Login or Register to Ask a Question and Join Our Community


IP Networking

password-less ssh problem

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums IP Networking password-less ssh problem
# 1  
Old 12-08-2011
password-less ssh problem
Hi,

Whatever I do I can not get password-less ssh working, which I need!
I have tried (which worked using FC8):

On a client node:
ssh-keygen -t dsa -f .ssh/id_dsa
Exit back to the server:
mv id_dsa.pub authorized_keys2
chmod 640 authorized_keys2

Also:
ssh-keygen -t rsa
ssh-copy-id -i ~/.ssh/id_rsa.pub username@ClientNode <username@ClientNode>

The following is set:
RSAAuthentication yes
PubkeyAuthentication yes
chmod 700 ~/.ssh

System info: OS FC14 (64 bit)
The /home directory on the server is NFS shared to all client nodes.

Thanks for any help
# 2  
Old 12-08-2011
try ssh-copy-id with NO parameters except the destination username and host.

Try ssh -v and ssh -v -v .
# 3  
Old 12-08-2011
I get the follow info, do you see a problem?

ssh -v "client"

Code:
 
OpenSSH_5.5p1, OpenSSL 1.0.0d-fips 8 Feb 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to client [192.xx.x.xx] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5
debug1: match: OpenSSH_5.5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'client' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_511' not found
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_511' not found
debug1: Unspecified GSS failure.  Minor code may provide more information

debug1: Next authentication method: publickey
debug1: Offering public key: /home/user/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: Next authentication method: password
user@client password:

# 4  
Old 12-08-2011
it doens't take the key but doesn't say why, so can you try my other suggestion, -v -v?

You could also try making your ssh server more verbose in its own debug messages.
# 5  
Old 12-08-2011
Thanks for looking at this Corona688
ssh -v -v eighta

Code:
 
OpenSSH_5.5p1, OpenSSL 1.0.0d-fips 8 Feb 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to eighta [192.168.1.11] port 22.
debug1: Connection established.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5
debug1: match: OpenSSH_5.5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 125/256
debug2: bits set: 519/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'eighta' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug2: bits set: 499/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/user/.ssh/id_rsa ((nil))
debug2: key: /home/user/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_511' not found
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_511' not found
debug1: Unspecified GSS failure. Minor code may provide more information

debug2: we did not send a packet, disable method
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/user/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password

---------- Post updated at 12:26 PM ---------- Previous update was at 12:25 PM ----------

I'm not sure how to do this "try making your ssh server more verbose"

---------- Post updated at 12:32 PM ---------- Previous update was at 12:26 PM ----------

Also after doing the following the authorized_keys file is not there??? I tried `mv id_rsa.pub authorized_keys` but that doesn't work. I feel like /home is not getting mounted before it looks to find the authorized_keys file...

Code:
 
[user@eighta ~/.ssh]$ ssh-copy-id user@eighta
user@eighta's password:
.ssh/authorized_keys: No such file or directory.
Now try logging into the machine, with "ssh 'user@eighta'", and check in:
  .ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.

# 6  
Old 12-08-2011
If you've been moving files around and such to see if it'll just make it work, your .ssh files may be in a very strange state by now. I certainly wouldn't reccomend moving your .pub file. You need that.

Quote:
I feel like /home is not getting mounted before it looks to find the authorized_keys file...
It could hardly unmount it while in use. Maybe something is preventing it from creating the authorized_keys file. see if you can touch ~/.ssh/authorized_keys when logged in.

Is that home directory a symbolic link, or anything in its path a symbolic link?
# 7  
Old 12-09-2011
It's something to do with NFS sharing /home. I was able to create a password-less correction from the server to another system that is not part of the internal network. Could the problem have somthing to do with eth1 settings

---------- Post updated 12-09-11 at 08:44 AM ---------- Previous update was 12-08-11 at 07:07 PM ----------

Solved, the following command fixed the problem:
chmod go-w ~
This User Gave Thanks to Bic121 For This Post:
Corona688
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Ssh password

Hi there. I am fully aware of the security implications, but is there a way give a user password with the rsh and/or ssh commands? Such as: ssh user@192.168.0.56 -p password Or pass a config file to the command containing a password? I'm looking after a cluster and trying to use PSSH,... (6 Replies)
Discussion started by: MuntyScrunt
6 Replies

2. Red Hat

SSH password less setup asking for password

Hello Experts, when I am trying to connect my target server through sftp after creating ssh password less setup, it is asking for passowrd to connect. to setup this I followed below process: -->generated keys by executing the command "ssh-keygen -t rsa" -->this created my .ssh directory... (9 Replies)
Discussion started by: Devipriya Ch
9 Replies

3. Shell Programming and Scripting

Password in ssh

Hello Guys, I have a specific requirement where I need to provide password to ssh and sftp in my script on Solaris. I know password-less connection is the way without password but in my case, I cant use the same due to some limitations. Please let me know if we can tweak it. (7 Replies)
Discussion started by: Deei
7 Replies

4. Solaris

Problem with ssh login without password

Hello friends, I have the problem with password less login in solaris 10. Issue : In solaris 10 I have 2 different users on is oracle and the other is archmon. when I try to ssh to the other server from oracle it is successful but when I try to ssh from archmon it fails, and it asks for the... (1 Reply)
Discussion started by: Pavankrv
1 Replies

5. Red Hat

ssh without password

Hi, I am trying to generate ssh without having to type a password. I have done this on numerous occasions using the procedure below and it has worked fine but not on this occasion. user1@sys1:ssh-keygen -t dsa -N "" <press enter for any questions> user1@sys1: ll .ssh/id_dsa.pub... (16 Replies)
Discussion started by: Duffs22
16 Replies

6. UNIX for Dummies Questions & Answers

SSH with no password

How to setup SSH to not require a password when establishing an SSH connection from server A to server B for particular user? (4 Replies)
Discussion started by: sam101
4 Replies

7. Shell Programming and Scripting

SSH with password

Please help me I want connect to orther server using ssh. But I need to transfer password also without entering when it is prompts. Please help me. (1 Reply)
Discussion started by: saga499
1 Replies

8. Solaris

SSH Password-less login fails on password expiry.

Hi Gurus I have a few Sol 5.9 servers and i have enabled password less authentication between them for my user ID. Often i have found that when my password has expired,the login fails. Resetting my password reenables the keys. Do i need to do something to avoid this scenario or is this... (2 Replies)
Discussion started by: Renjesh
2 Replies

9. Solaris

network config problem - how to set the server for others to ssh without password

Hi, I want to ssh the linux server without inputting the password, how can I config this server? Thanks in advance! (1 Reply)
Discussion started by: GCTEII
1 Replies

10. UNIX for Dummies Questions & Answers

no password ssh

Hello all, I would like to know if anyone had ever set up a network in which they used DHCP and OPENSSH with no password. I can configure my ssh files to allow me to enter any machine without a password as long as I have generated the public and private keysa nd store them in my .ssh/aut... ... (3 Replies)
Discussion started by: larryase
3 Replies
Login or Register to Ask a Question