- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: SSH key not working for 1 account but working ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-24-2012 07:06 AM
тАО08-24-2012 07:06 AM
Hi all,
I have generated an SSH key and distributed it with expect for future password-less login. It works on all of our servers but one. It's HP UX 11 v1. swlist shows Oped SSH ver. 4.7p1.
I have created another account on the same box and tried logging in from the same server that didn't work before, and now it does. the first code is an unsuccessful ssh -vvv servername, the second one is a successful one.
I don't know what to think about this, can't it be a bug? why would one account work and another one not?
ssh -vvv arnold OpenSSH_5.2p1+sftpfilecontrol-v1.3, OpenSSL 0.9.8k 25 Mar 2009 HP-UX Secure Shell-A.05.20.004, HP-UX Secure Shell version debug1: Reading configuration data /opt/ssh/etc/ssh_config debug3: RNG is ready, skipping seeding debug2: ssh_connect: needpriv 0 debug1: Connecting to arnold [172.16.96.6] port 22. debug1: Connection established. debug1: identity file /home/supp_th/.ssh/identity type -1 debug3: Not a RSA1 key file /home/supp_th/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /home/supp_th/.ssh/id_rsa type 1 debug3: Not a RSA1 key file /home/supp_th/.ssh/id_dsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /home/supp_th/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2-hpn debug1: match: OpenSSH_4.3p2-hpn pat OpenSSH_4* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.2 debug2: fd 4 setting O_NONBLOCK debug3: RNG is ready, skipping seeding debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 128/256 debug2: bits set: 504/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/supp_th/.ssh/known_hosts debug3: check_host_in_hostfile: match line 127 debug3: check_host_in_hostfile: filename /home/supp_th/.ssh/known_hosts debug3: check_host_in_hostfile: match line 128 debug1: Host 'arnold' is known and matches the RSA host key. debug1: Found key in /home/supp_th/.ssh/known_hosts:127 debug2: bits set: 489/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/supp_th/.ssh/identity (0) debug2: key: /home/supp_th/.ssh/id_rsa (40036c88) debug2: key: /home/supp_th/.ssh/id_dsa (40036ca8) debug3: input_userauth_banner Performing functions on this computer with the intention of accessing any computer services, programs, or data, to which you are not authorised is a criminal offence and is prohibited under the Computer Misuse Act 1990. ANY PERSON OR COMPANY CONTRAVENING THIS POLICY WILL BE SUBJECT TO LEGAL ACTION. debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/supp_th/.ssh/identity debug3: no such identity: /home/supp_th/.ssh/identity debug1: Offering public key: /home/supp_th/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Offering public key: /home/supp_th/.ssh/id_dsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password,keyboard-interactive debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 1 Password:
oh and of course, the permissions:
arnold[root]:/root:>ll -a ~supp_th total 112 drwxrwxr-x 3 supp_th users 8192 Aug 24 14:55 . drwxr-xr-x 31 root root 8192 Aug 24 13:40 .. -r--r----- 1 supp_th users 842 Jun 19 12:29 .cshrc -r--r----- 1 supp_th users 347 Jun 19 12:29 .exrc -r--r----- 1 supp_th users 344 Jun 19 12:29 .login -r--r----- 1 supp_th users 968 Jul 2 09:43 .profile -rw------- 1 supp_th users 1234 Aug 24 15:01 .sh_history drwx------ 2 supp_th sys 96 Aug 24 13:30 .ssh arnold[root]:/root:>ll -a ~test total 112 drwxr-xr-x 3 test users 8192 Aug 24 13:41 . drwxr-xr-x 31 root root 8192 Aug 24 13:40 .. -r--r--r-- 1 test users 842 Aug 24 13:40 .cshrc -r--r--r-- 1 test users 347 Aug 24 13:40 .exrc -r--r--r-- 1 test users 344 Aug 24 13:40 .login -r--r--r-- 1 test users 449 Aug 24 13:40 .profile -rw------- 1 test users 68 Aug 24 14:50 .sh_history drwx------ 2 test sys 96 Aug 24 13:41 .ssh arnold[root]:/root:>ll -a ~supp_th/.ssh total 64 drwx------ 2 supp_th sys 96 Aug 24 13:30 . drwxrwxr-x 3 supp_th users 8192 Aug 24 14:55 .. -rw-r--r-- 1 supp_th sys 397 Aug 24 13:35 authorized_keys -rw-r----- 1 supp_th sys 605 Aug 24 13:24 id_dsa.pub -rw-r----- 1 supp_th sys 397 Aug 24 13:32 id_rsa.pub arnold[root]:/root:>ll -a ~test/.ssh total 64 drwx------ 2 test sys 96 Aug 24 13:41 . drwxr-xr-x 3 test users 8192 Aug 24 13:41 .. -rw-r--r-- 1 test sys 397 Aug 24 13:41 authorized_keys -rw-r----- 1 test sys 605 Aug 24 13:41 id_dsa.pub -rw-r----- 1 test sys 397 Aug 24 13:41 id_rsa.pub
Solved! Go to Solution.
