Login or Register to Ask a Question and Join Our Community


Solaris

SSH keyless pass on Solaris 11

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris SSH keyless pass on Solaris 11
# 1  
Old 02-22-2016
Oracle SSH keyless pass on Solaris 11
Need assistance in troubleshooting SSH keyless. Below are the steps i have done . Appreciate more inputs

Node1 and Node2

Node1
  1. ssh-keygen -t rsa -b 2048
  2. Copy .ssh/id_rsa.pub to Node2 with cat id_rsa.pub | ssh id@node2 'cat >>.ssh/authorized_keys'

Node2
  1. touch authorized_keys
  2. change 700 to .ssh directory
  3. change 640 authorized_keys

Tries ssh from NODE2 TO NODE1 getting passwd prompt.
Last edited by rbatte1; 02-23-2016 at 09:20 AM.. Reason: Converted to numbered list and added ICODE tags
# 2  
Old 02-22-2016
Check the id user's home directory owner and permissions.
# 3  
Old 02-22-2016
It was set to 755. Any other inputs
# 4  
Old 02-22-2016
Code:
chmod 600 ~/.ssh/authorized_keys

# 5  
Old 02-22-2016
changed to 600 for ~/.ssh/authorized_keys still asking the same passwd

when we do ssh with -v .

Code:
Sun_SSH_2.2, SSH protocols 1.5/2.0, OpenSSL 0x1000110f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to hrappt52 [10.62.104.158] port 22.
debug1: Connection established.
debug1: ssh_kmf_check_uri: /export/home/wrkbrain/.ssh/identity
debug1: Identity file/URI '/export/home/wrkbrain/.ssh/identity' pubkey type UNKNOWN
debug1: ssh_kmf_check_uri: /export/home/wrkbrain/.ssh/id_rsa
debug1: Identity file/URI '/export/home/wrkbrain/.ssh/id_rsa' pubkey type UNKNOWN
debug1: ssh_kmf_check_uri: /export/home/wrkbrain/.ssh/id_dsa
debug1: Identity file/URI '/export/home/wrkbrain/.ssh/id_dsa' pubkey type UNKNOWN
debug1: Logging to host: hrappt52
debug1: Local user: wrkbrain Remote user: wbsftp
debug1: Remote protocol version 2.0, remote software version Sun_SSH_2.2
debug1: match: Sun_SSH_2.2 pat Sun_SSH_2.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_2.2
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: Creating a global KMF session.
debug1: My KEX proposal before adding the GSS KEX algorithm:
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible

)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: My KEX proposal I sent to the peer:
debug1: KEX proposal I received from the peer:
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
debug1: Peer sent proposed langtags, ctos: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: Peer sent proposed langtags, stoc: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: We proposed langtags, ctos: en-US
debug1: We proposed langtags, stoc: en-US
debug1: Negotiated lang: en-US
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: en_US.UTF-8
debug1: Remote: Negotiated messages locale: en_US.UTF-8
debug1: dh_gen_key: priv key bits set: 250/512
debug1: bits set: 2020/4095
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: Host 'hrappt52' is known and matches the RSA host key.
debug1: Found key in /export/home/wrkbrain/.ssh/known_hosts:1
debug1: bits set: 2093/4095
debug1: ssh_rsa_verify: signature correct
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: Next authentication method: gssapi-with-mic
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible

)
debug1: Next authentication method: publickey
debug1: Trying private key: /export/home/wrkbrain/.ssh/identity
debug1: ssh_kmf_check_uri: /export/home/wrkbrain/.ssh/identity
debug1: Trying private key: /export/home/wrkbrain/.ssh/id_rsa
debug1: ssh_kmf_check_uri: /export/home/wrkbrain/.ssh/id_rsa
debug1: Trying private key: /export/home/wrkbrain/.ssh/id_dsa
debug1: ssh_kmf_check_uri: /export/home/wrkbrain/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive

This User Gave Thanks to ajayram_arya For This Post:
rbatte1
# 6  
Old 02-22-2016
Quote:
Originally Posted by ajayram_arya
It was set to 755. Any other inputs
Did you check the home directory is owned by the right user too ?
Wrong /home permissions might also prevent sshd to accept passwordless logins.

