System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

SSH key not working for 1 account but working for another

 
SOLVED
Go to solution
thrubovc
Advisor

SSH key not working for 1 account but working for another

Hi all,

I have generated an SSH key and distributed it with expect for future password-less login. It works on all of our servers but one. It's HP UX 11 v1. swlist shows Oped SSH ver. 4.7p1.

I have created another account on the same box and tried logging in from the same server that didn't work before, and now it does. the first code is an unsuccessful ssh -vvv servername, the second one is a successful one.

I don't know what to think about this, can't it be a bug? why would one account work and another one not?

 

ssh -vvv arnold
OpenSSH_5.2p1+sftpfilecontrol-v1.3, OpenSSL 0.9.8k 25 Mar 2009
HP-UX Secure Shell-A.05.20.004, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug3: RNG is ready, skipping seeding
debug2: ssh_connect: needpriv 0
debug1: Connecting to arnold [172.16.96.6] port 22.
debug1: Connection established.
debug1: identity file /home/supp_th/.ssh/identity type -1
debug3: Not a RSA1 key file /home/supp_th/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/supp_th/.ssh/id_rsa type 1
debug3: Not a RSA1 key file /home/supp_th/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/supp_th/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2-hpn
debug1: match: OpenSSH_4.3p2-hpn pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug2: fd 4 setting O_NONBLOCK
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 128/256
debug2: bits set: 504/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/supp_th/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 127
debug3: check_host_in_hostfile: filename /home/supp_th/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 128
debug1: Host 'arnold' is known and matches the RSA host key.
debug1: Found key in /home/supp_th/.ssh/known_hosts:127
debug2: bits set: 489/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/supp_th/.ssh/identity (0)
debug2: key: /home/supp_th/.ssh/id_rsa (40036c88)
debug2: key: /home/supp_th/.ssh/id_dsa (40036ca8)
debug3: input_userauth_banner

Performing functions on this computer with the intention of accessing any computer
services, programs, or data, to which you are not authorised is a criminal offence
and is prohibited under the Computer Misuse Act 1990.

ANY PERSON OR COMPANY CONTRAVENING THIS POLICY WILL BE SUBJECT TO LEGAL ACTION.


debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/supp_th/.ssh/identity
debug3: no such identity: /home/supp_th/.ssh/identity
debug1: Offering public key: /home/supp_th/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering public key: /home/supp_th/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:

 

 

oh and of course, the permissions:

arnold[root]:/root:>ll -a ~supp_th
total 112
drwxrwxr-x   3 supp_th    users         8192 Aug 24 14:55 .
drwxr-xr-x  31 root       root          8192 Aug 24 13:40 ..
-r--r-----   1 supp_th    users          842 Jun 19 12:29 .cshrc
-r--r-----   1 supp_th    users          347 Jun 19 12:29 .exrc
-r--r-----   1 supp_th    users          344 Jun 19 12:29 .login
-r--r-----   1 supp_th    users          968 Jul  2 09:43 .profile
-rw-------   1 supp_th    users         1234 Aug 24 15:01 .sh_history
drwx------   2 supp_th    sys             96 Aug 24 13:30 .ssh
arnold[root]:/root:>ll -a ~test
total 112
drwxr-xr-x   3 test       users         8192 Aug 24 13:41 .
drwxr-xr-x  31 root       root          8192 Aug 24 13:40 ..
-r--r--r--   1 test       users          842 Aug 24 13:40 .cshrc
-r--r--r--   1 test       users          347 Aug 24 13:40 .exrc
-r--r--r--   1 test       users          344 Aug 24 13:40 .login
-r--r--r--   1 test       users          449 Aug 24 13:40 .profile
-rw-------   1 test       users           68 Aug 24 14:50 .sh_history
drwx------   2 test       sys             96 Aug 24 13:41 .ssh
arnold[root]:/root:>ll -a ~supp_th/.ssh
total 64
drwx------   2 supp_th    sys             96 Aug 24 13:30 .
drwxrwxr-x   3 supp_th    users         8192 Aug 24 14:55 ..
-rw-r--r--   1 supp_th    sys            397 Aug 24 13:35 authorized_keys
-rw-r-----   1 supp_th    sys            605 Aug 24 13:24 id_dsa.pub
-rw-r-----   1 supp_th    sys            397 Aug 24 13:32 id_rsa.pub
arnold[root]:/root:>ll -a ~test/.ssh
total 64
drwx------   2 test       sys             96 Aug 24 13:41 .
drwxr-xr-x   3 test       users         8192 Aug 24 13:41 ..
-rw-r--r--   1 test       sys            397 Aug 24 13:41 authorized_keys
-rw-r-----   1 test       sys            605 Aug 24 13:41 id_dsa.pub
-rw-r-----   1 test       sys            397 Aug 24 13:41 id_rsa.pub

 

10 REPLIES
thrubovc
Advisor

Re: SSH key not working for 1 account but working for another

that's a lot of output, it didn't fit in the first post...

