[Solved] Passwordless SSH problem with AIX machines
Hello,
I am trying to setup passwordless nophrase ssh between two machines for the user id: oraprod
here is what I did for a non-root user: oraprod
whoami:
oraprod
Machine A:
Code:
ssh-keygen -t dsa
cat ~/.ssh/id_rsa.pub
# GO TO MACHINE B
create
vi ~/.ssh/authorized_keys
paste from Machine A the contents of the file id_rsa.pub
save the file
cp authorized_keys authorized_keys2
chmod 777 authorized_keys
chmod 777 authorized_keys2
Code:
Machine A
drwxrwxrwx 2 oraprod dba 256 Dec 27 12:51 .ssh
# cd .ssh
#
#
# pwd
/home/oraprod/.ssh
# ls -ltra
total 32
drwxr-xr-x 3 oraprod dba 256 Dec 27 10:00 ..
-rw-r--r-- 1 oraprod dba 798 Dec 27 12:47 known_hosts
-rwxrwxrwx 1 oraprod dba 395 Dec 27 12:50 authorized_keys
-rw-r--r-- 1 oraprod dba 397 Dec 27 12:51 id_rsa.pub
-rw------- 1 oraprod dba 1675 Dec 27 12:51 id_rsa
drwxrwxrwx 2 oraprod dba 256 Dec 27 12:51 .
Machine B
drwxrwxrwx 2 oraprod dba 256 Dec 27 15:52 .ssh
$ cd ~/.ssh
$ ls
authorized_keys id_rsa id_rsa.pub known_hosts
$ ls -ltra
total 32
drwxr-xr-x 4 oraprod dba 256 Dec 27 13:37 ..
-rw-r--r-- 1 oraprod dba 400 Dec 27 15:48 known_hosts
-rw-r--r-- 1 oraprod dba 395 Dec 27 15:49 id_rsa.pub
-rw------- 1 oraprod dba 1675 Dec 27 15:49 id_rsa
-rwxrwxrwx 1 oraprod dba 397 Dec 27 15:52 authorized_keys
drwxrwxrwx 2 oraprod dba 256 Dec 27 15:52 .
$
REPEAT THE SAME FOR MACHINE B
Now, i read that SSH is very particular about permissions so I have changed the permissions to
Code:
~/.ssh/authorized_keys 600
~/.ssh 700
~ 755
Note that home directory permissions are very important as well... if your home directory is writable by other users, SSHD would not accept the key.
I am logged in to Machine A:
ssh Machine_B ls -ltra
it gives me message connection closed by host 10.x.x.x
what seems to be the issue ?
stopsrc -g ssh and then startsrc -g ssh
Machine A & Machine B /etc/ssh/sshd_config
Code:
# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
# IgnoreUserKnownHosts yes
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
PermitEmptyPasswords yes
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#UsePAM no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none
#Banner none
Subsystem sftp /usr/libexec/sftp-server
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
SSH ON LOCALHOST
Code:
# ssh localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is 71:3b:ba:cb:d1:bf:94:41:a8:6f:3a:00:10:d0:65:ca.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
Permission denied (publickey,keyboard-interactive).
SSH -V ON MACHINE A FOR MACHINE B
Code:
with the username oraprod
machine A
# su - oraprod
$ ssh -v test1
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
0509-026 System error: A file or directory in the path name does not exist.
debug1: Error loading Kerberos, disabling Kerberos auth.
debug1: Connecting to test1 [10.1.1.120] port 22.
debug1: Connection established.
debug1: identity file /home/oraprod/.ssh/identity type -1
debug1: identity file /home/oraprod/.ssh/id_rsa type 1
debug1: identity file /home/oraprod/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'test1' is known and matches the RSA host key.
debug1: Found key in /home/oraprod/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/oraprod/.ssh/identity
debug1: Offering public key: /home/oraprod/.ssh/id_rsa
Connection closed by 10.1.1.120
$
machine B
# su - oraprod
$ ssh -v standby
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
0509-026 System error: A file or directory in the path name does not exist.
debug1: Error loading Kerberos, disabling Kerberos auth.
debug1: Connecting to standby [10.1.1.105] port 22.
debug1: Connection established.
debug1: identity file /home/oraprod/.ssh/identity type -1
debug1: identity file /home/oraprod/.ssh/id_rsa type 1
debug1: identity file /home/oraprod/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'standby' is known and matches the RSA host key.
debug1: Found key in /home/oraprod/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/oraprod/.ssh/identity
debug1: Offering public key: /home/oraprod/.ssh/id_rsa
Connection closed by 10.1.1.105
$
with the username root on machine A
#hostname
standby
# ssh -v test1
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
0509-026 System error: A file or directory in the path name does not exist.
debug1: Error loading Kerberos, disabling Kerberos auth.
