Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

SSH and passwords :(

  • 17-07-2007 3:04pm
    #1
    Registered Users, Registered Users 2 Posts: 2,406 ✭✭✭


    Guys,

    This is killing me :(

    I am trying to ssh from one unix machine to another and not have ssh remote machine prompt for password.

    What I did was...
    Local...

    ssh-keygen -t dsa
    creates id_dsa.pub file

    Remote...(user X)
    vi ~/authorized_keys2
    Pasted contents of id_dsa.pub(local machine) into this file. I checked the copy & paste and it pasted fine (all 1 line).

    ssh remote -l X

    Still asks for password !!!
    Any ideas. I thought I got this working on another set of machines following this procedure bit not today :(

    All help much appreciated.

    Here is some -vv output...
    ssh -vv blah -l blah
    Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Rhosts Authentication disabled, originating port will not be trusted.
    debug1: ssh_connect: needpriv 0
    debug1: Connecting to den [xxx.xxx.xxx.xx] port 22.
    debug1: Connection established.
    debug1: identity file /export/home/xxxxx/.ssh/identity type -1
    debug2: key_type_from_name: unknown key type '

    BEGIN'
    debug2: key_type_from_name: unknown key type '
    END'
    debug1: identity file /export/home/xxxxx/.ssh/id_rsa type 1
    debug2: key_type_from_name: unknown key type '
    BEGIN'
    debug2: key_type_from_name: unknown key type '
    END'
    debug1: identity file /export/home/xxxxx/.ssh/id_dsa type 2
    debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
    debug1: no match: Sun_SSH_1.1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-Sun_SSH_1.1


    Regards,
    Brian.


Comments

  • Closed Accounts Posts: 7,563 ✭✭✭leeroybrown


    From reading your post it appears that you are forgetting to put the various keys in the '~/.ssh/' directory where they are supposed to be.

    Also if you want password-less SSH for interactive use then you might be better off setting a passphrase on the key and using ssh-agent rather than going for a completely open setup.


  • Registered Users, Registered Users 2 Posts: 2,406 ✭✭✭brianon


    From reading your post it appears that you are forgetting to put the various keys in the '~/.ssh/' directory where they are supposed to be.

    Also if you want password-less SSH for interactive use then you might be better off setting a passphrase on the key and using ssh-agent rather than going for a completely open setup.

    Hi. Thanks for the reply. I don't mind the completely open setup as its just a quick (I wish) test I need to set-up. As for the passphrase. I set to blank as its just as a test.

    The keys are all in '~/.sh'...I think.
    Local...
    ls ~/.ssh
    id_dsa.pub id_rsa.pub
    id_dsa id_rsa known_hosts

    Remote...
    ls ~/.ssh
    id_dsa.pub id_rsa.pub authorized_keys2
    id_dsa id_rsa known_hosts


  • Registered Users, Registered Users 2 Posts: 7,314 ✭✭✭Nietzschean


    I'd run sshd on the remote server in debug mode to try debug it the fastest way possible if you have admin, see if its actually looking at the authorized_keys file
    check the line in /etc/ssh/sshd_config on the remote machien to see what file its looking for
    #AuthorizedKeysFile %h/.ssh/authorized_keys

    it might just look at authorized_keys and not authorized_keys2...


  • Registered Users, Registered Users 2 Posts: 2,406 ✭✭✭brianon


    I'd run sshd on the remote server in debug mode to try debug it the fastest way possible if you have admin, see if its actually looking at the authorized_keys file
    check the line in /etc/ssh/sshd_config on the remote machien to see what file its looking for
    #AuthorizedKeysFile %h/.ssh/authorized_keys

    it might just look at authorized_keys and not authorized_keys2...

    My sshd_config file does not have the #AuthorizedKeysFile entry. Crap ! :(


  • Registered Users, Registered Users 2 Posts: 354 ✭✭AndrewMc


    brianon wrote:
    My sshd_config file does not have the #AuthorizedKeysFile entry. Crap ! :(

    Under OpenSSH this defaults to .ssh/authorized_keys anyway. Can you check the permissions of the remote .ssh directory? Some servers will ignore it if it's not properly secured.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,406 ✭✭✭brianon


    AndrewMc wrote:
    Under OpenSSH this defaults to .ssh/authorized_keys anyway. Can you check the permissions of the remote .ssh directory? Some servers will ignore it if it's not properly secured.

    Directory permissions are drwx
    & user is correct.

    /export/home/X/.ssh> ls -l

    -rw-r--r-- 1 X Y 225 Jul 17 17:31 authorized_keys
    -rw
    1 X Y 672 Jul 17 15:26 id_dsa
    -rw-r--r-- 1 X Y 605 Jul 17 15:26 id_dsa.pub
    -rw
    1 X Y 883 Jul 17 15:25 id_rsa
    -rw-r--r-- 1 X Y 225 Jul 17 15:25 id_rsa.pub
    -rw-r--r-- 1 X Y 608 Jul 17 15:27 known_hosts


  • Technology & Internet Moderators Posts: 28,830 Mod ✭✭✭✭oscarBravo


    What distro is on the server? Might help diagnose.


  • Registered Users, Registered Users 2 Posts: 354 ✭✭AndrewMc


    oscarBravo wrote:
    What distro is on the server? Might help diagnose.

    Looks like it might be Solaris: "remote software version Sun_SSH_1.1".


  • Technology & Internet Moderators Posts: 28,830 Mod ✭✭✭✭oscarBravo


    That would imply ~/.ssh/authorized_keys is the right file.

    Next question: what's in /etc/ssh/ssh_config on the client?


  • Registered Users, Registered Users 2 Posts: 2,406 ✭✭✭brianon


    Thanks guys for your help.

    I managed to solve it...

    Running...
    On Remote:
    # /usr/lib/ssh/sshd -p 9191 -d

    An then on Local:
    ssh X -l Y -p 9191

    Showed that the permissions on the /export/home/X dir were incorrect !

    A chmod to 755 and now working.

    Thanks again guys.

    Brian.


  • Advertisement
Advertisement