- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- ssh1 to ssh2... Cannot get it to connect w/o a pas...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-16-2004 11:01 AM
тАО12-16-2004 11:01 AM
ssh1 to ssh2... Cannot get it to connect w/o a password
I've created the public and private keys on ssh1 server and converted teh public key for use on ssh2 (ssh-keygen -e -f id_dsa.pub > id_dsa.ssh2.pub) and copied the new ssh2 key to the ssh2 server.
I created a new authorization file in .ssh2 directory on the ssh2 server.
What am I missing? This was working once upon a time but the ssh2 server had to be rebuilt.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-16-2004 12:31 PM
тАО12-16-2004 12:31 PM
Re: ssh1 to ssh2... Cannot get it to connect w/o a password
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-17-2004 12:54 AM
тАО12-17-2004 12:54 AM
Re: ssh1 to ssh2... Cannot get it to connect w/o a password
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-17-2004 01:58 AM
тАО12-17-2004 01:58 AM
Re: ssh1 to ssh2... Cannot get it to connect w/o a password
From client do ssh -vvv "server" -p "port_no"
Post the output.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-17-2004 02:08 AM
тАО12-17-2004 02:08 AM
Re: ssh1 to ssh2... Cannot get it to connect w/o a password
While creating the key, you need to define the type of key you are creating,
-t type
it could be rsa1/dsa/rsa
also make sure you using the null passphrase while creating the key. Either use -N "" or press enter when it ask for passphrase.
Hope this helps.
Regds
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-17-2004 03:15 AM
тАО12-17-2004 03:15 AM
Re: ssh1 to ssh2... Cannot get it to connect w/o a password
See this word doc, ignore the X windows stuff build the files any way you please. Follow permission guidelines completely.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-17-2004 03:22 AM
тАО12-17-2004 03:22 AM
Re: ssh1 to ssh2... Cannot get it to connect w/o a password
I tried starting the daemon on a different port. That didn't work so, I returned it to the original (22) port.
Also, when I created the key, I did so w/ the -t dsa flag (ssh-keygen -t dsa)
Finally, thanx for the document Steve, but I had found it earlier on another post on the ITRC. However, it only works w/ OpenSSH and doesn't apply to my situation.
I went ahead and installed the commercial version of ssh2 on the ssh1 server. I can now connect w/o a password so, that's good. I now have another issue.
When I ssh from one server to the other it take somewhere around 10-11 seconds to finish the handshake. Is there anything I can do to the config that will speed it up?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-17-2004 03:39 AM
тАО12-17-2004 03:39 AM
Re: ssh1 to ssh2... Cannot get it to connect w/o a password
Is your account using a $HOME/.ssh/config file that maybe has settings for other FdentityFile etc.?
Try to be explicit and use the -i option.
You wrote "I created a new authorization file in .ssh2 directory on the ssh2 server".
Is it literally
remote_login@remote_host:.ssh2/authorized_keys ?
Then SSH won't find the keys.
Have you tried using ssh-agent to test if passwordless login on remote host works?
With a running ssh-agent there is no need to get the key from remote host but rather ask the agent for it.
Did you change the passphrase for your used key to an empty string?
Have you checked mode bits of keyfiles and directory on remote host if the remote sshd runs with StrictModes (what it should)?
Could it be that the remote login account has expired?
Have a look at remote host's syslog (or where syslog facility AUTH gets logged) for any messages.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-17-2004 04:19 AM
тАО12-17-2004 04:19 AM
Re: ssh1 to ssh2... Cannot get it to connect w/o a password
I ran the ssh w/ the -v flag several times... It tries to find the keys but then switches to the password mode for no reason. The keys it's looking for are there, they just are not being found. Before you ask, it's not a permission problem. All files are 640.
I'm not using a config file. ssh is using the default config for the application.
The authorization file is in $HOME/.ssh2/authorization. (authorized_keys don't work w/ ssh2 commercial)
I don't know much about ssh-agent or how to config or run. If someone can enlighten me.