 

ssh -vvv test@arnold
OpenSSH_5.2p1+sftpfilecontrol-v1.3, OpenSSL 0.9.8k 25 Mar 2009
HP-UX Secure Shell-A.05.20.004, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug3: RNG is ready, skipping seeding
debug2: ssh_connect: needpriv 0
debug1: Connecting to arnold [172.16.96.6] port 22.
debug1: Connection established.
debug1: identity file /home/supp_th/.ssh/identity type -1
debug3: Not a RSA1 key file /home/supp_th/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/supp_th/.ssh/id_rsa type 1
debug3: Not a RSA1 key file /home/supp_th/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/supp_th/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2-hpn
debug1: match: OpenSSH_4.3p2-hpn pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug2: fd 4 setting O_NONBLOCK
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 149/256
debug2: bits set: 491/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/supp_th/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 127
debug3: check_host_in_hostfile: filename /home/supp_th/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 128
debug1: Host 'arnold' is known and matches the RSA host key.
debug1: Found key in /home/supp_th/.ssh/known_hosts:127
debug2: bits set: 529/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/supp_th/.ssh/identity (0)
debug2: key: /home/supp_th/.ssh/id_rsa (40036ca8)
debug2: key: /home/supp_th/.ssh/id_dsa (40036cc8)
debug3: input_userauth_banner

Performing functions on this computer with the intention of accessing any computer
services, programs, or data, to which you are not authorised is a criminal offence
and is prohibited under the Computer Misuse Act 1990.

ANY PERSON OR COMPANY CONTRAVENING THIS POLICY WILL BE SUBJECT TO LEGAL ACTION.


debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/supp_th/.ssh/identity
debug3: no such identity: /home/supp_th/.ssh/identity
debug1: Offering public key: /home/supp_th/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: fp 13:e5:90:1c:5a:ed:f7:a1:a5:8a:fa:77:3d:38:08:10
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: fd 4 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 5242880
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last   successful login for test: Fri Aug 24 14:42:03 GMT0BST 2012
Last unsuccessful login for test: Fri Aug 24 13:44:01 GMT0BST 2012 on pts/1


Performing functions on this computer with the intention of accessing any computer
services, programs, or data, to which you are not authorised is a criminal offence
and is prohibited under the Computer Misuse Act 1990.

ANY PERSON OR COMPANY CONTRAVENING THIS POLICY WILL BE SUBJECT TO LEGAL ACTION.


(c)Copyright 1983-2000 Hewlett-Packard Co.,  All Rights Reserved.
(c)Copyright 1979, 1980, 1983, 1985-1993 The Regents of the Univ. of California
(c)Copyright 1980, 1984, 1986 Novell, Inc.
(c)Copyright 1986-1992 Sun Microsystems, Inc.
(c)Copyright 1985, 1986, 1988 Massachusetts Institute of Technology
(c)Copyright 1989-1993  The Open Software Foundation, Inc.
(c)Copyright 1986 Digital Equipment Corp.
(c)Copyright 1990 Motorola, Inc.
(c)Copyright 1990, 1991, 1992 Cornell University
(c)Copyright 1989-1991 The University of Maryland
(c)Copyright 1988 Carnegie Mellon University
(c)Copyright 1991-2000 Mentat Inc.
(c)Copyright 1996 Morning Star Technologies, Inc.
(c)Copyright 1996 Progressive Systems, Inc.
(c)Copyright 1991-2000 Isogon Corporation, All Rights Reserved.


                           RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the U.S. Government is subject to
restrictions as set forth in sub-paragraph (c)(1)(ii) of the Rights in
Technical Data and Computer Software clause in DFARS 252.227-7013.

                           Hewlett-Packard Company
                           3000 Hanover Street
                           Palo Alto, CA 94304 U.S.A.

Rights for non-DOD U.S. Government Departments and Agencies are as set
forth in FAR 52.227-19(c)(1,2).

Performing functions on this computer with the intention of accessing any computer
services, programs, or data, to which you are not authorised is a criminal offence
and is prohibited under the Computer Misuse Act 1990.

ANY PERSON OR COMPANY CONTRAVENING THIS POLICY WILL BE SUBJECT TO LEGAL ACTION.



OWNER=BILLING AND CUSTOMER FINANCIAL MGT
$

 

Leopoldo González
Regular Visitor

Re: SSH key not working for 1 account but working for another

Hello!.

 

That massive output seems to mean that the key file doesn't have the appropriate format, perhaps it got corrupted during transfer.

