Configured sftp still requires password


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Configured sftp still requires password
# 1  
Old 03-24-2008
Configured sftp still requires password

Hi GurusSmilie

I have to connect from a SunOS 5.10 to a 5.8 using sftp in BatchMode. For this, I have generated a Public-Key (ssh-keygen -b 1024 -P "" -t dsa) on the 5.10 and saved it in ~remote-user/.ssh/authorized-keys on the 5.8.

Then, running either one of ssh or sftp, it asks for the remote-user's passwordSmilie

For your added information, as you might already know, the above procedure works fine when going from 5.10 to 5.10.

Can you please tell me what am I missing here?
With my greatest appreciations,
unilover
# 2  
Old 03-25-2008
just a thought, that setup is for openSSH, does 5.8 use ssh2, if so then the key will have to be converted (ssh-keygen can do that). If it does use openSSH are the permissions correct on the keyfile and .ssh directory (600 for files 700 for directories).
# 3  
Old 03-25-2008
Make also sure that that the key you've just copyed into authorized_keys is just in one line (notice the low underscore).
Check that public key authentication is allowed on the remote server. Have a look at your sshd_config file for that.
Regards.
# 4  
Old 03-25-2008
Thanks a lot both.

Here is the few lines from Remote-Server's /usr/local/etc/ssh/sshd_config:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++
# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
#Protocol 2,1
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /usr/local/etc/ssh_host_key
# HostKeys for protocol version 2
#HostKey /usr/local/etc/ssh_host_rsa_key
#HostKey /usr/local/etc/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /usr/local/etc/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

++++++++++++++++++++++++++++++++++++++++++++++++++

Also, running "sftp -v rmt_srvr" produces the following lines:
++++++++++++++++++++++++++++++++++++++++++++++++++

debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: Peer sent proposed langtags, ctos:
debug1: Peer sent proposed langtags, stoc:
debug1: We proposed langtags, ctos: i-default
debug1: We proposed langtags, stoc: i-default
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 123/256
debug1: bits set: 997/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'sbdevsvr59' is known and matches the RSA host key.
debug1: Found key in /home/testuser/.ssh/known_hosts:14
debug1: bits set: 1005/2048
debug1: ssh_rsa_verify: signature correct
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/testuser/.ssh/id_rsa
debug1: Trying public key: /home/testuser/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
testuser@rmt_srvr's password:
++++++++++++++++++++++++++++++++++++++++++++++++

Moreover, both permissions are as you've specified.

Thanks again.
# 5  
Old 03-25-2008
Two key questions here:

1) Is the remote user account accessible and in sync with the password you're trying to use? We often see these due to passwords having expired, etc. (Authentication's intact but only so long as the account is viable;

2) Are you certain that it's not prompting you for a Passphrase instead of a password? If your public key file was not generated with an empty passphrase session authentication will be forced to prompt you for an input on this..negates your automation somewhat.

Lastly, if your client is using SSH2 (Tectia, for example) and your host server is using SSH (OpenSSH, for example), then you'd need to convert the key formats to fit.
# 6  
Old 03-26-2008
Thanks a lot curleb.

Yes. The remote-user's account is valid and in sync (which I'd used it to transfer the generated id_dsa.pub on the local-host and save it in .ssh/authorized_keys).

No. It is definitely asking for the password. First because I used 'ssh-keygen -b 1024 -P "" -t dsa' to generate the Public-Key and second, when I enter the remote-user's password, I'm successfully logged-in.

As for the ssh version, I ran a “pkginfo | grep -i openssh” command and it does tell me that openssh is installed.
# 7  
Old 03-26-2008
There's something that looks a little weird to me:
Code:
debug1: Trying private key: /home/testuser/.ssh/id_rsa
debug1: Trying public key: /home/testuser/.ssh/id_dsa

Why don't you try to "ssh-keygen" an RSA key pair?
Look, this is the output on one of my servers:
Code:
debug1: Trying private key: /home/grial/.ssh/identity
debug1: Offering public key: /home/grial/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).

Regards.

Last edited by grial; 03-26-2008 at 11:55 AM.. Reason: spelling mistakes :)
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Sftp with password

I have been tasked with scripting a sftp transfer from my clients sftp server to a vendor. I have been given a user name and password. This is an older OEL server, 5.2. I am not able to install any packages on this system. It does not have expect, ssh-pass, or any other ssh password helper... (6 Replies)
Discussion started by: mtrgoose
6 Replies

2. Shell Programming and Scripting

SFTP prompting for password even though password is in script

Hi All, I am trying to transfer a file from one server to a remote server using SFTP. Client is not ready for key setup. I am working on Solaris 10. Here is the code. #!/bin/ksh # sample automatic Sftp script to dump a file USER="user1" PASSWORD="pass1" HOST="host1" sftp $USER@$HOST... (6 Replies)
Discussion started by: megha2525
6 Replies

3. Red Hat

prompting for passwords even i configured ssh password less authentication

There are two servers : 1. Site 2. Testing from site server i want to connect testing server with ssh password less authentication. i generated public and private keys with ssh-keygen -t rsa on site server. cat id_rsa >> authorized_keys cat id_rsa.pub >> authorized_keys i... (15 Replies)
Discussion started by: rehantayyab82
15 Replies

4. Shell Programming and Scripting

SFTP with Password

Hi Guys, I need to know how can i achieve SFTP "with" password in a shell script. I have already done passwordless key generation thing and it is working but at the moment i am interested in passing a password. And another question I have is say i have a.ksh and b.sh scripts...Can i invoke... (6 Replies)
Discussion started by: Arpit Narula
6 Replies

5. Shell Programming and Scripting

sftp is asking password

Hi i have generate public private key pair using command ssh-keygen -t rsa -b 2048 and then it made the two keys under the directory ~/.ssh ( in server 1) one is public key and another one is private .. i copied public one key onto my second server under the directory ... (22 Replies)
Discussion started by: aishsimplesweet
22 Replies

6. Shell Programming and Scripting

password - SFTP

Hi team, I know if we need to transfer the files between between 2 servser, we use SFTP through key setup between 2 server. currently There are some problems and we are not able to setup keys between servers. How can i use password with SFTP for temporary solutions, so that the file... (6 Replies)
Discussion started by: Amit.Sagpariya
6 Replies

7. Shell Programming and Scripting

Script check if ssh requires a password???

Thanks to the help from this forum i've learned a lot of good stuff but I still have questions :). I need to write a script that checks if ssh to a box requires a password. I need it will be an "if" statement, if ssh requires password, then do a key exchange(with i already have). Just need to... (5 Replies)
Discussion started by: elbombillo
5 Replies

8. Shell Programming and Scripting

SFTP error:-b requires an argument greater than zero

Hi when i execute the below command sftp -b ftpCommand.ksh remoteuser@remoterserver i am getting the error "-b requires an argument greater than zero" Please can any one help me. (4 Replies)
Discussion started by: vgs
4 Replies

9. UNIX for Advanced & Expert Users

SFTP error:-b requires an argument greater than zero

Hi when i execute the below command sftp -b ftpCommand.ksh remoteuser@remoterserver i am getting the error "-b requires an argument greater than zero" Please can any one help me. (1 Reply)
Discussion started by: vgs
1 Replies
Login or Register to Ask a Question