Ssh public/private key user login problem


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Ssh public/private key user login problem
# 1  
Old 02-01-2019
Ssh public/private key user login problem

I have a user account configuration with ssh public/private key that works on multiple servers centos and rhel. One server (Server F) that is not working in centos 6.8. When i ssh into server f I get prompted for a password. I have verified the config and it all is good. I put sshd into debug mode on server f on port 2200. when I ssh into server f on port 2200 i drop into a shell with no password prompt. Port 22 on server f accepts other user logins all with a password. There are no iptables firewall rules on server f. I have dug through the logs and am not spotting any indications as to why I cant login without a password.
Any ideas?

Server F
Code:
openssh-server-5.3p1-123.el6_9.x86_64
CentOS release 6.8 (Final)

server f
Code:
drwx------. 2 admin admin 4096 Feb  1 17:13 .ssh
-rw-------. 1 admin admin  440 Feb  1 17:13 authorized_keys


Moderator's Comments:
Mod Comment Please use CODE tags as required by forum rules!

Last edited by RudiC; 02-01-2019 at 03:37 PM.. Reason: Added CODE tags.
# 2  
Old 02-01-2019
So on your server F you have sshd listening on two ports, 22 and 2200. The latter works as intended, but the former doesn't. Any differences in the config?
I don't have any proposals, but two comments:
- authorized_keys should be in the directory .ssh, not at the same level.
- ssh is quite picky with permissions. In your dir listing, the . characters indicate files with a security context. You may want to try without.
# 3  
Old 02-01-2019
Yes correct, I did not want to risk messing with port 22 and the sshd running on that port in case it stopped working I may not be able to log back in. So I set up a sshd on port 2200 for testing purposes. I did compare sshd config on another centos 6.8 server. Then i copied the good copy / gold copy of sshd from the cent 6.8 server that is accepting login from the same user with no issues. The new sshd config on server f did not fix this issue. This is a very strange problem.


Code:
[admin@server f ~]$ ls -Z .ssh/authorized_keys
-rw-------. admin admin unconfined_u:object_r:default_t:s0 .ssh/authorized_keys

Good Server
Code:
ls -Z .ssh/authorized_keys
-rw-------. admin admin unconfined_u:object_r:default_t:s0 .ssh/authorized_keys

Good Server selinux is set to SELINUX=permissive

Bad server selinux is set to SELINUX=enforcing

I just went and checked the current status of of server f for selinux and it shows

Code:
SELinux status:                 enabled
SELinuxfs mount:                /selinux

Quote:
Current mode: enforcing
Mode from config file: permissive Policy version: 24 Policy from config file: targeted

It seems I would need to reboot this server to have its status changed to permissive

Last edited by bash_in_my_head; 02-04-2019 at 01:06 PM..
# 4  
Old 02-01-2019
When you make sure you can login on the sshd port 2200 instance as fallback, you may play with the sshd on port 22 and possibly break it.

Just make sure that no changes are persistent. For example, use a different config file as a playground for your tests.

If it's an option to reboot, write a watchdog script that reboots the server with restored config - which happens automatically (e. g. if a certain file is older than x minutes)

Quote:
I put sshd into debug mode on server f on
Did you go down to debug2/debug3 loglevel?

...and running sessions are not terminated on sshd restarts. Just make sure some date flows back and forth, so it does not go stale and is terminated at the configured limits.But if you get in trouble, if you loose your ssh connection is away better be very very careful.

--- Post updated at 11:38 PM ---
And make sure your fallback sshd is not running in foreground and is connected to your ssh-session. Running the fallback sshd in a screen session is one better option.

Last edited by stomp; 02-04-2019 at 06:12 AM..
# 5  
Old 02-01-2019
I stopped sshd and edited sshd_config and moved from port 22 to port 2200. Started sshd and I was able to ssh into server F without entering a password. When I moved the port back to 22 I was prompted for a password again.

This is how I am running sshd for testing on port 2200 while running the system sshd on port 22. debug mode is 3 in this example

Code:
sudo /usr/sbin/sshd -ddd -p 2200

From the man page for sshd
Code:
-d      Debug mode.  The server sends verbose debug output to the system log, and does not put itself in the background.  The server also will
             not fork and will only process one connection.  This option is only intended for debugging for the server.  Multiple -d options
             increase the debugging level.  Maximum is 3.


