers
4 Replies
2. Linux
Hi,
I created a user, however, l want this user to be able to configure some services in REd Hat 8.0 such changing of Network address which is exclusive to root super user. Unlike in Openserver or Unixware were you can assign authorization and privileges to user. I have not being able to figure... (5 Replies)
Discussion started by: kayode
5 Replies
3. Programming
Greetings,
I am writing a C socket application that needs NTLM authorization before it can post HTTP requests, and
I am having trouble with NTLM authorization messages.
:b: I've found the following urls extremely valuable for creating message functions:
Davenport WebDAV-SMB Gateway... (1 Reply)
Discussion started by: edvin
1 Replies
4. UNIX for Advanced & Expert Users
I see a lot of thread on LDAP Authentication but I want to enable LDAP Authentication with Authorization. Meaning, removing the user ID's and groups from the local servers and move them to an LDAP server. When a user logs in (via LDAP) they will be given their group memberships and access to the... (3 Replies)
Discussion started by: scottsl
3 Replies
5. UNIX for Dummies Questions & Answers
I just installed the latest version of unbuntu server and want to connect from windows using a ssh client. This is my first linux server, so bare with me =)
For my server...
cat /etc/hostsgives me
127.0.0.1 localhost
127.0.1.1 ubuntuHomeI tried using ssh secure shell and putty in vista.... (11 Replies)
Discussion started by: Bandit390
11 Replies
6. Red Hat
Hi,
I've configured two linux boxes to authenticate against Windows Active Directory using Kerberos while retrieving authorization data (uids, gids ,,,)from NIS.
The problem I ran into with my PAM configuration is that all authentication attempts succeed in order.i.e. if someone tried his... (0 Replies)
Discussion started by: geek.ksa
0 Replies
7. Red Hat
Good day to anyone. I need your help.
I want to create a centralization server for authorization my users via SSH connections. My manager suggested me a RADIUS + PAM, but frankly speaking I read a lot information about these and understood one thing - RADIUS could work only with password... (0 Replies)
Discussion started by: jess_t03
0 Replies
8. BSD
Dear all,
I've got problems with X server authentication using `xauth'. The problem is, that I have my local computer running NetBSD 5.1 and a remote computer in LAN which is running Debian GNU Linux. During the login to my NetBSD computer `xdm' generates a magic cookie for my DISPLAY. Then I... (2 Replies)
Discussion started by: sidorenko
2 Replies
9. UNIX for Advanced & Expert Users
The company I work for is trying to implement Sudoers.LDAP to centralize their sudoers infrastructure so the access management team and compliance teams don't have to run ragged over all of our servers. The AD team decided it would be better to set up a separate LDAP server rather than put a new... (1 Reply)
Discussion started by: Wolvendeer
1 Replies
10. UNIX for Beginners Questions & Answers
Hi All,
Hoping someone can help with something I'm sure is an easy fix. I'm trying to setup a cron to ssh to a server and check if a process is running. I've got keys setup from the jumpbox which I'm originating the check from (I don't have root privileges), when running the check manually from... (3 Replies)
Discussion started by: mutley2202
3 Replies
LEARN ABOUT FREEBSD
ssh-keysign
SSH-KEYSIGN(8) BSD System Manager's Manual SSH-KEYSIGN(8)
NAME
ssh-keysign -- ssh helper program for host-based authentication
SYNOPSIS
ssh-keysign
DESCRIPTION
ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication with
SSH protocol version 2.
ssh-keysign is disabled by default and can only be enabled in the global client configuration file /etc/ssh/ssh_config by setting
EnableSSHKeysign to ``yes''.
ssh-keysign is not intended to be invoked by the user, but from ssh(1). See ssh(1) and sshd(8) for more information about host-based authen-
tication.
FILES
/etc/ssh/ssh_config
Controls whether ssh-keysign is enabled.
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_ed25519_key
/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to generate the digital signature. They should be owned by root, read-
able only by root, and not accessible to others. Since they are readable only by root, ssh-keysign must be set-uid root if host-
based authentication is used.
/etc/ssh/ssh_host_dsa_key-cert.pub
/etc/ssh/ssh_host_ecdsa_key-cert.pub
/etc/ssh/ssh_host_ed25519_key-cert.pub
/etc/ssh/ssh_host_rsa_key-cert.pub
If these files exist they are assumed to contain public certificate information corresponding with the private keys above.
SEE ALSO
ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)
HISTORY
ssh-keysign first appeared in OpenBSD 3.2.
AUTHORS
Markus Friedl <markus@openbsd.org>
BSD
December 7, 2013 BSD