SSH RSA Key Authentication on Solaris

From: Adam Ronthal (aronthal@cirba.com)
Date: Tue Apr 01 2003 - 11:27:30 EST


Hi All...

Been banging my head on this one for a while.... perhaps someone out there
can offer some advice.

In the past, I've set up ssh key-based authentication using RSA keys with
empty passwords for restricted accounts and scriptable scp file
copies. Last time I had to set this up, it was between a Solaris 8 box
with OpenSSH and an OpenBSD box. The whole process took about 10 minutes
to get working.

I have a situation here with Solaris 8 and Solaris 9 servers where I'm
trying to set up the same sort of thing. I know that the stock ssh on Sol
9 doesn't support key-based auth, so I replaced it with OpenSSH 3.5p1 -
same version that is installed on my Solaris 8 box.

I generate rsa keys:

$ ssh-keygen -t rsa

Copy the id_rsa.pub file to the target box and add the contents of the file
to the .ssh/authorized_hosts file.

That *should* be sufficient, and yet, it doesn't work:

debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: userauth_pubkey_agent: testing agent key
/export/home/catrep/.ssh/id_rsa
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: try privkey: /export/home/catrep/.ssh/identity
debug1: try privkey: /export/home/catrep/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: try privkey: /export/home/catrep/.ssh/id_dsa
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is password

The same behavior is evident when using ssh-agent first:

$ eval `/usr/local/bin/ssh-agent`
$ /usr/local/bin/ssh-add

My sshd_config file contains:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

Any ideas?

Thanks in advance, will summarize to the list.

-Adam
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers



This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:26:06 EDT