Last edited by bash_in_my_head; 02-01-2019 at 07:45 PM.. Reason: add important info related to prior question
# 6  
Old 02-01-2019
Hey bash_in_my_head ,

Are you sure when you created your key pairs you did not include the ports, via some config file, and then bound the port to the keys?

It is certainly possible to create ssl key pairs which are bound to the ports, for good security reasons.

Maybe you did this unknowingly or by accident?
# 7  
Old 02-02-2019
Are you using the same user on port 2200 as the one on 22?
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Private and public key encryption

Hi, we have private and public key, encrypt file using public and want to decrypt using private key. can you please advise below commands are correct or other remedy if unix have? encrypt -a arcfour -k publickey.asc -i TESTFILE.csv -o TESTFILE00.csv decrypt -a arcfour -k privatekey.asc... (2 Replies)
Discussion started by: rizwan.shaukat
2 Replies

2. Shell Programming and Scripting

Rsa public private key matching

Hi All, I have a requirement where i need to check if an rsa public key corresponds to a private key and hence return success or failure. Currently i am using the command diff <( ssh-keygen -y -e -f "$PRIVKEY" ) <( ssh-keygen -y -e -f "$PUBLICKEY" ) and its solving my purpose. This is in... (1 Reply)
Discussion started by: mritusmoi
1 Replies

3. UNIX for Dummies Questions & Answers

Public and Private Key generation for scp

Hi, What tool is used to generate public and private keys for SCP? Do you have an example script that generates these keys, puts them in files and then another example script that references them from SCP? Thanks, (9 Replies)
Discussion started by: Astrocloud
9 Replies

4. UNIX for Dummies Questions & Answers

how to create a public/private key using ssh-keygen

Hi, please guide me create a public/private key using ssh-keygen, lets say I have been access to server named pngpcdb1with a userid and password ...!!! and also please explain in detail the concept of these keys and ssh as I was planning to use them in ftp related scripts..! Thanks in... (1 Reply)
Discussion started by: rahul125
1 Replies

5. AIX

ssh public key auth "Remote login for account is not allowed" ?

Hello, Using AIX 6.1 boxes. User user1 connects from box A to box B using ssh. When password authentication is used everything is fine. When I configure user1 to use public key authentication sftp client works fine(no password asked), but ssh client fails. This is sshd log: Accepted publickey... (3 Replies)
Discussion started by: vilius
3 Replies

6. Shell Programming and Scripting

how to ssh to remote unix machines using private/public key

hello, iam able to ssh to a linux server from a linux server called "machine1" using the private/public key method, so I dont need to enter any password when I run my script but iam not able to ssh from machine1 to a UNIX server, access is denied. note that I am using an application id which is... (6 Replies)
Discussion started by: wydadi
6 Replies

7. Shell Programming and Scripting

SFTP in a shell script without public/private key

Hi everybody, I need some help on writing a script that is able to remote copy file to one server. I already created this types of scripts, and works ok as long as this server I want to copy from is access through telnet. Here is how I do it: ftp -n xxx.xxx.xxx.xxx << _EOF_ user user_name... (6 Replies)
Discussion started by: Alexis Duarte
6 Replies

8. HP-UX

Problem - Creating SSH Public/Private keys. Please help.

HI, I'm trying to create SSH public/private keys using following command. hp023:/users/vikram> ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/users/vikram/.ssh/id_rsa): rsa Enter passphrase (empty for no passphrase): Enter same passphrase... (9 Replies)
Discussion started by: vickramshetty
9 Replies

9. UNIX for Dummies Questions & Answers

SSL Public key/Private question

Hi everyone, I have a quick/newb question: I know that a public key is used to encrypt data and a private key is used to decrypt data but who keeps the public/private keys?? Does the Web Server hold both? Does the Web Server have the public key and does the client have the private key? ... (3 Replies)
Discussion started by: tical00
3 Replies

10. Windows & DOS: Issues & Discussions

Public/Private Key SSH from UNIX to Windows (Cygwin)

Hello all, I have a bit of trouble working a passwordless SSH from UNIX to Cygwin running windows 2k3. Here are some details. I AM able to SSH from the Windows box to the UNIX box using the keys. Also, I'm able to SSH from UNIX to Windows w/o the keys. However, when I try to do it with the keys... (9 Replies)
Discussion started by: kclerks11
9 Replies
Login or Register to Ask a Question