- Tags:
- ssh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-24-2012 07:08 AM
тАО08-24-2012 07:08 AM
Re: SSH key not working for 1 account but working for another
that's a lot of output, it didn't fit in the first post...
ssh -vvv test@arnold OpenSSH_5.2p1+sftpfilecontrol-v1.3, OpenSSL 0.9.8k 25 Mar 2009 HP-UX Secure Shell-A.05.20.004, HP-UX Secure Shell version debug1: Reading configuration data /opt/ssh/etc/ssh_config debug3: RNG is ready, skipping seeding debug2: ssh_connect: needpriv 0 debug1: Connecting to arnold [172.16.96.6] port 22. debug1: Connection established. debug1: identity file /home/supp_th/.ssh/identity type -1 debug3: Not a RSA1 key file /home/supp_th/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /home/supp_th/.ssh/id_rsa type 1 debug3: Not a RSA1 key file /home/supp_th/.ssh/id_dsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /home/supp_th/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2-hpn debug1: match: OpenSSH_4.3p2-hpn pat OpenSSH_4* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.2 debug2: fd 4 setting O_NONBLOCK debug3: RNG is ready, skipping seeding debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 149/256 debug2: bits set: 491/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/supp_th/.ssh/known_hosts debug3: check_host_in_hostfile: match line 127 debug3: check_host_in_hostfile: filename /home/supp_th/.ssh/known_hosts debug3: check_host_in_hostfile: match line 128 debug1: Host 'arnold' is known and matches the RSA host key. debug1: Found key in /home/supp_th/.ssh/known_hosts:127 debug2: bits set: 529/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/supp_th/.ssh/identity (0) debug2: key: /home/supp_th/.ssh/id_rsa (40036ca8) debug2: key: /home/supp_th/.ssh/id_dsa (40036cc8) debug3: input_userauth_banner Performing functions on this computer with the intention of accessing any computer services, programs, or data, to which you are not authorised is a criminal offence and is prohibited under the Computer Misuse Act 1990. ANY PERSON OR COMPANY CONTRAVENING THIS POLICY WILL BE SUBJECT TO LEGAL ACTION. debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/supp_th/.ssh/identity debug3: no such identity: /home/supp_th/.ssh/identity debug1: Offering public key: /home/supp_th/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 277 debug2: input_userauth_pk_ok: fp 13:e5:90:1c:5a:ed:f7:a1:a5:8a:fa:77:3d:38:08:10 debug3: sign_and_send_pubkey debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Entering interactive session. debug2: callback start debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 1 debug2: channel 0: request shell confirm 1 debug2: fd 4 setting TCP_NODELAY debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel_input_status_confirm: type 99 id 0 debug2: PTY allocation request accepted on channel 0 debug2: channel 0: rcvd adjust 5242880 debug2: channel_input_status_confirm: type 99 id 0 debug2: shell request accepted on channel 0 Last successful login for test: Fri Aug 24 14:42:03 GMT0BST 2012 Last unsuccessful login for test: Fri Aug 24 13:44:01 GMT0BST 2012 on pts/1 Performing functions on this computer with the intention of accessing any computer services, programs, or data, to which you are not authorised is a criminal offence and is prohibited under the Computer Misuse Act 1990. ANY PERSON OR COMPANY CONTRAVENING THIS POLICY WILL BE SUBJECT TO LEGAL ACTION. (c)Copyright 1983-2000 Hewlett-Packard Co., All Rights Reserved. (c)Copyright 1979, 1980, 1983, 1985-1993 The Regents of the Univ. of California (c)Copyright 1980, 1984, 1986 Novell, Inc. (c)Copyright 1986-1992 Sun Microsystems, Inc. (c)Copyright 1985, 1986, 1988 Massachusetts Institute of Technology (c)Copyright 1989-1993 The Open Software Foundation, Inc. (c)Copyright 1986 Digital Equipment Corp. (c)Copyright 1990 Motorola, Inc. (c)Copyright 1990, 1991, 1992 Cornell University (c)Copyright 1989-1991 The University of Maryland (c)Copyright 1988 Carnegie Mellon University (c)Copyright 1991-2000 Mentat Inc. (c)Copyright 1996 Morning Star Technologies, Inc. (c)Copyright 1996 Progressive Systems, Inc. (c)Copyright 1991-2000 Isogon Corporation, All Rights Reserved. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in sub-paragraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause in DFARS 252.227-7013. Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304 U.S.A. Rights for non-DOD U.S. Government Departments and Agencies are as set forth in FAR 52.227-19(c)(1,2). Performing functions on this computer with the intention of accessing any computer services, programs, or data, to which you are not authorised is a criminal offence and is prohibited under the Computer Misuse Act 1990. ANY PERSON OR COMPANY CONTRAVENING THIS POLICY WILL BE SUBJECT TO LEGAL ACTION. OWNER=BILLING AND CUSTOMER FINANCIAL MGT $
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-24-2012 03:12 PM
тАО08-24-2012 03:12 PM
Re: SSH key not working for 1 account but working for another
Hello!.
