topic Re: ssh public in Operating System - HP-UX

ssh public

Jasdayal Dhanoa — Fri, 18 Feb 2011 10:41:46 GMT

I am trying to set up password less ssh connection between 2 HP servers (one of them is on a remote client site). This does not seem to be working (ie using publickeyauthentication) and is prompting for a password everytime.

I have tested the same configuration between two internal HP servers without a problem.

Here is the debug from the non-working setup:-
OpenSSH_4.3p2-hpn, OpenSSL 0.9.7i 14 Oct 2005
HP-UX Secure Shell-A.04.30.006, HP-UX Secure Shell version
debug1: Reading configuration data /boesys/jas/.ssh/config
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug3: RNG is ready, skipping seeding
debug2: ssh_connect: needpriv 0
debug1: Connecting to pace_test port 22.
debug1: Connection established.
debug3: Not a RSA1 key file /boesys/jas/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /boesys/jas/.ssh/id_rsa type 1
debug3: Not a RSA1 key file /boesys/jas/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /boesys/jas/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.6
debug1: match: OpenSSH_4.6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3p2-hpn
debug2: fd 4 setting O_NONBLOCK
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gr1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfourr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfourr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@ope6
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@ope6
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-1
debug2: kex_parse_kexinit: ssh-dss,ssh-rsa
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfourr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfourr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@ope6
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@ope6
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 116/256
debug2: bits set: 518/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /boesys/jas/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename /boesys/jas/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host 'pace_test' is known and matches the RSA host key.
debug1: Found key in /boesys/jas/.ssh/known_hosts:1
debug2: bits set: 533/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /boesys/jas/.ssh/id_rsa (40034c38)
debug2: key: /boesys/jas/.ssh/id_dsa (4002ed10)
debug1: Authentications that can continue: password,keyboard-interactive,
debug3: start over, passed a different list password,keyboard-interactive,
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:

Any ideas ?

Re: ssh public

Steven Schweda — Fri, 18 Feb 2011 12:54:39 GMT

> I am trying to set up password less ssh
> connection [...]

How, exactly?

> debug3: Not a RSA1 key file /boesys/jas/.ssh/id_rsa.
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug3: key_read: missing keytype
> debug3: key_read: missing whitespace
> [...]
> debug1: identity file /boesys/jas/.ssh/id_rsa type 1
> debug3: Not a RSA1 key file /boesys/jas/.ssh/id_dsa.
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug3: key_read: missing keytype
> debug3: key_read: missing whitespace
> [...]

Who made your key file(s)? (Where?)

> OpenSSH_4.3p2-hpn, OpenSSL 0.9.7i 14 Oct 2005
> HP-UX Secure Shell-A.04.30.006, HP-UX Secure Shell version

Is that the latest version? (But even the
latest version can't work with wrong-format
key files.)

Did you look at any of the many similar old
threads in this forum before asking?

Re: ssh public

Jasdayal Dhanoa — Fri, 18 Feb 2011 13:28:04 GMT

The ssh keys were produced using "ssh-keygen -t rsa". The id_rsa.pub was copied over to the remote client.

All servers running HPUX 11iv1.

Re: ssh public

nijokj — Fri, 18 Feb 2011 14:07:07 GMT

make sure that RSA pub keys you are copied to the remort system is perfect. Also check the permission of home directory of the users on client and server system should be same .755.
Also refer syslog of remote system for additional information.there you can find out any problems due to permissions.

Re: ssh public

Bill Hassell — Fri, 18 Feb 2011 14:18:58 GMT

> . The id_rsa.pub was copied over to the remote client.

How did you add this key to authorized_keys? The simplest is to append it. If you use vi, use the :r command to read the file. Copy-paste is definitely the least reliable because the line is too long and your terminal emulator (or vi) can truncate or split the line.

Finally, permissions on .ssh MUST BE 700, and 600 for all the files in the .ssh directory. And just in case you have really big problems, verify that no one has corrupted the permissions for / and your $HOME directory:

ll -d / $HOME
drwxr-xr-x 22 root root 8192 Feb 18 09:17 /
drwxr-xr-x 12 root sys 8192 Feb 18 08:39 /root

Re: ssh public

Jasdayal Dhanoa — Fri, 18 Feb 2011 14:20:53 GMT

The key was appended using cat. The permissions are only read/write for owner.

Re: ssh public

Kenan Erdey — Thu, 24 Feb 2011 10:35:40 GMT

Hi,

try debugging.

first run sshd in debug mode in the server that you are trying to connect.

/usr/sbin/sshd -d -D -p 9999

that will listen the ssh connections from port 9999. and give dbug information to terminal. Debug information will give what is wrong information.

than try to connect it from client

ssh -p 9999 user@server_ip

Re: ssh public

Jim Walls — Fri, 25 Feb 2011 03:21:14 GMT

Your private key (~/.ssh/id_rsa) should look something like this:
[jimw@jimwpc3 ~]$ cat .ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,F03C935A5BDDE52C

l5LOEVNFjH9mHEe5P5ONRoN/8EC+E5E+JGrQ9hbh9MQjkO5DoFXHFvFocof
.
.
.
2BpLotM4cRWYj/ik+8XesiCqD8UGEXYPsyvDcpXsLYHtf2VRA7d0esSIrgXXRGlv
TCnLBqTESaUA59RJCIGA79x3NXwZdpuFZvZ6e3EHzbs9fnXpGO45wQ==
-----END RSA PRIVATE KEY-----

Each line of gibberish, except perhaps the last, is the same length and should terminate with a new-line character.

If it doesn't then try generating a new key-pair.