Advertisement

12.04.2003 at 02:05PM PST, ID: 20816892
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
6.8

ssh public key authentication not working.

Asked by glorpo2 in Unix Network Security

Tags: , ,

I have accounts on three linux machine, let's call them Home, Away1 and Away2.  All the machines have SSH installed and working (that is, I can use ssh to login from one machine to the others successfully).

I want to start using public key authentication.  So on my Home machine I followd the proscribed proceedure:

home$ ssh-keygen -t dsa
home$ scp ~/.ssh/id_dsa.pub remote
home$ ssh username@away1
away1$ cat ~/id_dsa.pub >> ~/.ssh/authorized_keys
away1$ chmod 644 ~/.ssh/authorized_keys
away1$ exit
home$ ssh username@remote -

...and once I set the local environment using keychain, Away1 asked me for my public key password. Fine so far.

Then I followed the same proceedure with Away2.  But this time it didn't work--Away2 keeps asking me for the account password, not the public key password.

Away2 has a different version of ssh than Away1.  Possibly this is responsible for the problem but I haven't been able to figure it out.  Can anyone help me?

relevant info:

Versions:
===============================
home $ ssh -V
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f

away1 $ ssh -V
OpenSSH_3.7.1p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7a Feb 19 2003

away2 $ ssh -V
ssh: SSH Secure Shell 2.4.0 (non-commercial version) on i686-pc-linux-gnu


Permissions on Away2 (one that doesn't work)
=================================
away2~$ ls -ld
drwx---r-x   8 me users        1024 Dec  4 12:29 ./
away2~$ ls -ld .ssh*
drwxr-xr-x   2 me users        1024 Dec  4 12:03 .ssh/
drwxr-xr-x   3 me users        1024 Dec  4 12:03 .ssh2/
away2~$ ls -l .ssh
total 2
-rw-r--r--   1 me users         218 Dec  4 13:04 authorized_keys
-rw-r--r--   1 me users         218 Dec  4 13:04 authorized_keys2
away2~$ ls -l .ssh2
total 4
-rw-r--r--   1 me users         218 Dec  4 13:04 authorized_keys
-rw-r--r--   1 me users         218 Dec  4 13:04 authorized_keys2
drwx------   2 me users        1024 Dec  4 12:00 hostkeys/
-rw-------   1 me users         512 Dec  4 12:00 random_seed


Note that I think Away2 uses .ssh2 but I created .ssh, and the authorized_keys2 files just to make sure.


Verbose output from ssh:
==============================
$ ssh -l me away2 -vvv
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to away2.com [218.208.147.36] port 22.
debug1: Connection established.
debug1: identity file /home/me/.ssh/identity type -1
debug3: Not a RSA1 key file /home/me/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: no key found
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug3: key_read: no key found
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug3: key_read: no key found
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: no key found
debug1: identity file /home/me/.ssh/id_rsa type 1
debug3: Not a RSA1 key file /home/me/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: no key found
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug3: key_read: no key found
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug3: key_read: no key found
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: no key found
debug1: identity file /home/me/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version 2.4.0 SSH Secure Shell (non-commercial)
debug1: match: 2.4.0 SSH Secure Shell (non-commercial) pat 2.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss
debug2: kex_parse_kexinit: 3des-cbc,cast128-cbc,blowfish-cbc,twofish-cbc,arcfour,none
debug2: kex_parse_kexinit: 3des-cbc,cast128-cbc,blowfish-cbc,twofish-cbc,arcfour,none
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,none
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,none
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client 3des-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server 3des-cbc hmac-md5 none
debug1: dh_gen_key: priv key bits set: 209/384
debug1: bits set: 485/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug3: check_host_in_hostfile: filename /home/me/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 19
debug3: check_host_in_hostfile: filename /home/me/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 19
debug1: Host 'metafoundry.he.net' is known and matches the DSA host key.
debug1: Found key in /home/me/.ssh/known_hosts:19
debug1: bits set: 545/1024
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug1: userauth_pubkey_agent: testing agent key /home/me/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password
debug3: clear_auth_state: key_free 0x8090b90
debug1: userauth_pubkey_agent: testing agent key /home/me/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password
debug3: clear_auth_state: key_free 0x8091198
debug2: userauth_pubkey_agent: no more keys
debug2: userauth_pubkey_agent: no message sent
debug1: try privkey: /home/me/.ssh/identity
debug3: no such identity: /home/me/.ssh/identity
debug1: try pubkey: /home/me/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password
debug2: userauth_pubkey_agent: no more keys
debug2: userauth_pubkey_agent: no message sent
debug1: try pubkey: /home/me/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password
debug2: userauth_pubkey_agent: no more keys
debug2: userauth_pubkey_agent: no message sent
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: next auth method to try is password
me@away2.com's password:




Start Free Trial
 
Keywords: ssh public key authentication not worki…
Title
1 SSH with Public Key
2 RDIST over SSH
3 cwRsync/SSH connection problem
4 how to create SSH connection
5 ssh problems
6 SSH 3.2
 
Loading Advertisement...
 
[+][-]12.04.2003 at 09:37PM PST, ID: 9880339

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]12.04.2003 at 10:01PM PST, ID: 9880431

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]12.05.2003 at 03:08AM PST, ID: 9881490

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]12.05.2003 at 03:46AM PST, ID: 9881649

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]12.05.2003 at 05:54AM PST, ID: 9882221

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]12.05.2003 at 06:20AM PST, ID: 9882355

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]12.05.2003 at 11:06AM PST, ID: 9884152

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]12.06.2003 at 06:54AM PST, ID: 9888326

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]12.06.2003 at 10:34AM PST, ID: 9889049

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]12.06.2003 at 11:41AM PST, ID: 9889246

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zone: Unix Network Security
Tags: key, rsa1, publickey
Sign Up Now!
Solution Provided By: modulo
Participating Experts: 4
Solution Grade: A
 
 
 
Loading Advertisement...
20080924-EE-VQP-38