That massive output seems to mean that the key file doesn't have the appropriate format, perhaps it got corrupted during transfer.
"debug3: Not a RSA1 key file /home/supp_th/.ssh/id_dsa."
Check /var/adm/syslog/syslog.log for details.
Good luck.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-24-2012 03:20 PM
тАО08-24-2012 03:20 PM
Re: SSH key not working for 1 account but working for another
Well, to be honest, I am using dsa everywhere, that rsa was just an attempt in desperation. Of course I tried copying it over scp or even pasting it in vi in putty multiple times. That rsa key was just an unsuccessful attempt to work around the issue... I can't believe it's just a random bug, but have tried everything.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-24-2012 04:56 PM - edited тАО08-24-2012 05:30 PM
тАО08-24-2012 04:56 PM - edited тАО08-24-2012 05:30 PM
Re: SSH key not working for 1 account but working for another
>I am using dsa everywhere, that rsa was just an attempt in desperation.
It looked like it ignored it and went on. I've heard that openssl may be able to convert between key types.
But it seems it doesn't like your other file, is this your private key file on the source side?:
Not a RSA1 key file /home/supp_th/.ssh/id_dsa.
But I also get that error and it then works for:
debug1: identity file /home/foobar/.ssh/id_dsa type 2
My id_dsa.pub file starts with: ssh-dss ...
>the permissions:
Was this on the client side or on the host arnold?
It seems that test@arnold has a valid rsa key:
Server accepts key: pkalg ssh-rsa blen 277
Have you appended supp_th's public key to the end of supp_th's authorized_keys on arnold?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-24-2012 05:34 PM
тАО08-24-2012 05:34 PM
Re: SSH key not working for 1 account but working for another
I have created a brand new pair of DSA keys and copied the .pub one to arnold:~supp_th/.ssh/authorized_keys and it didn't help.
I have also created a new pair of RSA and did a ssh -vvv arnold|grep rsa, and it even looked like it got authorized, but then again, the prompt for password... i will erase that stupid server, it sure is making fun of me...
debug3: Not a RSA1 key file /home/supp_th2/.ssh/id_rsa. debug1: identity file /home/supp_th2/.ssh/id_rsa type 1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug1: Host 'arnold' is known and matches the RSA host key. debug1: ssh_rsa_verify: signature correct debug2: key: /home/supp_th2/.ssh/id_rsa (40036c88) debug1: Offering public key: /home/supp_th2/.ssh/id_rsa Password:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-24-2012 06:09 PM
тАО08-24-2012 06:09 PM
Re: SSH key not working for 1 account but working for another
>ssh -vvv arnold | grep rsa
(Did you redirect stderr to stdout?)
Anything in the logs on arnold?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-25-2012 03:57 AM
тАО08-25-2012 03:57 AM
Re: SSH key not working for 1 account but working for another
> debug3: Not a RSA1 key file /home/supp_th/.ssh/id_dsa
This is a long-standing quirk of OpenSSH-based SSH versions: on debug level 3, spurious messages are generated as the SSH client first tries to interpret each key file as a RSA1 key.
As indicated later by a higher-priority debug message, the file is later successfully detected as a DSA key file:
> debug1: identity file /home/foobar/.ssh/id_dsa type 2
You really should check the syslog at host "arnold": if key authentication has been set up but the sshd at the server side won't accept the key, there should be a log message from sshd telling exactly why the key authentication was rejected. The error message is not sent to the client, because at that point, the client is unauthenticated and might in fact be a hostile intruder trying to get information about the system set-up for future break-in attempts. A legitimate user should be able to contact the server administrator for troubleshooting.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-25-2012 04:11 AM
тАО08-25-2012 04:11 AM
Re: SSH key not working for 1 account but working for another
@Dennis: yeah, ssh -vvv arnold 2>&1|grep -i rsa ;)
didn't really get to syslog investigating yet, these weird errors were getting all my attention:)
@Matti: I'm the admin;) I sure have to check syslog. what you say makes absolute sense. also the open ssh bug, I've seen the same issue on forums when I searched a bit. I think I will eventually recreate my account on Arnold.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-25-2012 09:32 AM
тАО08-25-2012 09:32 AM
Solutionyou guys won't believe where the problem was...
after checking the syslog on arnold, I got this:
Aug 25 17:21:09 arnold sshd[15080]: Authentication refused: bad ownership or modes for directory /home/supp_th
when I looked closer, I saw that the permissions for my homedir were 775 instead of 755, just look at the end of my first post (test user has 755). I was focused on looking for LACK of permissions, not this! Anyway, so I have fixed it and guess what? IT WORKS. don't know why on earth open ssh would require my homedir to have minimal possible permissions, or else it wouldn't work.
At any rate, thanks for your help and time!