[wplug] OpenSSH keys problem

Scott Eicher Scott.Eicher at e-Profile.com
Tue Aug 19 18:05:47 EDT 2003 

I haven't setup an ssh-agent. I've read a little about it but I don't think
that's what I'm looking for. What I'm trying to accomplisth is to be able to
create some scripts that will run from cron and scp some files from the
client to the server without prompting for a password. I've got this working
from the same client system to a different server that is running the same
version of OpenSSH. It doesn't prompt me for a password but uses my RSA key
every time.

Scott

-----Original Message-----
From: Jonathan S Billings [mailto:billings at negate.org]
Sent: Tuesday, August 19, 2003 5:28 PM
To: wplug at wplug.org
Subject: Re: [wplug] OpenSSH keys problem


Have you set up an ssh-agent before trying to connect?  That's when you
will enter your password, not during the connection session.  I suggest
reading the 'ssh' and 'ssh-agent' manpages.  Also, make sure that if you
are using the 2.0 protocol, you've created the appropriate rsa2 keys and
stored the keys in the authorized_keys2 file.

Jonathan Billings



On Tue, 2003-08-19 at 17:10, Scott Eicher wrote:
> I am trying to setup RSA/DSA key authentication from a RedHat 7.2 system
> running OpenSSH-3.1p1-6 to a RedHat8.0 system running OpenSSH-3.4p1-2. I
> have generated both RSA and DSA keys via the command ssh-keygen -t rsa and
> ssh-keygen -t dsa. I have appended the keys to the
> /home/username/.ssh/authorized_keys file on the system that I'm connecting
> to. When I try to ssh to the RedHat8 system it always authenticates me
back
> to my password instead of to either of the keys. I have tried using both
> keys independently by removing each of them from the keys file one at a
time
> but neither want to work properly.
> 
> Here are the verbose debug lines:
> 
> OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Rhosts Authentication disabled, originating port will not be
> trusted.
> debug1: restore_uid
> debug1: ssh_connect: getuid 0 geteuid 0 anon 1
> debug1: Connecting to HOSTIPADDRESS [HOSTIPADDRESS] port 22.
> debug1: temporarily_use_uid: 0/0 (e=0)
> debug1: restore_uid
> debug1: temporarily_use_uid: 0/0 (e=0)
> debug1: restore_uid
> debug1: Connection established.
> debug1: read PEM private key done: type DSA
> debug1: read PEM private key done: type RSA
> debug1: identity file /root/.ssh/identity type -1
> debug1: identity file /root/.ssh/id_rsa type 1
> debug1: identity file /root/.ssh/id_dsa type -1
> debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.4p1
> debug1: match: OpenSSH_3.4p1 pat OpenSSH*
> Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.1p1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: dh_gen_key: priv key bits set: 124/256
> debug1: bits set: 1647/3191
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'HOSTIPADDRESS' is known and matches the RSA host key.
> debug1: Found key in /root/.ssh/known_hosts:1
> debug1: bits set: 1635/3191
> debug1: ssh_rsa_verify: signature correct
> debug1: kex_derive_keys
> debug1: newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: waiting for SSH2_MSG_NEWKEYS
> debug1: newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: done: ssh_kex2.
> debug1: send SSH2_MSG_SERVICE_REQUEST
> debug1: service_accept: ssh-userauth
> debug1: got SSH2_MSG_SERVICE_ACCEPT
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: next auth method to try is publickey
> debug1: try privkey: /root/.ssh/identity
> debug1: try pubkey: /root/.ssh/id_rsa
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: try privkey: /root/.ssh/id_dsa
> debug1: next auth method to try is keyboard-interactive
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: next auth method to try is password 
> (HERE IT PROMPTS FOR THE PASSWORD, NOT THE PASSPHRASE)
> 
> Could this be a bug or am I doing something wrong? I'd like to get this
> working without having to upgrade the openssh package on the client
system.
> 
> Thanks,
> Scott
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
-- 
Jonathan S Billings <billings at negate.org>
TSFNKP, President and Chief Lackey

_______________________________________________
wplug mailing list
wplug at wplug.org
http://www.wplug.org/mailman/listinfo/wplug

More information about the wplug mailing list