From: UnixAdmin (sunixadm@yahoo.com)
Date: Fri Jun 27 2003 - 06:44:21 EDT
Hi Admins,
Thanks for all of the answers from:
Pavic, Aleksander
Romande Carter
Darren Dunham
Steven Hawood
Harvey Wamboldt
Ed Rolison
Scott Croft
Special thanks goes to Scott Craft and Steven Hawood.
Scott wrote:
The first thing I would do is verify that your root user has the proper
group. Looks like it is other instead of root.
I would also use ssh-keygen -t rsa and don't worry about rsa1 vs. rsa.,
then copy the id_rsa to identity and the id_rsa.pub to identity.pub.
Try that.
Scott
And Steven wrote:
Hi
Your problem is that your ssh client is reading your public identity
file when it should be reading the private one.
Look in your ssh_config file for the IdentityFile directives and make
sure they reference private keyfiles, not public ones.
Cheers
S
A combination of these two things worked and got the ball rolling for root. Now I am experincing a problem when someone other than root tries to ssh to a server. The user is never asked for the passphrase, instead the user is prompted for his password. Below is the -vvv output from the user (which fails) and root.
>From the user:
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug1: try pubkey: /home/user/.ssh/identity
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: try privkey: /home/user/.ssh/id_dsa
debug3: no such identity: /home/user/.ssh/id_dsa
debug1: try privkey: /home/user/.ssh/id_rsa
debug3: no such identity: /home/user/.ssh/id_rsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: next auth method to try is keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: next auth method to try is password
user@serveri's password:
>From root:
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug1: try pubkey: /.ssh/identity
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 11ab20 hint 0
debug2: input_userauth_pk_ok: fp 3c:64:7c:33:0b:07:e7:5c:42:21:16:ef:a3:d7:bc:c9
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type RSA
debug1: ssh-userauth2 successful: method publickey
debug3: clear hostkey 0
debug3: clear hostkey 1
debug3: clear hostkey 2
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug1: send channel open 0
debug1: Entering interactive session.
debug2: callback start
debug1: ssh_session2_setup: id 0
debug3: tty_make_modes: ospeed 9600
debug3: tty_make_modes: ispeed 0
debug3: tty_make_modes: 1 3
debug3: tty_make_modes: 2 28
debug3: tty_make_modes: 3 127
debug3: tty_make_modes: 4 21
debug3: tty_make_modes: 5 4
debug3: tty_make_modes: 6 0
debug3: tty_make_modes: 7 0
debug3: tty_make_modes: 8 17
debug3: tty_make_modes: 9 19
debug3: tty_make_modes: 10 26
debug3: tty_make_modes: 11 25
debug3: tty_make_modes: 12 18
debug3: tty_make_modes: 13 23
debug3: tty_make_modes: 14 22
debug3: tty_make_modes: 16 0
debug3: tty_make_modes: 18 15
debug3: tty_make_modes: 30 0
debug3: tty_make_modes: 31 0
debug3: tty_make_modes: 32 0
debug3: tty_make_modes: 33 0
debug3: tty_make_modes: 34 0
debug3: tty_make_modes: 35 0
debug3: tty_make_modes: 36 1
debug3: tty_make_modes: 37 0
debug3: tty_make_modes: 38 1
debug3: tty_make_modes: 39 0
debug3: tty_make_modes: 40 0
debug3: tty_make_modes: 41 1
debug3: tty_make_modes: 50 1
debug3: tty_make_modes: 51 1
debug3: tty_make_modes: 52 0
debug3: tty_make_modes: 53 1
debug3: tty_make_modes: 54 1
debug3: tty_make_modes: 55 1
debug3: tty_make_modes: 56 0
debug3: tty_make_modes: 57 0
debug3: tty_make_modes: 58 0
debug3: tty_make_modes: 59 1
debug3: tty_make_modes: 60 1
debug3: tty_make_modes: 61 1
debug3: tty_make_modes: 62 0
debug3: tty_make_modes: 70 1
debug3: tty_make_modes: 71 0
debug3: tty_make_modes: 72 1
debug3: tty_make_modes: 73 0
debug3: tty_make_modes: 74 0
debug3: tty_make_modes: 75 0
debug3: tty_make_modes: 90 1
debug3: tty_make_modes: 91 1
debug3: tty_make_modes: 92 0
debug3: tty_make_modes: 93 0
debug1: channel request 0: shell
debug2: callback done
debug1: channel 0: open confirm rwindow 0 rmax 16384
debug2: channel 0: rcvd adjust 32768
Thanks and I will summarize.
-Joe
Below is my original post:
Hi Admins,
We are using OpenSSH version 3.0.1.p1 and are trying to allow
authentication via Public-key authentication but can't seem to get it to work.
I generated the key pair by doing:
# ssh-keygen -t rsa1
which created the files ~/.ssh/identity and ~/.ssh/identity.pub
I then copied identity.pub to ~/.ssh/authorized_keys
and change the permissions to 600 on these three new files.
I did this as root on one server and then copied the new files to
~/.ssh on a second server.
When I ssh from server one to server two I am prompted for a pass
phrase but receive the error message that /.ssh/identity.pub is not a RSA1
key file, although I created the key as a RSA1 key using the -t rsa1
option with ssh-keygen.
I then receive the error message bad passphrase given, try again...
After three tries, I am prompted for the password and am granted
access.
Below is part of the output from ssh -vvv server2:
I will summarize.
Thanks in advance!!
-Joe
SBC Yahoo! DSL - Now only $29.95 per month!
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:26:40 EDT