debug1: Connecting to test1 [10.1.1.120] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /.ssh/identity type -1
debug1: identity file /.ssh/id_rsa type 1
debug1: identity file /.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'test1' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /.ssh/identity
debug1: Offering public key: /.ssh/id_rsa
Connection closed by 10.1.1.120
#
#hostname
test1
# ssh -v standby
# ssh -v standby
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
0509-026 System error: A file or directory in the path name does not exist.
debug1: Error loading Kerberos, disabling Kerberos auth.
debug1: Connecting to standby [10.1.1.105] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /.ssh/identity type -1
debug1: identity file /.ssh/id_rsa type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'standby' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /.ssh/identity
debug1: Trying private key: /.ssh/id_rsa
debug1: Trying private key: /.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
root@standby's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
1 unsuccessful login attempt since last login.
Last unsuccessful login: Thu Dec 27 13:05:13 SAUST 2012 on ssh from test1
Last login: Thu Dec 27 12:58:04 SAUST 2012 on /dev/pts/2 from testserver
*******************************************************************************
* *
* *
* Welcome to AIX Version 5.3! *
* *
* *
* Please see the README file in /usr/lpp/bos for information pertinent to *
* this release of the AIX Operating System. *
* *
* *
*******************************************************************************
# hostname
standby
vi ~/.ssh/authorized_keys
paste from Machine A the contents of the file id_rsa.pub
save the file
Actually this might be the problem: if you have copied and pasted via X-Windows methods (marking it in one window and middle-click in the other) your file "authorized_keys" might have line breaks in it, while the original doesn't. Check this and - in case there are indeed line breaks - remove them by using the "SHIFT-J" (join lines) command in "vi", then remove the space character vi replaces the line break with.
$ exit
# cat /var/adm/authlog
cat: 0652-050 Cannot open /var/adm/authlog.
# lsuser -a login rlogin oraprod
oraprod login=true rlogin=true
# ls -ltra /var/adm/authlog
ls: 0653-341 The file /var/adm/authlog does not exist.
Machine B:
Code:
# cat /var/adm/authlog
cat: 0652-050 Cannot open /var/adm/authlog.
# lsuser -a login rlogin oraprod
oraprod login=true rlogin=true
# ls -ltra /var/adm/authlog
ls: 0653-341 The file /var/adm/authlog does not exist.
Hi
I have created a user on a linux server and created a passwordless ssh key. I've echoed the key into the authorized_keys file for the user.
I've added a series of forced commands to the key.
From my laptop - logged in as myself - I can ssh into the server as that user and the commands... (3 Replies)
I need to ssh from Host A to Hosts B and C. A->B works, but A->C does not.
I can do rcp/rcmd A->B and A->C.
B and C are identical systems. All three are SCO OSR 5.
More relevant info:
Host A$ ssh -V
OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004
Hosts B and C are:... (5 Replies)
My main concern is, i have to login into 300 linux server and all are having same userid and password. I dont want to create any key for each server to login .
Is there a way to run the shell script ? (3 Replies)
Hi, I am trying to setup passwordless SSH from Redhat Linux EL 5 to AIX 6 and it worked for few boxes and didn't for few other. Not sure as to why it's happening.
Pl find below the log when i run ssh in verbose mode.
TIA
Reddy
# ssh -v aixora04
OpenSSH_4.3p2, OpenSSL... (3 Replies)
hi,
i have tried with passwordless shh in google..
i followed the below steps ...
user:~> ssh-keygen -t rsa
Enter file in which to save the key (/home/cantin/.ssh/id_rsa):key.txt
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
till this step i... (0 Replies)
Hi,
I want to login to a remote server and sftp files without password prompting. So, I created private-public key pair as follows:
user1@server1.com .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa):
Enter... (7 Replies)
Hi,
Can someone help me on ssh-keygen usage...?
I used ssh-keygen after which "id.pub" file was generated in system1's > .ssh directory...
I copied the same into the remote system system2 > .ssh directory as "authorized_keys" file.
Now i tried ssh connection from system 1 to system... (7 Replies)
I am trying to implement passwordless authentication via ssh2. I have used the well documented technique of generating a key pair with a blank passphrase on my client machine, and installing the public key on the destination server (AIX 5.3) in the user's .ssh2 directory. I have used this technique... (1 Reply)
Hi all,
We have a intermittent problem with printing from SAP running on AIX5.2 .
Version of Sap is 4.6b.
When a print is fired from SAP, the spool is created fine and then transferred to the host spool system (in this case the AIX Print queue). The problem seems to be happening when AIX... (3 Replies)
X11 forwarding problem between 2 RHEL4 machines with SSH
Already configured the following on both machines under /etc/ssh
Under sshd_config:
UsePAM no
AllowTcpForwarding yes
Under ssh_config:
ForwardAgent yes
ForwardX11 yes
ForwardX11Trusted yes
-----------------------------
Using... (1 Reply)