SSH without password prompt

From: Adam Tomkinson (adam.tomkinson@rtel.com)
Date: Wed Jan 11 2006 - 04:13:59 EST

• Next message: Erdei Tamás: "keyboard disconnect"
• Previous message: Dave Martini: "SUMMARY: How to authenticate a RHEL client to SunOne 5.2 Directory Server anybody done this???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Folks,

I have a requirement to scp files from SunOS 5.9 to RHEL 2.1 machine. I have
this working without prompt when going to the SUN machine but I can't get it
working the other way without having to provide the password. I've followed
the many setup docs on this subject but to no avail. Here's what I get with a
verbose ssh connection from the SUN machine to the Linux machine:

SUNhost:/export/home/adam/.ssh >ssh -v Linuxhost ls
SSH Version Sun_SSH_1.0.1, protocol versions 1.5/2.0.
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: getuid 100 geteuid 100 anon 1
debug1: Connecting to Linuxhost [IP was here] port 22.
debug1: Connection established.
debug1: identity file /export/home/adam/.ssh/identity type 3
debug1: Bad RSA1 key file /export/home/adam/.ssh/id_rsa.
debug1: identity file /export/home/adam/.ssh/id_rsa type 3
debug1: Bad RSA1 key file /export/home/adam/.ssh/id_dsa.
debug1: identity file /export/home/adam/.ssh/id_dsa type 3
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.0.1
debug1: sent kexinit: diffie-hellman-group1-sha1
debug1: sent kexinit: ssh-rsa,ssh-dss
debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc
debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc
debug1: sent kexinit: hmac-sha1,hmac-md5
debug1: sent kexinit: hmac-sha1,hmac-md5
debug1: sent kexinit: none
debug1: sent kexinit: none
debug1: sent kexinit:
debug1: sent kexinit:
debug1: send KEXINIT
debug1: done
debug1: wait KEXINIT
debug1: got kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug1: got kexinit: ssh-rsa,ssh-dss
debug1: got kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug1: got kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug1: got kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hma
c-md5-96
debug1: got kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hma
c-md5-96
debug1: got kexinit: none,zlib
debug1: got kexinit: none,zlib
debug1: got kexinit:
debug1: got kexinit:
debug1: first kex follow: 0
debug1: reserved: 0
debug1: done
debug1: kex: server->client unable to decide common locale
debug1: kex: server->client aes128-cbc hmac-sha1 none
debug1: kex: client->server unable to decide common locale
debug1: kex: client->server aes128-cbc hmac-sha1 none
debug1: Sending SSH2_MSG_KEXDH_INIT.
debug1: bits set: 486/1024
debug1: Wait SSH2_MSG_KEXDH_REPLY.
debug1: Got SSH2_MSG_KEXDH_REPLY.
debug1: Host 'Linuxhost' is known and matches the RSA host key.
debug1: Found key in /export/home/adam/.ssh/known_hosts:2
debug1: bits set: 525/1024
debug1: ssh_rsa_verify: signature correct
debug1: Wait SSH2_MSG_NEWKEYS.
debug1: GOT SSH2_MSG_NEWKEYS.
debug1: send SSH2_MSG_NEWKEYS.
debug1: done: send SSH2_MSG_NEWKEYS.
debug1: done: KEX2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: key does not exist: /export/home/adam/.ssh/identity
debug1: try pubkey: /export/home/adam/.ssh/id_rsa
debug1: read SSH2 private key done: name rsa w/o comment success 1
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try pubkey: /export/home/adam/.ssh/id_dsa
debug1: read SSH2 private key done: name dsa w/o comment success 1
debug1: sig size 20 20
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: next auth method to try is password
adam@Linuxhost's password:
debug1: ssh-userauth2 successfull: method password
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: client_init id 0 arg 0
debug1: Sending command: ls
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug1: channel 0: rcvd eof
debug1: channel 0: output open->drain
debug1: channel_input_channel_request: channel: 0 rcvd request for exit-status
reply 0
debug1: cb_fn 2b74c cb_event 91
debug1: channel 0: rcvd close
debug1: channel 0: input open->closed
debug1: channel 0: close_read

ethtool-1.8-4.i386.rpm
hostdump
hostdump.1.34.tar
ipcop-1.4.8.iso
lshw-B.02.05.01
lshw-B.02.05.01.tar
top-3.5.1-sol9-sparc-local.gz

debug1: channel 0: obuf empty
debug1: channel 0: output drain->closed
debug1: channel 0: close_write
debug1: channel 0: send close
debug1: channel 0: full closed2
debug1: channel_free: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i8/0 o128/0 fd -1/-1)

debug1: channel_free: channel 0: dettaching channel user
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.0 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0
SUNhost:/export/home/adam/.ssh >

