Login or Register to Ask a Question and Join Our Community


Solaris

Key not authenticating to another machine

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Key not authenticating to another machine
# 1  
Old 09-15-2010
Key not authenticating to another machine
I've tried everything from changing permissions on the public and private keys to creating new keys and I still cannot authenticate my private key to another machines public key. Here is the ssh -vvv output:

Code:
ssh -vvv -i id_dsa account@x.x.45.137
OpenSSH_5.5p1, OpenSSL 1.0.0a 1 Jun 2010
debug1: Reading configuration data /usr/local/etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to x.x.45.137 [x.x.45.137] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/1
debug3: Not a RSA1 key file id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file id_dsa type 2
debug1: identity file id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1-hpn13v7
debug1: match: OpenSSH_5.3p1-hpn13v7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5
debug2: fd 4 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 120/256
debug2: bits set: 487/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: host x.x.45.137 filename /roothome/.ssh/known_hosts
debug3: check_host_in_hostfile: host x.x.45.137 filename /roothome/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host 'x.x.45.137' is known and matches the RSA host key.
debug1: Found key in /roothome/.ssh/known_hosts:2
debug2: bits set: 523/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: id_dsa (76718)
debug3: input_userauth_banner
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: 
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
accountt@x.x.45.137's password:

Does anybody have any ideas?
# 2  
Old 09-15-2010
My local system $HOME/.ssh directory looks like this:
Code:
bluescreen@localsys# ls -lsa 
total 69
 1 drwx------  2 bluescreen other   512 2010-06-23 10:49 .
 4 drwx------ 34 bluescreen other  4096 2010-09-15 11:42 ..
 1 -rw-------  1 bluescreen other   668 2008-12-22 09:10 id_dsa
 1 -rw-------  1 bluescreen other   614 2008-12-22 09:10 id_dsa.pub
 1 -rw-------  1 bluescreen other   887 2008-12-22 09:10 id_rsa
 1 -rw-------  1 bluescreen other   234 2008-12-22 09:10 id_rsa.pub
50 -rw-------  1 bluescreen other 50367 2010-09-14 16:00 known_hosts

My $HOME/.ssh on the remote systems looks like this:
Code:
bluescreen@rmtsys# ls -lsa
total 9
   3 drwx------   2 bluescreen  sysadmin       3 Apr 19 08:57 .
   3 drwxr-xr-x   3 bluescreen  sysadmin      13 Sep  1 08:36 ..
   3 -rw-------   1 bluescreen  sysadmin     848 Apr 19 08:57 authorized_keys

I've found that the permissions are just as important as the correct *.pub keys in the authorized_keys file.


HTH
# 3  
Old 09-16-2010
I set the permissions to what bluescreen noted on the local and remote machine and there is still no authentication. I looked in the authlog on the remote machine and it is strange, there are entries for a connection from another account that was successful, but the current account I am using there are no entries at all. Can someone make sense of this?
# 4  
Old 09-16-2010
I have both the RSA and the DSA key in the authorized_keys file on the remote host.

If your file permissions are correct, try regenerating the keys. Then copy the new keys to the authorized_keys file on the remote host.

HTH
# 5  
Old 09-16-2010
I already generated new keys and republished the public key to the remote host and renamed it to authrorized_keys. I still cannot authenticate. I have mirrored all permissions of an account on the remote machine that works and the new account does not authenticate. Any other suggestions?
# 6  
Old 09-16-2010
Check your software versions:

Code:
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1-hpn13v7
debug1: match: OpenSSH_5.3p1-hpn13v7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5

Smilie
# 7  
Old 09-16-2010
Not quite sure what you are referring to bluescreen. This is a -vvv output of a connection that authenticated successfully on another account:

Code:
ucolsf57-root# ssh -vvv -i id_dsa account2@x.x.45.137      
OpenSSH_5.5p1, OpenSSL 1.0.0a 1 Jun 2010
debug1: Reading configuration data /usr/local/etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to x.x.45.137 [x.x.45.137] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/1
debug3: Not a RSA1 key file id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file id_dsa type -1
debug1: identity file id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1-hpn13v7
debug1: match: OpenSSH_5.3p1-hpn13v7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5
debug2: fd 4 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 129/256
debug2: bits set: 508/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: host x.x.45.137 filename /roothome/.ssh/known_hosts
debug3: check_host_in_hostfile: host x.x.45.137 filename /roothome/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host 'x.x.45.137' is known and matches the RSA host key.
debug1: Found key in /roothome/.ssh/known_hosts:2
debug2: bits set: 519/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: id_dsa (0)
debug3: input_userauth_banner
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: id_dsa
debug1: read PEM private key done: type DSA
debug3: sign_and_send_pubkey
debug2: we sent a publickey packet, wait for reply
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: fd 4 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 4000000
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last login: Thu Sep 16 16:01:10 2010 from x.x.45.145

Is there an explanation for your confusion or do you have any other suggestions?
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Authenticating with SSSD / Kerberos against Windows Server 2012 R2

I'm authenticating with SSSD / Kerberos against Windows Server 2012 R2. I've setup credentails delegation using these options: Host * GSSAPIAuthentication yes GSSAPIDelegateCredentials yes GSSAPITrustDns yes For both client/server but no luck. I've read online that I need to run... (2 Replies)
Discussion started by: Devyn
2 Replies

2. Red Hat

Not authenticating in apache server site for a folder

hi , Im configuring web site with authencation to a folder but the authentication is not happening. below is the conf file of /etc/httpd/conf/httpd.conf <VirtualHost 192.168.1.4:80> DocumentRoot /var/www/html/ ServerName redhatclient.example.com <directory... (0 Replies)
Discussion started by: redhatlbug
0 Replies

3. AIX

Users not authenticating via Kerberos on MS AD

I have AD (active directory) user, "asdf", created and a matching local AIX user name. Using "kinit", I can successfully authenticate it against the MS AD but when they I try to login via SSH with the same user name, it doesn't work. How can I get AIX to allow kerberos authentication as a valid... (1 Reply)
Discussion started by: kah00na
1 Replies

4. Shell Programming and Scripting

Authenticating user ID and Password

Hi, Can any one please tell me the way to Authenticate success or failure of the login. Here is my req: I have to telnet to multiple unix servers and execute the a script there which will give me an integer output. This output should be directed to a txt file. i dont want to provide... (1 Reply)
Discussion started by: csekhar05
1 Replies

5. Solaris

Solaris 10 authenticating to AD

Hi all. A while back i began looking a using Sun One JDS for our S10 environment which subsequently fell by the wayside as other more pressing things cropped up :-) Now its ugly head has popped up again but with the prerequisite that we authenticate against AD. So, i have a few questions. ... (6 Replies)
Discussion started by: boneyard
6 Replies

6. AIX

Authenticating users to ADS

It is possible to authenticate AIX-users to the Windows 2003 Active Directory. But is it also possible to do full useradministration in the ADS without also adding users to the local AIX-server? I have the following working: 1. Add user to the ADS 2. Add user to AIX with 'mkuser... (2 Replies)
Discussion started by: jacco
2 Replies

7. Red Hat

Samba: Authenticating and joining AD domain as a member

Hi all, I'm having some problems with joining an active directory domain as a member. My Linux servers using the same configuration across the board are all joining as domain controllers, which is bad. I am running Samba 3.0.25b-0.4E.6 on all of my RHEL servers. Here is my global... (1 Reply)
Discussion started by: Bert
1 Replies

8. HP-UX

HP-UX authenticating to Active Directory

Hey, I've asked questions about this project here before and gotten lots of help so I figured I'd give it another try. I've recently set up my HP-UX environment to authenticate to a Windows Active Directory server (Windows Server 2003 R2). I setup an account on Active Directory which works... (2 Replies)
Discussion started by: Rike255
2 Replies
Login or Register to Ask a Question