HPE Community
Operating System - HP-UX
1835104 Members
2432 Online
110076 Solutions
New Discussion

Re: Problem with rsa key access

 
AsKZ
New Member

‎09-14-2006 04:06 PM

‎09-14-2006 04:06 PM

Problem with rsa key access

Hi all, please, please, help me to resolve next problem:

itanium@root #uname -a
HP-UX itanium B.11.23 U ia64 0685126137 unlimited-user license
itanium@root #ssh -v
OpenSSH_4.3p2-hpn, OpenSSL 0.9.7i 14 Oct 2005
HP-UX Secure Shell-A.04.30.015, HP-UX Secure Shell version

itanium@root #ssh-keygen -t rsa
Generating public/private rsa key pair.
Please be patient.... Key generation may take a few minutes
Enter file in which to save the key (//.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in //.ssh/id_rsa.
Your public key has been saved in //.ssh/id_rsa.pub.
The key fingerprint is:
f5:0b:67:42:42:17:b3:5b:a6:b0:79:94:12:6e:0a:d9 root@itanium
itanium@root #ll
total 48
-rw------- 1 root sys 1675 Sep 14 22:02 id_rsa
-rw-r--r-- 1 root sys 394 Sep 14 22:02 id_rsa.pub
-rw-r--r-- 1 root sys 686 Sep 8 03:25 known_hosts
itanium@root #cp id_rsa.pub authorized_keys
itanium@root #ll
total 64
-rw-r--r-- 1 root sys 394 Sep 14 22:02 authorized_keys
-rw------- 1 root sys 1675 Sep 14 22:02 id_rsa
-rw-r--r-- 1 root sys 394 Sep 14 22:02 id_rsa.pub
-rw-r--r-- 1 root sys 686 Sep 8 03:25 known_hosts

itanium@root #ssh -v itanium
OpenSSH_4.3p2-hpn, OpenSSL 0.9.7i 14 Oct 2005
HP-UX Secure Shell-A.04.30.015, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to itanium [192.168.1.223] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/3
debug1: identity file /.ssh/id_rsa type 1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2-hpn
debug1: match: OpenSSH_4.3p2-hpn pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3p2-hpn
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'itanium' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased
debug1: Next authentication method: publickey
debug1: Offering public key: /.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased
debug1: Next authentication method: keyboard-interactive
Password:
itanium@root #


So, trusts not working.
How additional information i must attach to resolve this problem?
Really problem with more 2 hosts, for best example, i attach info about one host.
0 Kudos
7 REPLIES 7
Mel Burslan
Honored Contributor

‎09-14-2006 05:08 PM

‎09-14-2006 05:08 PM

Re: Problem with rsa key access

chmod 640 authorized_keys
chmod 700 ~root/.ssh

then try it again. sshd is very picky about the permissions of the .ssh directory and the authorized_keys file.

hope this helps.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Rajeev Shukla
Honored Contributor

‎09-14-2006 05:22 PM

‎09-14-2006 05:22 PM

Re: Problem with rsa key access

Yes thats right ssh doesn't behave well if the permissions are incorrect
have your ~root/.ssh/authorized_keys to 600 and ~root/.ssh to 700
Also look at the messages in syslog for more info
0 Kudos
AsKZ
New Member

‎09-14-2006 06:27 PM

‎09-14-2006 06:27 PM

Re: Problem with rsa key access

itanium@root #ll -d /.ssh/ /.ssh/authorized_keys
drwx------ 2 root sys 8192 Sep 14 22:06 /.ssh/
-rw------- 1 root sys 394 Sep 14 22:06 /.ssh/authorized_keys
itanium@root #
itanium@root #ssh -v itanium
OpenSSH_4.3p2-hpn, OpenSSL 0.9.7i 14 Oct 2005
HP-UX Secure Shell-A.04.30.015, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to itanium [192.168.1.223] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/3
debug1: identity file /.ssh/id_rsa type 1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2-hpn
debug1: match: OpenSSH_4.3p2-hpn pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3p2-hpn
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'itanium' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased
debug1: Next authentication method: publickey
debug1: Offering public key: /.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased
debug1: Next authentication method: keyboard-interactive
Password:
itanium@root #
0 Kudos
Mel Burslan
Honored Contributor

‎09-15-2006 06:45 AM

‎09-15-2006 06:45 AM

Re: Problem with rsa key access

could you possibly cut-n-paste the output of this command :

grep -v ^# /opt/ssh/etc/sshd_config

________________________________
UNIX because I majored in cryptology...
0 Kudos
AsKZ
New Member

‎09-17-2006 05:25 PM

‎09-17-2006 05:25 PM

Re: Problem with rsa key access

root@sgds3# grep -v ^# /opt/ssh/etc/sshd_config | strings
Protocol 2
HostKey /opt/ssh/etc/ssh_host_key
HostKey /opt/ssh/etc/ssh_host_rsa_key
HostKey /opt/ssh/etc/ssh_host_dsa_key
KerberosAuthentication yes
GSSAPIAuthentication yes
UsePAM yes
X11Forwarding yes
X11UseLocalhost no
UseDNS no
Subsystem sftp /opt/ssh/libexec/sftp-server
0 Kudos
AsKZ
New Member

‎09-17-2006 05:38 PM

‎09-17-2006 05:38 PM

Re: Problem with rsa key access

Sorry, previous information about another host. For original host, next configuration:

itanium@root #grep -v ^# /opt/ssh/etc/sshd_config | strings
Protocol 2
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
HostbasedAuthentication yes
KerberosAuthentication yes
UsePAM yes
X11Forwarding yes
X11UseLocalhost no
Subsystem sftp /opt/ssh/libexec/sftp-server


itanium@root #grep -v ^# /opt/ssh/etc/ssh_config | strings
RSAAuthentication yes
PasswordAuthentication yes
HostbasedAuthentication no
IdentityFile ~/.ssh/id_rsa
Protocol 2

Thanks for answers, i`m already resolve problem.
0 Kudos
AsKZ
New Member

‎09-17-2006 05:46 PM

‎09-17-2006 05:46 PM

Re: Problem with rsa key access

One of previous administrators.. Set owner for "/" another of "root" user.

Thank`s for all )
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.