Login or Register to Ask a Question and Join Our Community


Solaris

Ssh between servers - No DSA host key is known

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Ssh between servers - No DSA host key is known
# 1  
Old 05-20-2013
Ssh between servers - No DSA host key is known
It seems I can do ssh <IP> but not ssh <hostname>

If I try to ssh to hostname I get the error - No DSA host key is known for host1 and you have requested strict checking.
Host key verification failed.

Where do I set up the DSA keys? Is it ssh_known_hosts?

Assume afterwards I can ssh-keygen and copy the public key back as authorized_keys to allow passwordless access?

---------- Post updated at 12:21 PM ---------- Previous update was at 12:05 PM ----------

OK. Think I sorted the DSA host key issues. So now on host_A, as user_A, I ran:-

ssh-keygen -t rsa
copied id_rsa.pub to host B (user_A/.ssh directory) and rename it to authorized_keys

So going back to host A, ssh user_A@host_B

Still prompts me for password?
# 2  
Old 05-20-2013
Post the full output of ssh -vvv user_A@host_B.
# 3  
Old 05-20-2013
Check the permissions on the target user's home directory (755), .ssh directory (700) and authorized_keys file (600).
# 4  
Old 05-21-2013
Quote:
Originally Posted by Scott
Check the permissions on the target user's home directory (755), .ssh directory (700) and authorized_keys file (600).
home directory is 744.
.ssh is 644.
authorized_keys is 700.

---------- Post updated at 04:30 AM ---------- Previous update was at 04:27 AM ----------

Quote:
Originally Posted by verdepollo
Post the full output of ssh -vvv user_A@host_B.
Code:
noc1423nm# ssh -v tmauser@drc1423nm
Sun_SSH_1.1.3, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to drc1423nm [10.0.112.51] port 22.
debug1: Connection established.
debug1: identity file /export/home/tmauser/.ssh/id_rsa type 1
debug1: identity file /export/home/tmauser/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.3
debug1: match: Sun_SSH_1.1.3 pat Sun_SSH_1.1.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1.3
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client blowfish-cbc hmac-sha1 none
debug1: kex: client->server blowfish-cbc hmac-sha1 none
debug1: Peer sent proposed langtags, ctos: i-default
debug1: Peer sent proposed langtags, stoc: i-default
debug1: We proposed langtags, ctos: i-default
debug1: We proposed langtags, stoc: i-default
debug1: Negotiated lang: i-default
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: C
debug1: Remote: Negotiated messages locale: C
debug1: dh_gen_key: priv key bits set: 143/320
debug1: bits set: 1595/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'drc1423nm' is known and matches the DSA host key.
debug1: Found key in /etc/ssh/ssh_known_hosts:7
debug1: bits set: 1632/3191
debug1: ssh_dss_verify: signature correct
debug1: newkeys: mode 1
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: got SSH2_MSG_SERVICE_ACCEPT

|-----------------------------------------------------------------|
| This system is for the use of authorized users only.            |
| Individuals using this computer system without authority, or in |
| excess of their authority, are subject to having all of their   |
| activities on this system monitored and recorded by system      |
| personnel.                                                      |
|                                                                 |
| In the course of monitoring individuals improperly using this   |
| system, or in the course of system maintenance, the activities  |
| of authorized users may also be monitored.                      |
|                                                                 |
| Anyone using this system expressly consents to such monitoring  |
| and is advised that if such monitoring reveals possible         |
| evidence of criminal activity, system personnel may provide the |
| evidence of such monitoring to law enforcement officials.       |
|-----------------------------------------------------------------|

debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive,hostbased
debug1: Next authentication method: hostbased
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive,hostbased
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive,hostbased
debug1: No more client hostkeys for hostbased authentication
debug1: Next authentication method: password
tmauser@drc1423nm's password:

---------- Post updated at 04:31 AM ---------- Previous update was at 04:30 AM ----------

Got a feeling some of my problems are caused by the fact that these servers were built from flar images of the original ones but with the hostname changed. Hence, some of these ssh files have got the old hostname in.

Is there any way to totally reset ssh and reconfig the whole lot - so it picks up correct hostname?
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Change from weak ssh host key to strong one

Hi, I got instructions from Security audit team for Solaris-10 server. They mentioned - "The sshd configuration on the host supported weak host keys and allowed password authentication on Solaris server. Enable stronger keys (2048 or 4096 bit)". I am not clear enough, what they mean by weak... (7 Replies)
Discussion started by: solaris_1977
7 Replies

2. UNIX for Advanced & Expert Users

SSH key authentication problem with 2 servers

hi All, this issue is regarding ssh key authentication, although i have performed this activity on two separate servers, now i have to configure the same again on 2 more servers. i did everything what i did earlier but this time i am getting some error, and i am unable to understand what exactly... (2 Replies)
Discussion started by: lovelysethii
2 Replies

3. UNIX and Linux Applications

SFTP Passing without DSA Key check

Hi, I am trying to connect through SFTP. Though the DSA 2048 public key is installed in the server machine, the connection is established only with password authentication! When i turn off password authentication in sshd_config file the connection is not working. Please advise, Best... (0 Replies)
Discussion started by: Maharajan
0 Replies

4. UNIX for Dummies Questions & Answers

SFTP Passing without DSA Key check

Hi, I am trying to connect through SFTP. Though the DSA 2048 public key is installed in the server machine, the connection is established only with password authentication! When i turn off password authentication in sshd_config file the connection is not working. Please advise, Best... (0 Replies)
Discussion started by: Maharajan
0 Replies

5. AIX

Installing DSA public key in Unix AIX server

Hi, A VMS server want to use SFTP to transfer files to our Unix server. We received their public key. Below is the process we followed to install this public key in our unix server. 1. Go to $HOME/.ssh 2. cat public_key_vms_server >> authorized_keys2 3. Ensure this folder and file has the... (1 Reply)
Discussion started by: devina
1 Replies

6. UNIX for Advanced & Expert Users

Help! How to find the local host after few ssh hops to remote host???

I do a ssh to remote host(A1) from local host(L1). I then ssh to another remote(A2) from A1. When I do a who -m from A2, I see the "connected from" as "A1". => who -m userid pts/2 2010-03-27 08:47 (A1) I want to identify who is the local host who initiated the connection to... (3 Replies)
Discussion started by: gomes1333
3 Replies

7. UNIX for Advanced & Expert Users

Generate Public key for non ssh enabled servers

I am writing a script that needs to access various servers some of which are not ssh enabled. In order to access the ssh enabled servers I am using the following command to generate the public key : ssh-keygen -t rsa Is there a similar command for the other servers as well. If I try to use... (1 Reply)
Discussion started by: ravneet123
1 Replies

8. Solaris

problem when generating dsa key

i got this while trying generating a dsa key on solaris 10 x86 platform how can i solve it? (0 Replies)
Discussion started by: conandor
0 Replies

9. UNIX for Dummies Questions & Answers

SCP using a dsa key

Hello all, My first post in this forum. I am trying to download a file from a server to which I have been granted access. They setup a DSA public key and I have a local private key. When i try to download the file it prompts me for my password. How can I tell unix to use the DSA key... (1 Reply)
Discussion started by: who2
1 Replies

10. Cybersecurity

ssh DSA Key fingerprint option

Hi, I have an cron-script running ssh every 5 minutes. After a reboot cron errors as ssh is wating for a DSA key fingerprint authenticy. The request looks as following : The authenticity of host '*** (*.*.*.0)' can't be established. DSA key fingerprint is... (1 Reply)
Discussion started by: davidg
1 Replies
Login or Register to Ask a Question