Code:
ls -ld /home/id /home

Finally, there seems to be an issue with the public key:
Code:
debug1: Identity file/URI '/export/home/wrkbrain/.ssh/id_rsa' pubkey type UNKNOWN

should probably be:
Code:
debug1: Identity file/URI '/export/home/wrkbrain/.ssh/id_rsa' pubkey type ssh-rsa

# 7  
Old 02-22-2016
Code:
debug1: ssh_kmf_check_uri: /export/home/wrkbrain/.ssh/identity
debug1: Identity file/URI '/export/home/wrkbrain/.ssh/identity' pubkey type UNKNOWN
debug1: ssh_kmf_check_uri: /export/home/wrkbrain/.ssh/id_rsa
debug1: Identity file/URI '/export/home/wrkbrain/.ssh/id_rsa' pubkey type UNKNOWN
debug1: ssh_kmf_check_uri: /export/home/wrkbrain/.ssh/id_dsa
debug1: Identity file/URI '/export/home/wrkbrain/.ssh/id_dsa' pubkey type UNKNOWN

looks like an invalid format... perhaps generated from PuttyGen
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Pass path variable on SSH

hi Gurus, Have been struggling with this for a while I have 2 servers , lets say local A and remote B, I need to use both as a part of a pipeline. The folder structure is shared between the two, so I can access the same files and folders from both A and B. When I try to ssh into B from A,... (15 Replies)
Discussion started by: senhia83
15 Replies

2. Shell Programming and Scripting

How to pass password and prompt user for IP address while doing ssh and scp?

Hi All, I want to copy /.ssh/OM.pub file from source to destination. Here source IP address, username and password is always fixed. Whereas destination server IP address, password always gets changed. From destination server :- I am trying to write a script in which it should log in to... (3 Replies)
Discussion started by: madhur.baharani
3 Replies

3. Solaris

Solaris ssh client hangs when connecting to another Solaris machine

Got a strange problem. I have 4 Solaris servers all configured the same, Solaris 10 x86 update 10. When I try to ssh from one Solaris 10 server to another server ssh hangs. I have an identical server and when I try this everything works fine. The weird thing is if I am root on the server... (1 Reply)
Discussion started by: ccj4467
1 Replies

4. Solaris

Solaris 10 - ssh out ok, but ssh in not

Hi, It's a Solaris 10 zone. I can ssh to other systems without problems, but can not ssh to it (output attached). I don't think there is a firewall here. /etc/ipf/ipf.conf contains nothing. What could be the problem cause? Please help. Thank you in advance! sshclient$ ssh -v thiserver... (1 Reply)
Discussion started by: aixlover
1 Replies

5. UNIX and Linux Applications

pass an xpdf display from red hat server to windows ssh workstation

I have a UniVerse database running on a Red Hat EL3 server. If I am on the server console my software can call xpdf giving the name of a target file and it displays very nicely on the console. I have not been able to figure out how to get the display to happen on any of the Windows XP workstations.... (5 Replies)
Discussion started by: dale kelley
5 Replies

6. Solaris

Unable to login using ssh,telnet onto my solaris machine with solaris 10 installed

Hi, I am unable to login into my terminal hosting Solaris 10 and get the below error message "Server refused to allocate pty ld.so.1: sh: fatal: libc.so.1: open failed: No such file or directory " Is there anyways i can get into my machine and what kind of changes are required to be... (7 Replies)
Discussion started by: sankasu
7 Replies

7. Shell Programming and Scripting

Pass subshell through expect and SSH

Hi folks, What I want to do is to check if there is an instance of running vlc on a remote server, then kill it, and start it again. The code I came up with is: #!/bin/bash expectFcn() { expect -c " set timeout -1 spawn ssh \"$1@$2\" \"$4\" match_max 100000 expect { -re... (2 Replies)
Discussion started by: dukevn
2 Replies

8. Solaris

How to use SSH in Solaris 10?

Hi, I m new to Sun Solaris. I've only changed the PermitRootLogin from no to yes, so that I can login as root from Window vista by using Putty.exe. Then I can create new users and change password. Except the above configuration, i have do nothing to my SSH server. Am I need to generate... (5 Replies)
Discussion started by: stacychiam
5 Replies

9. Solaris

How to use Secure Shell (SSH) to pass results back to invoking machine

Hi, I am running a script from a client machine X which does "SSH" to around 100 other machines in a farm and invokes a local script on each of those machines. Local script localscript.sh on each of those 100 target machines, does some machine specific function like fetch the specific machine's... (1 Reply)
Discussion started by: waavman
1 Replies

10. Solaris

trouble auto connecting ssh 3.6.1 (Solaris 8) to ssh 3.0.1 (Solaris 6)

I am currently setting up rdiff-backup to use ssh to connect and remotely backup and retrieve data. I am doing so by creating rsa keys for each server and copying the relevant key to the /.ssh folder on the relevant server. All seems to work well when severs running solaris 8 with ssh 3.6.1 are... (6 Replies)
Discussion started by: falklandtim
6 Replies
Login or Register to Ask a Question