Bits on all files is 2048.
And the account is fine. If I telnet to it, it works perfectly.
Wheww... :-D
Anybody know how I can config ssh2 (commercial) to not be so slow when connecting?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-20-2004 02:01 AM
тАО12-20-2004 02:01 AM
Re: ssh1 to ssh2... Cannot get it to connect w/o a password
have you meanwhile found the reason for why the remote (commercial) SSH2 daemon is rejection your key authorization and is relapsing to password authorization?
I'm afraid we don't use any other SSH implementations than OpenSSH.
Thus I don't know the configuration options of SSH2 (is it Tectia?).
I've only found in an SSH quickref that SSH2 has a configuration directive like NoDelay,
which if set to yes would disable the Nagle algorithm.
Maybe this could speed up your connection?
Another difference I suppose is the sort of assymetric encryption that is used during the establishing of the crypto connection, and the session encryption itself.
The first I think used to be the Rivest Shamir Adleman (RSA) public key cypher in commercial implementations.
Because of Arms Export Ban the USA imposed also on strong crypto software until recently (one reason for the Canadian OpenBSD fork from NetBSD) and because of a patent on the RSA algorithm all open source implementations as far as I know switched from RSA to other crypto systems like DSA.
(that's why we use DSA keys in the first place).
Although OpenSSH claims to support the patented cyphers as well I can imagine this could be a reason for your trouble.
In the sshd_config manpage from OpenSSH I found another two directives you could look out for some similar ones in SSH2.
One being "Ciphers" that lists the allowed cyphers (btw. is it "cipher" or "cypher"? I always thought the former).
The other being "KeyRegenerationInterval", but which only applies to Protocol 1.
Maybe SSH2 knows something similar to make your connections a bit speedier by increasing the interval?
As for ssh-agent.
This is quite handy if you feel unpleasent to distribute your passphrase-less public keys to other hosts, but at the same time are reluctant to retype your passphrases over and over again.
From the shell on the host from where you start your connections you initially spawn an ssh-agent that daemonizes, and that you feed with all the keys of hosts you want to connect to.
Because the keys are only virulent in memory of your connecting host it would be much more difficult for an attacker to get hold of your keys.
There are several ways to start the ssh-agent, but the most apparent one would be like
$ eval `ssh-agent`
Agent pid 60892
ssh-agent writes to stdout the shell syntax to set a few important environment variables.
That's why the eval.
$ env|grep SSH
SSH_INITIATOR=grothe
SSH_AGENT_PID=60892
SSH_AUTH_SOCK=/tmp/ssh-JOB94408/agent.94408
You need the SSH_AGENT_PID to terminate the ssh-agent, because one tends to forget about a lingering ssh-agent.
Beware to not leave your terminal unattended because anyone gets access to hosts according to the currently loaded keys.
Therefore it's good habit to define an exit trap that would kill the agent on terminal closing.
$ trap 'eval `ssh-agent -k`' EXIT
$ trap
trap -- 'eval `ssh-agent -k`' EXIT
Now with a running agent you need to feed it with your passphrase-protected keys.
Only while you do this are you asked one time for your keys' passphrases.
e.g.
$ ssh-add .ssh/root_kos_id_dsa
Enter passphrase for .ssh/root_kos_id_dsa:
Identity added: .ssh/root_kos_id_dsa (.ssh/root_kos_id_dsa)
You can always check your agent for currently loaded keys.
-l will only print the keys' fingerprints,
while -L displays the whole keys.
$ ssh-add -l
1024 94:da:8e:f5:1e:96:57:6b:33:33:50:7b:a0:ba:61:2b .ssh/root_kos_id_dsa (DSA)
Finally with the loaded key you can connect to the remote host without being further asked for a passphrase
$ ssh -i .ssh/root_kos_id_dsa root@kos hostname\;uptime
kos
4:00pm up 56 days, 11:53, 4 users, load average: 0.06, 0.06, 0.07
HTH