Operating System - HP-UX
1830165 Members
5960 Online
109999 Solutions
New Discussion

SSH authentication problems

 
SOLVED
Go to solution
dictum9
Super Advisor

SSH authentication problems

Trying to ssh from a Itanium box running 11.23 and OpenSSH version 4.2 to a Solaris 8 machine running OpenSSH 3.5.

Even though I copied the public key of the client to the $HOME/.ssh/authorized_keys of the user on the ssh server box, I still cannot authenticate passwordlessly.

I checked, $HOME/.ssh directory is 700 and all files beneath also. DNS doesn't seem to be an issue. Why is this happening?

# ssh -v -v -v pin@baja
...
debug2: key: /apps/acta/.ssh/id_rsa (00000000)
debug2: key: /apps/acta/.ssh/id_dsa (4004e8b0)
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /apps/acta/.ssh/id_rsa
debug3: no such identity: /apps/acta/.ssh/id_rsa
debug1: Offering public key: /apps/acta/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
pin@baja's password:
debug3: packet_send2: adding 24 (len 96 padlen 8 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
pin@baja's password:
12 REPLIES 12
Bill Hassell
Honored Contributor
Solution

Re: SSH authentication problems

The files must be 400 or 600, not 700. The .ssh directory must be 700 *and* $HOME must be 755 (no directory write capability except by owner). Make sure the public key is one line from the ssh-dsa to ==.


Bill Hassell, sysadmin
skt_skt
Honored Contributor

Re: SSH authentication problems

In linux /etc/security/access.conf limits the ssh connection from other hosts (other than the ssh keys), Check if you have something similar in solaris
dictum9
Super Advisor

Re: SSH authentication problems

Bill,

Check, check and check. All looks good yet it still asks for a password. Could it be that the server cannot have a lower version than the client?

server=OpenSSH 3.5 on hp-ux 11.23
client=OpenSSH 4.2 on solaris 8


skt_skt
Honored Contributor

Re: SSH authentication problems

here between the linux server i have a lower version at server side.

Still it works from lower version to higher version.But it is linux
dictum9
Super Advisor

Re: SSH authentication problems

I have worked with ssh a lot in the past but this one has me completely confused, going over the checklist everything looks good but won't authenticate without passwords.

I am using ssh in a script so it must work without passwords.
shardam
Frequent Advisor

Re: SSH authentication problems

Hi, try to set the authorized_keys to have permission of 644 for both client and server. Take note both client and server mush have the same type of key. If the server use dsa type then client must be the same.
Javed Khan_1
Valued Contributor

Re: SSH authentication problems

Hi,
I do faced simillar problem in solaris 8 .
looks like the home directory of user pin on baja is not standard ( i.e /export/home/pin 755)
Simple would be change the home directory to standard and create soft link ..

Also check the permission of .ssh directory (700)
and authorized_keys ( 600)
Regards,
Javed
Never Give Up
dictum9
Super Advisor

Re: SSH authentication problems

Check, check and check. It's none of the above. It still defaults to the password.
dictum9
Super Advisor

Re: SSH authentication problems


Any SSH gurus???


Here is from syslog on SSH server (Solaris 8)


Jul 19 10:34:20 bava sshd[22662]: [ID 800047 auth.info] Connection from xxx.xxx.xxx.xxx port 61587
Jul 19 10:34:20 bava sshd[22662]: [ID 800047 auth.info] Enabling compatibility mode for protocol 2.0
Jul 19 10:34:20 bava sshd[22662]: [ID 800047 auth.info] WARNING: /usr/local/etc/primes does not exist, using old prime
Jul 19 10:34:20 bava sshd[22662]: [ID 800047 auth.info] Failed none for user1 from xxx.xxx.xxx.xxx port 61587 ssh2
Jul 19 10:34:20 bava sshd[22662]: [ID 800047 auth.info] Failed publickey for user1 from xxx.xxx.xxx.xxx port 61587 ssh2
dictum9
Super Advisor

Re: SSH authentication problems

I figured it out!

Because I am using protocol 2 only, they public keys need to go to the file

$HOME/.ssh/authorized_keys2

Doug O'Leary
Honored Contributor

Re: SSH authentication problems

Hey;

Check the sshd_config for "PubkeyAuthentication no". It should default to yes, but if someone doesn't like PKA, they may have reset it. Also check on the other entries in that file for anything that looks untoward.

Finally, check ssh_config for any entries that might be messing you up.

HTH;

Doug

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
Robert-Jan Goossens
Honored Contributor

Re: SSH authentication problems

etc,

Have a look at these configuration instructions.

http://www.sun.com/bigadmin/content/submitted/ssh_setting.html

Regards,
Robert-Jan