HPE Community
Operating System - HP-UX
1753835 Members
8112 Online
108806 Solutions
New Discussion юеВ

need help in setting up ssh without password

 
vz7r1x
Regular Advisor

тАО03-13-2007 07:33 AM

тАО03-13-2007 07:33 AM

need help in setting up ssh without password

I have a user community trying to access our HP 11i HP 8000 from Solaris 9, requiement is to access HP without password. but it is not working. Can someone shed light on what may be the probable cause?

I have pasted version, sshd_config, file list & syslog.

I am providing related info here:
---------------------------------------
# ssh -V
OpenSSH_3.0.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
#
---------------------------------------
# cat sshd_config (coments removed)
# $OpenBSD: sshd_config,v 1.42 2001/09/20 20:57:51 mouring Exp $
Port 22
Protocol 2
HostKey /opt/openssh2/etc/ssh_host_rsa_key
HostKey /opt/openssh2/etc/ssh_host_dsa_key
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 600
StrictModes no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile ~/.ssh/authorized_keys
RhostsAuthentication no
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PasswordAuthentication yes
PermitEmptyPasswords yes
X11Forwarding yes
X11DisplayOffset 10
KeepAlive yes
ReverseMappingCheck yes

Subsystem sftp /opt/openssh2/libexec/sftp-server
---------------------------------------

$ ls -altr
total 20
drwxr-xr-x 3 navyerp1 ftp 2048 Mar 12 14:39 ..
-rw------- 1 navyerp1 ftp 718 Mar 12 14:39 intserv_dsa.pub
-rw------- 1 navyerp1 ftp 718 Mar 13 09:01 authorized_keys
-rw------- 1 navyerp1 ftp 1024 Mar 13 09:50 prng_seed
drwx------ 2 navyerp1 ftp 2048 Mar 13 14:26 .
--------------------------------------------


.ssh has 700 & files have 600 perms.


---------------------------------------------

$ cat authorized_keys
---- BEGIN SSH2 PUBLIC KEY ----
Some encrypted stuff here.....
---- END SSH2 PUBLIC KEY ----

----------------------------------------------
syslog.log says --bad password.

It should not be asking for password.


Thanks
0 Kudos
10 REPLIES 10
HGN
Honored Contributor

тАО03-13-2007 07:36 AM

тАО03-13-2007 07:36 AM

Re: need help in setting up ssh without password

Hi

You may want to check these thread to see if this helps

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1072219
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1003395

The second thread has an attachment about how to setup .

Rgds

HGN
0 Kudos
Tim Nelson
Honored Contributor

тАО03-13-2007 07:48 AM

тАО03-13-2007 07:48 AM

Re: need help in setting up ssh without password

1) $HOME/.ssh must have 700 permissions
2) Need $HOME/authorized_keys file with public key of origionator

3) The public key from the origionator must have been created without a key/password in order for it not to prompt you. ( i.e. ssh-keygen ).

4) During the first ssh the destination should ask you to accept the fingerprint. This ends up being appended to $HOME./ssh/known_hosts

5) Make sure you have an updated HPUX sshd (HP-UX Secure Shell-A.04.40.006,
0 Kudos
Florian Heigl (new acc)
Honored Contributor

тАО03-13-2007 09:42 AM

тАО03-13-2007 09:42 AM

Re: need help in setting up ssh without password

The lines
---- BEGIN SSH2 PUBLIC KEY ----
---- END SSH2 PUBLIC KEY ----
shouldn't be in your authorized_keys either.

And it's permissions are best set to 600 or 400.
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Florian Heigl (new acc)
Honored Contributor

тАО03-13-2007 09:43 AM

тАО03-13-2007 09:43 AM

Re: need help in setting up ssh without password

Ah, just saw you had those permissions right. Also, the $HOME must belong to the user himself.
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Bill Hassell
Honored Contributor

тАО03-13-2007 09:54 AM

тАО03-13-2007 09:54 AM

Re: need help in setting up ssh without password

The public key is ONE line long, even though it looks like several lines (your terminal isn't 1100 characters wide). So when you add the public key, the key must not have been modified with ftp (ie, transferring from an intermediate PC) and must be appended to the authorized_keys file or if using vi, be sure to use the command:

:set noai wm=0

then open a new line and paste the results. Use wc to verify the number of keys:

wc -l .ssh/authorized_keys

For a single key, the count will be exactly 1. Remove the BEGIN/END comments when pasting. sshd will fail authentication without much of a comment if the text of the key is split or has bogus new lines in it. Use the command:

ssh -vvv hp_machine

to see if thew problem is with authenticating with the public key.


Bill Hassell, sysadmin
0 Kudos
vz7r1x
Regular Advisor

тАО03-13-2007 12:44 PM

тАО03-13-2007 12:44 PM

Re: need help in setting up ssh without password

Bill

contents of authorized_keys are generated by ssh-keygen program & that's I was keeping
BEgin---END lines. I will try all suggestions tomorrow and let you know. Thank you all for the advice.
0 Kudos
Bill Hassell
Honored Contributor

тАО03-13-2007 02:00 PM

тАО03-13-2007 02:00 PM

Re: need help in setting up ssh without password

Actually, ssh-keygen runs on your local system (PC, Solaris, Linux, whatever). The program creates TWO keys, one private which remains on the local server, and a public key which is to be pasted into the remote server's authorized_keys file. For example in HP-UX:

ssh-keygen -t dsa

In the local machine's HOME directory, you'll have two files: id_dsa and id_dsa.pub where the public key is found in the .pub file. That's the key which is appended to the remote server's authorized_keys file.


Bill Hassell, sysadmin
0 Kudos
Emil Velez
Honored Contributor

тАО03-13-2007 04:12 PM

тАО03-13-2007 04:12 PM

Re: need help in setting up ssh without password


Take a look at the cookbook I created that works with HPUX below

Good luck

Emil
0 Kudos
vz7r1x
Regular Advisor

тАО03-14-2007 04:33 AM

тАО03-14-2007 04:33 AM

Re: need help in setting up ssh without password

In "ssh-keygen -t rsa -b 2048 -P" command, what does -P mean and how do I know if I need 2048 or 1024? Is there a comand to find it out? Thanks
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.