topic Re: ssh keys in Operating System - HP-UX

ssh keys

fizan — Sun, 25 Apr 2010 04:57:29 GMT

rx26-183 from this node i generated the public key & uploaded in the rx26-184. so passwordless login is happnening.

2.from rx26-184 generated a public key & uploaded in the rx26-183.psswordless login happens.

3. but when i login again from rx26-183 to rx26-184 it's asking for password.

botht the keys are uploaded in both server.

Thanks

Re: ssh keys

Steven Schweda — Sun, 25 Apr 2010 05:23:04 GMT

As usual, some basic information might be
nice. For example:

uname -a
ssh -V

> [...]
> botht the keys are uploaded in both server.

After all that, I don't really know which key
files are where, or who owns them, or what
their permissions are. Showing actual
commands with their actual output can be more
helpful than vague descriptions and
interpretations.

Adding "-v" (or "-vv", or ...) to an "ssh"
command might provide some useful
information. Potentially interesting, as a
start:

who am i
ls -ld ~/.ssh
ls -l ~/.ssh

(on both systems).

The system log file on the server often has
something to say about SSH login problems.

There must be dozens of old Forum threads on
various SSH problems, too.

Re: ssh keys

madhuchakkaravarthy — Sun, 25 Apr 2010 05:41:51 GMT

hi

in host1

1.mkdir .ssh
cd .ssh
ssh-keygen -t rsa
two files will be generating
add the host entry of host2 in host1 in /etc/hosts.

in host2

create a dir .ssh
copy the id.rsa.pub key in to .ssh of ur home dir.and the same u redirect to authorized_keys.
set 700 for .ssh and 600 for authorized keys
--
follow this step

regards

MC

Re: ssh keys

madhuchakkaravarthy — Sun, 25 Apr 2010 05:44:13 GMT

hi

just left final steps

ssh [ipaddress or hostname ]

then it will be added permanently in knowhost file in host1.

regards

MC

Re: ssh keys

fizan — Sun, 25 Apr 2010 05:52:22 GMT

[rx26-183]/.ssh
# ll
total 80
-rw-r--r-- 1 root sys 573 Apr 25 01:57 16.118.112.88
-rw------- 1 root sys 2203 Apr 25 01:46 authorized_keys
-rw------- 1 root sys 1675 Apr 25 01:43 id_rsa
-rw-r--r-- 1 root sys 395 Apr 25 01:46 id_rsa.pub
-rw-r--r-- 1 root sys 884 Apr 25 01:47 known_hosts
[rx26-183]/.ssh
# ls -ld /.ssh
drwxr-xr-x 2 root sys 8192 Apr 25 02:49 /.ssh
[rx26-183]/.ssh
------------------------------

[rx26-184]/
# ls -ld /.ssh
drwxr-xr-x 2 root sys 8192 Apr 25 01:48 /.ssh
[rx26-184]/
# cd .ssh
[rx26-184]/.ssh
# ll
total 80
-rw------- 1 root sys 2598 Apr 25 01:48 authorized_keys
-rw------- 1 root sys 1675 Apr 25 01:45 id_rsa
-rw-r--r-- 1 root sys 395 Apr 25 01:45 id_rsa.pub
-rw-r--r-- 1 root sys 395 Apr 25 01:47 id_rsa.pub.old
-rw-r--r-- 1 root sys 884 Apr 25 01:46 known_hosts
-----------------------------------------

HP-UX rx26-183 B.11.31 U ia64 3870505015 unlimited-user license

Re: ssh keys

fizan — Sun, 25 Apr 2010 05:57:34 GMT

Madhu changed the permissions to 700 for .ssh dir and 600 for authorized-keys.

Now also it asks for passwd::

# sftp -v root@rx26-184
Connecting to rx26-184...
OpenSSH_4.7p1+sftpfilecontrol-v1.2-hpn12v17, OpenSSL 0.9.7m 23 Feb 2007
HP-UX Secure Shell-A.04.70.023, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to rx26-184 [16.118.112.88] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/3
debug1: identity file /.ssh/id_rsa type 1
debug1: identity file /.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7p1+sftpfilecontrol-v1.2-hpn12v17
debug1: match: OpenSSH_4.7p1+sftpfilecontrol-v1.2-hpn12v17 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7p1+sftpfilecontrol-v1.2-hpn12v17
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'rx26-184' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:

Re: ssh keys

Raj D. — Sun, 25 Apr 2010 06:14:04 GMT

fizan,

try following again to have transparent loging from : rx26-183 to rx26-184.

- Also make sure both the server having same ssh & same ver.

1. on rx26-183:
# ssh-keygen -t dsa

2. Copy the file : id-dsa.pub to rx26-184 in the user path: (in this case root user example)
id-dsa.pub -> copy to rx26-184:/root/.ssh/authorized_keys

3. From rx26-183 try transparent login:
rx26-183:#: ssh rx26-183

Hth,
Raj.

Re: ssh keys

Raj D. — Sun, 25 Apr 2010 06:21:33 GMT

fizan,

Also check the permissions on the home directory of the user ,
check the following link, most likely you have permission issue :

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1303925

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1364024

Hth,
Raj.

Re: ssh keys

Steven Schweda — Sun, 25 Apr 2010 12:45:56 GMT

> SSH-2.0-OpenSSH_4.7p1+sftpfilecontrol-v1.2-hpn12v17

Not exactly the latest stuff, but that's
probably not the biggest problem here.

What is this junk?:

-rw-r--r-- 1 root sys 573 Apr 25 01:57 16.118.112.88

-rw-r--r-- 1 root sys 395 Apr 25 01:47 id_rsa.pub.old

How did you get a public+private key pair
with modified-date-times which differ by
three minutes?:

-rw------- 1 root sys 1675 Apr 25 01:43 id_rsa
-rw-r--r-- 1 root sys 395 Apr 25 01:46 id_rsa.pub

I can't see what you have in your
authorized_keys files.

> [...]
> debug1: Next authentication method: publickey
> debug1: Offering public key: /.ssh/id_rsa
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> [...]

The server did not find an appropriate key
for that in the user's authorized_keys file.

Note: "Offering public key: /.ssh/id_rsa".
That should be a _private_ key. A _public_
key should be named "xxx.pub".

I can't see what's in your key files, but,
from what I can see, they seem to be mostly
corrupt. I would throw all this stuff away,
and try again.

A working log-in sequence should look more
like the following. (My keys are DSA, not
RSA, but it all looks similar.)

> dyi # ssh -v -l sms alp-l
OpenSSH_5.2p1+sftpfilecontrol-v1.3-hpn13v5, OpenSSL 0.9.8k 25 Mar 2009
> [...]
> debug1: Trying private key: /root/.ssh/id_dsa
> debug1: read PEM private key done: type DSA
> debug1: Authentication succeeded (publickey).
> [...]

Re: ssh keys

Steven Schweda — Sun, 25 Apr 2010 21:02:36 GMT

If you're generating different key file pairs
on different systems, then you might get less
confusion if you give them different names.
For example:
id_rsa-183
id_rsa-183.pub
id_rsa-184
id_rsa-184.pub

Then, on any particular system, you could
create a symbolic link to one of the real key
files from a name which the SSH client will
try to use. For example:

ln -s id_rsa-183 ~/.ssh2/id_rsa

Re: ssh keys

fizan — Mon, 26 Apr 2010 01:09:46 GMT

fine steven,

now the two way communication happens. as that key was corrupted.

Thanks