 

"debug3: Not a RSA1 key file /home/supp_th/.ssh/id_dsa."

 

Check /var/adm/syslog/syslog.log for details.

 

Good luck.

thrubovc
Advisor

Re: SSH key not working for 1 account but working for another

Well, to be honest, I am using dsa everywhere, that rsa was just an attempt in desperation. Of course I tried copying it over scp or even pasting it in vi in putty multiple times. That rsa key was just an unsuccessful attempt to work around the issue... I can't believe it's just a random bug, but have tried everything.

Dennis Handly
Acclaimed Contributor

Re: SSH key not working for 1 account but working for another

>I am using dsa everywhere, that rsa was just an attempt in desperation.

 

It looked like it ignored it and went on.  I've heard that openssl may be able to convert between key types.

But it seems it doesn't like your other file, is this your private key file on the source side?:

   Not a RSA1 key file /home/supp_th/.ssh/id_dsa.

 

But I also get that error and it then works for:

   debug1: identity file /home/foobar/.ssh/id_dsa type 2

 

My id_dsa.pub file starts with: ssh-dss ...

 

>the permissions:

 

Was this on the client side or on the host arnold?

It seems that test@arnold has a valid rsa key:

   Server accepts key: pkalg ssh-rsa blen 277

 

Have you appended supp_th's public key to the end of supp_th's authorized_keys on arnold?

thrubovc
Advisor

Re: SSH key not working for 1 account but working for another

I have created a brand new pair of DSA keys and copied the .pub one to arnold:~supp_th/.ssh/authorized_keys and it didn't help.

I have also created a new pair of RSA and did a ssh -vvv arnold|grep rsa, and it even looked like it got authorized, but then again, the prompt for password... i will erase that stupid server, it sure is making fun of me...

debug3: Not a RSA1 key file /home/supp_th2/.ssh/id_rsa.
debug1: identity file /home/supp_th2/.ssh/id_rsa type 1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug1: Host 'arnold' is known and matches the RSA host key.
debug1: ssh_rsa_verify: signature correct
debug2: key: /home/supp_th2/.ssh/id_rsa (40036c88)
debug1: Offering public key: /home/supp_th2/.ssh/id_rsa
Password: 

 

Dennis Handly
Acclaimed Contributor

Re: SSH key not working for 1 account but working for another

>ssh -vvv arnold | grep rsa

 

(Did you redirect stderr to stdout?)

 

Anything in the logs on arnold?

Matti_Kurkela
Honored Contributor

Re: SSH key not working for 1 account but working for another

> debug3: Not a RSA1 key file /home/supp_th/.ssh/id_dsa

 

This is a long-standing quirk of OpenSSH-based SSH versions: on debug level 3, spurious messages are generated as the SSH client first tries to interpret each key file as a RSA1 key.

 

As indicated later by a higher-priority debug message, the file is later successfully detected as a DSA key file:

 

> debug1: identity file /home/foobar/.ssh/id_dsa type 2

 

You really should check the syslog at host "arnold": if key authentication has been set up but the sshd at the server side won't accept the key, there should be a log message from sshd telling exactly why the key authentication was rejected. The error message is not sent to the client, because at that point, the client is unauthenticated and might in fact be a hostile intruder trying to get information about the system set-up for future break-in attempts. A legitimate user should be able to contact the server administrator for troubleshooting.

MK
thrubovc
Advisor

Re: SSH key not working for 1 account but working for another

@Dennis: yeah, ssh -vvv arnold 2>&1|grep -i rsa ;)

didn't really get to syslog investigating yet, these weird errors were getting all my attention:)

@Matti: I'm the admin;) I sure have to check syslog. what you say makes absolute sense. also the open ssh bug, I've seen the same issue on forums when I searched a bit. I think I will eventually recreate my account on Arnold.

thrubovc
Advisor
Solution

Re: SSH key not working for 1 account but working for another

you guys won't believe where the problem was...

after checking the syslog on arnold, I got this:

Aug 25 17:21:09 arnold sshd[15080]: Authentication refused: bad ownership or modes for directory /home/supp_th

 when I looked closer, I saw that the permissions for my homedir were 775 instead of 755, just look at the end of my first post (test user has 755). I was focused on looking for LACK of permissions, not this! Anyway, so I have fixed it and guess what? IT WORKS. don't know why on earth open ssh would require my homedir to have minimal possible permissions, or else it wouldn't work.

At any rate, thanks for your help and time!

Dennis Handly
Acclaimed Contributor

Re: SSH key not working for 1 account but working for another

>don't know why on earth open ssh would require my homedir to have minimal possible permissions

 

Security of course.  A group member could move the .ssh directory and put his own there.