Im trying to set access from ServerA(SunOS) to ServerB(Some custom Linux with Keyboard Interactive login) with SSH Keys. As a proof of concept I was able to do it between 2 virtual machines. Now in my real life scenario it isnt working.
I created the keys in ServerA, copied them to ServerB, chmod'd .ssh folders to 700 on both ServerA,B.
For me *it seems* its working, but at the end it still falls back to Keyboard Interactive. Here is the log of what I get.
Code:
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /xxx/.ssh/identity type -1
debug1: identity file /xxx/.ssh/id_rsa type 1
debug1: identity file /xxx/.ssh/id_dsa type -1
debug1: Logging to host: xxx.xxx.xxx.xxx
debug1: Local user: xxx Remote user: xxx
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2
debug1: match: OpenSSH_4.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1.4
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: Peer sent proposed langtags, ctos:
debug1: Peer sent proposed langtags, stoc:
debug1: We proposed langtags, ctos: en-US
debug1: We proposed langtags, stoc: en-US
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 125/256
debug1: bits set: 1039/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'XXX.XXX.XXX.XXX' is known and matches the RSA host key.
debug1: Found key in /XXX/.ssh/known_hosts:1
debug1: bits set: 1061/2048
debug1: ssh_rsa_verify: signature correct
debug1: newkeys: mode 1
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /XXXX/.ssh/identity
debug1: Trying public key: /xxx/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /xxx/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
Is the public key in ~/.ssh/authorized_keys on the target system written as a single line? Because keys are long strings, sometimes they are pasted as multiple lines instead of a single one. Happened to me several times.
Is public key login disabled in /etc/ssh/sshd_config on the target system (look for PubkeyAuthentication)?
Try to connect using a higher debug level, like ssh -vv or even ssh -vvv. Maybe something useful comes up.
Is the public key in ~/.ssh/authorized_keys on the target system written as a single line? Because keys are long strings, sometimes they are pasted as multiple lines instead of a single one. Happened to me several times.
Is public key login disabled in /etc/ssh/sshd_config on the target system (look for PubkeyAuthentication)?
Try to connect using a higher debug level, like ssh -vv or even ssh -vvv. Maybe something useful comes up.
using -vv
Code:
Next authentication method: publickey
debug1: Trying private key: /xxx/.ssh/identity
debug1: Trying public key: /xxx/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /xxx/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
Doesn't look like much. You sent a RSA key to the target host, but it didn't like it. Try ssh -vvv too.
If that does not reveal anything useful, you have to make your sshd on the target machine write to syslog. Check SyslogFacility and LogLevel in /etc/ssh/sshd_config and verify, that the syslog messages are actually written somewhere (check /etc/syslog.conf). Can't say much more considering the fact you have some sort of custom linux.
command I had to manually paste the key in ServerB. That made it interpret the key as 3 separate lines.
To solve this, in case you cant use ssh-copy-id. Paste the first line of your key WITHOUT the last 2 characters, then type yourself the missing characters from line 1 and the first one from line 2, this will prevent adding a "new line" between the first and second line of the key. Repeat with the 3d line
Hi gurus,
I am NOT the SA of the servers so very limited on what I can do. Basically the scenario is like this:
Every 6 months our password expires and we have to reset them to comply to some password rules. Thing is users, me included, tend to have plaintext copy of this difficult to... (2 Replies)
Dear All,
I have a requirement where I have to SFTP or SCP a file in a batch script. Unfortunately, the destination server setup is such that it doesn't allow for shell command line login. So, I am not able to set up SSH keys. My source server is having issues with Expect. So, unable to use... (5 Replies)
Recently I have been playing with password ageing and the usage of ssh keys. I have found that if usePAM yes (default) is set in the /etc/ssh/sshd_config file then any password ageing and inactiivity can adversely affect a client with ssh keys.
For example:
Set PASS_MAX_DAYS to 60 in... (5 Replies)
Hi,
I need to run a script located in a directory on remote server by using ssh authentication from my local unix server. Can anyone help me in this.
I have tried the below command. It worked for echo command but when i tried to open a file using cat command it is showing "cat: cannot open... (6 Replies)
Hello,
I'm trying to perform these operations without entering any password, as user "fzd":fzd@machine1> scp /tmp/srcFile1 fzd@machine2:/tmp/$destFile
fzd@machine1> scp fzd@machine2:/tmp/$srcFile /tmp/$destFilebut alsofzd@machine1> scp /tmp/srcFile1 machine2:/tmp/$destFile
fzd@machine1> scp... (6 Replies)
There are two servers :
1. Site
2. Testing
from site server i want to connect testing server with ssh password less authentication.
i generated public and private keys with ssh-keygen -t rsa on site server.
cat id_rsa >> authorized_keys
cat id_rsa.pub >> authorized_keys
i... (15 Replies)
hello,
i am running an AIX 5.3 machine and i want to connect via ssh to the RPA Management site without prompting for password.
i already had a public key of this server as i use the same thing for ssh connection with other AIX machines.
i connected to the RPA Management Site and i run the... (9 Replies)
I setup the keys between 2 servers, but my user account has no password specified for it (never set one up on the account for security reasons). When I try to SSH to the server, SSH prompts for a password that doesn't exist (so I can never connect successfully).
Note: 'passwd -d Rynok' removes... (3 Replies)
Hello,
Do you guys know set of commands that can incorporate to sftp/scp/ssh to add password in a script to automate file transfer.
Our client is not using ssh keys authentication so we are force to create a script to pass the password into the script to transfer files via sftp/scp/ssh.
We... (4 Replies)
Hi all,
Basic Requirement:
To SFTP large files (usually 10GB). We use webMethods 6.1.2 (installed on Unix) as the orchstrator and make underlying Unix system calls to do the processing.
That is, if we have to SFTP a large file - webMethods will invoke a Perl script on the underlying Unix... (2 Replies)
SSH Keys Authentication keeps asking for password