...and here's what I get going form Linux to SUN:

[adam@Linuxhost adam]$ ssh -v SUNhost ls
OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 500 geteuid 0 anon 1
debug1: Connecting to rtpsddb1 [10.1.2.201] port 22.
debug1: temporarily_use_uid: 500/500 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 500/500 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/adam/.ssh/identity type 0
debug1: identity file /home/adam/.ssh/id_rsa type 1
debug1: identity file /home/adam/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.0.1
debug1: match: Sun_SSH_1.0.1 pat Sun_SSH_1.0*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: dh_gen_key: priv key bits set: 136/256
debug1: bits set: 508/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'SUNhost' is known and matches the RSA host key.
debug1: Found key in /home/adam/.ssh/known_hosts:1
debug1: bits set: 521/1024
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password
debug1: next auth method to try is publickey
debug1: try pubkey: /home/adam/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x80907b0 hint 1
debug1: read PEM private key done: type RSA
debug1: ssh-userauth2 successful: method publickey
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 0
debug1: Sending command: ls
debug1: channel request 0: exec
debug1: channel 0: open confirm rwindow 0 rmax 16384
debug1: channel 0: rcvd eof
debug1: channel 0: output open -> drain
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: rcvd close
debug1: channel 0: close_read
debug1: channel 0: input open -> closed

3510.hosts
3510_lun_maps
AdobeFnt.lst
DCX_hwinfo.sh
DCX_hwinfo.sh.adam
GTS.ksh
GTS.txt
GTS.txt1
MDsetrest
MDsetroot
S31hme0.ndd
S32dfme.ndd
S32ndd.bge0
S32ndd.dmfe0
S32ndd.hme0
S99apache
add_misc_items
an02uniq
backup2remote
ben.vxvm
bge.conf
ce.conf
check_status.ksh
commands
countfiles
cwpatch
cwpatchchk
cwpatchchk.out
dan.out
dan.send
devices
duplicate
duplicate.1.2.tar
explo_collect
file2restore
findmail
fix_libcopy.sh
get_if
get_if.ksh.txt
getrlimit
getrlimit.c
hostdump
hostdump.1.34.tar
hostdump.log
hostlist
hostlist.flo
hostlist.tmp
hostlist.zeb
l10npkgadd.csh
largefile
ldap.pdf
ldapsearchfile.txt
local.cshrc
local.login
local.profile
luxadm.txt
mark.msg
mars_delete.txt
mars_list.txt
messages.txt
mksccs
movelist
myfile
myfile.log
myxterm
netbackup_extras.client
netcfg.generic
netstat.out
nic_test.ksh
nic_test.txt
ns_imap
nsmail
oracle_status.ksh
oraclectl.ksh
out.file
packages
pkg.info
pkgfilelist
pushpkg
pushpkg.log
pushpkg_send
renamefile
restore.shadow
safemonitor.jar
satoc034.cpio
save_sysfiles
scsi_command
setbootblk
sg.build
sg.conf
sg.links
sgscan
showrev.p
st.conf
staroffice6.0
subshell
sudo-1.6.8p9-sol9-sparc-local
sudoers
telefonie.txt
telnetd
testnic
testnic.txt
testshell
tmd.ctl.original
top10-nis
top10-nishome
top10.out
total
vfstab
vx.install
vxdisk-list.txt
vxprint.txt

debug1: channel 0: obuf empty
debug1: channel 0: close_write
debug1: channel 0: output drain -> closed
debug1: channel 0: almost dead
debug1: channel 0: gc: notify user
debug1: channel 0: gc: user detached
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel 0: garbage collecting
debug1: channel_free: channel 0: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.0 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0
[adam@Linuxhost adam]$

This extract from above (listed below) seems to infer that the RSA keys on the
SUNhost are bad but I've recreated them a few times, again to no avail.

debug1: identity file /export/home/adam/.ssh/identity type 3
debug1: Bad RSA1 key file /export/home/adam/.ssh/id_rsa.
debug1: identity file /export/home/adam/.ssh/id_rsa type 3
debug1: Bad RSA1 key file /export/home/adam/.ssh/id_dsa.
debug1: identity file /export/home/adam/.ssh/id_dsa type 3

Any help greatly appreciated.

TIA

Adam Tomkinson
Unix (Solaris) Engineer/Consultant
England, UK (Original Details Removed to stop SPAMMERS)
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Erdei Tamás: "keyboard disconnect"
• Previous message: Dave Martini: "SUMMARY: How to authenticate a RHEL client to SunOne 5.2 Directory Server anybody done this???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:38:25 EDT