openssh 5.3 needs password vs. 4.3 using private keys
Hello,
I just installed a bran new Centos 6.2 including openssh 5.3.
On older servers I installed older Linux including openssh 4.3,
I am using keygen with private/public keys to log root on all servers (in a LAN) without typing password each time.
To do this, of course, I have my local private key (privkey) and public key in each server (/root/.ssh/authorized_keys), I get in with command : # ssh -i privkey root@server
Each server has this specific lines in /etc/ssh/sshd_config : PermitRootLogin yes
and specific chmod on : # ls -la /root/.ssh
drwx------. 2 root root 4096 Jan 9 14:53 .
dr-xr-x---. 4 root root 4096 Jan 10 11:55 ..
-rw-r--r--. 1 root root 1204 Jan 9 14:53 authorized_keys
This is working for ages on all other servers (without typing password), but not on my new centos 6.2 with openssh 5.3.
ssh is now requesting the password except if I launch the sshd daemon by hand : # /usr/sbin/sshd
It sounds like a bug or did I missed a new feature in 5.3 ?
Thanks in advance for your valuable help.
Regards.
This is happening to me as well. Except that only on ONE centos 6.2 server, out of 4, and only for root.
Same exact configuration is added to all machines (diff hardware), for users 'root' and 'web.' web works for all machines, and root only for 3 machines.
Login for root works on the borked machine if I start the sshd daemon by hand on a diff port (i.e.
, also if I load default config
).
I got tired of the problem and blew away the centos install and reinstalled, yet the problem persists.
This is not a permissions issue.
BTW, this is a DSA key. Might be important, will try with RSA keys in a bit.
This is what the ssh client debug looks like when the publickey authentication method fails:
It seems sshd just ignores the pubkey packet.
This is all that appears in /var/log/secure:
When I manually start the daemon this is what appears in the sshd output (remember root pubkey access works this way):
I haven't dug into the sshd init.d scripts to see if it's being loaded with some weird configuration, but that's my next step after playing with RSA keys.
I've already spent too much time on this issue. Any hints or ideas would be greatly appreciated.
edit: Same issue for an RSA key and the init.d scripts aren't calling sshd in any weird fashion. I'm stumped.
---------- Post updated at 02:00 PM ---------- Previous update was at 01:28 PM ----------
Here's the ssh client debug info for user web (which works).
The only thing that occurs to me, is that this maybe a hw issue of some sort? Doesn't really make sense to me, because web works and a manual start of sshd works for root authentication, but here's the cpu info anyway:
/proc/cpuinfo: ---------- Post updated at 04:13 PM ---------- Previous update was at 03:00 PM ----------
More hints: this could be a problem in Redhat's service command and the way it handles init.d scripts and their runtimelvls (although, I can't see why nor do I understand why that would be an issue). I no longer care, I'm going to use the manual load workaround (i.e. gross hack) since I've already wasted too much time on this stupid issue.
Anyway, here are the contents of fix_sshd:
And this is what I did, sorry much easier to post steps than to write it out (note when sshd asks for a passwd and when the pubkeys work):
This is another hopelessly broken condition (that fails silently and uselessly) due to SELinux. You can solve this problem, if you haven't already chosen to uninstall SELinux, by running this command:
restorecon -R -v /root/.ssh
Good luck! SELinux still has a large amount of maturing to do in my opinion.
Hello guys,
Thank you very much jsheehy for the SElinux point.
Yesterday, after my problem, I "yum update" my centos 6.2 and end up with a "kernel panic", that forced me to reinstall, so I choosed 5.3 as I was stressed by users. Centos 5.3 works perfectly.
@ats, thanks for your contribution, FYI, I was using a dsa key, hardware is a Dell poweredge 2950.
Thanks you.
Regards.
hi guys , i have few files i have to do sftp, the public and private key work like a magic , no problem at all
the syntax is as below
sftp -0 identityfile=~/ure/blsl/loc2/.ssh/id_rsa_ssh1 ssh1@remote >log_dir/file.timestamp<<end
lcd folder
cd folder
put *
quit
end
================
my... (3 Replies)
Hi All,
I have a query....say on server A, I have generated the Private and Public keys and shared the public key with server B.
Now i can surelyconnect(without password) from server A to server B.....
but can i similarly connect from server B to server A as well
Regards (1 Reply)
Hi all,
I needed a shell script for file transfering using public/private keys for authentication.
Could you please help me out on this?
A procedure to write a shell script is enough.
Thanks in advance.
Regards.
Vidya N (8 Replies)
Hello,
I need to extract blocs (private keys) from a file so that each bloc gets extracted to a separate file (*.priv), on the fly
I started to fiddle with awk, without much luck so far....
A block always has this pattern:
----- BEGIN CERTIFICATE -----
variable number of lines (never... (7 Replies)
Where in the world are the ssh private keys stored on the home server? I know the public keys are renamed to authorized_keys under the /export/home//.ssh directory on the remote server. (1 Reply)
Hello together,
I have a Problem with openssh on AIX 5.3.
We have a big amount of AIX-hosts that run with openssh but one donīt!
Every time we try to connect via ssh to the host, we get a password prompt.
The myth ist, that there is no Error or somthing else.
Here the output of ssh -vvvv to... (14 Replies)
HI,
I'm trying to create SSH public/private keys using following command.
hp023:/users/vikram> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/users/vikram/.ssh/id_rsa): rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase... (9 Replies)
Hello,
I have an issue with an outside party trying to deliver a file to our server via SFTP.
I have setup the .ssh directory under the home directory for the user account that is being used and setup the authorized_keys file with correct permissons etc for .ssh directory and file.
We... (2 Replies)
Firstly, i apologise if i have posted in a wrong section of the forum. Please let me know which is the correct section my post should go to.
I have to SCP a file from one server(server A) to another (server B). I read around that a secure way is to use public and private keys.
Assuming my... (2 Replies)