HPE Community
Operating System - HP-UX
1819681 Members
3459 Online
109605 Solutions
New Discussion юеВ

ssh authorized_keys not working

 
CRollins
Advisor

тАО10-22-2007 05:54 AM

тАО10-22-2007 05:54 AM

ssh authorized_keys not working

i have authorized keys set up between 2 servers for the root and oracle accounts. the ssh connection is working 3 of the 4 ways without a passwd. i.e.

ssh is working without a passwd ...
root server1 to root server2
root server2 to root server1
oracle server2 to oracle server1

ssh is not working ...

oracle server1 to oracle server2


all of the keys have been set up and copied exactly the same way. i have also regenerated the key and redone the process multiple times for that account. i have checked filesystem permissoins. And i have verified the sshd_config file is the same on both servers.

This is driving me absolutely nuts. Please help!


0 Kudos
Reply
7 REPLIES 7
Patrick Wallek
Honored Contributor

тАО10-22-2007 06:01 AM

тАО10-22-2007 06:01 AM

Re: ssh authorized_keys not working

Try doing an 'ssh -v' or 'ssh -vvv' between server1 and server2 as oracle and see what errors come up.

Generally ssh not working is due to permissions being too open on the home directory, the .ssh dir in the home directory or the files in the .ssh dir.
0 Kudos
Reply
CRollins
Advisor

тАО10-22-2007 06:04 AM

тАО10-22-2007 06:04 AM

Re: ssh authorized_keys not working

$ ssh -v server2
OpenSSH_4.5p1+sftpfilecontrol-v1.1-hpn12v14, OpenSSL 0.9.7l 28 Sep 2006
HP-UX Secure Shell-A.04.50.003, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to kdippi2 [166.20.121.29] port 22.
debug1: Connection established.
debug1: identity file /u01/app/oracle/.ssh/id_rsa type 1
debug1: identity file /u01/app/oracle/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.5p1+sftpfilecontrol-v1.1-hpn12v14
debug1: match: OpenSSH_4.5p1+sftpfilecontrol-v1.1-hpn12v14 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5p1+sftpfilecontrol-v1.1-hpn12v14
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'kdippi2' is known and matches the RSA host key.
debug1: Found key in /u01/app/oracle/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /u01/app/oracle/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /u01/app/oracle/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО10-22-2007 06:06 AM

тАО10-22-2007 06:06 AM

Re: ssh authorized_keys not working

Hmm...Not much there. Check /var/adm/syslog/syslog.log on server2 for any ssh related errors.
0 Kudos
Reply
CRollins
Advisor

тАО10-22-2007 06:12 AM

тАО10-22-2007 06:12 AM

Re: ssh authorized_keys not working

do you know what the permissions should be?



Oct 22 14:13:37 server1 sshd[2761]: Authentication refused: bad ownership or modes for directory /u01/app/oracle
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО10-22-2007 06:28 AM

тАО10-22-2007 06:28 AM

Re: ssh authorized_keys not working

Compare to the permissions for the oracle dir between server1 and server2. Since it appears that server2 to server1 works, try setting the permissions on server2 to the same as server1.
0 Kudos
Reply
Doug O'Leary
Honored Contributor

тАО10-22-2007 08:07 AM

тАО10-22-2007 08:07 AM

Re: ssh authorized_keys not working

Hey;

permissions should be

no more than 755 for ${HOME}
700 for ~/.ssh and
no more than 644 for ~/.ssh/authorized_keys

Oracle installations tend to use 775 for directories and 664 for files as it allows dba group write access. That will prevent ssh/PKA from working.

Doug

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
Reply
Tim Nelson
Honored Contributor

тАО10-22-2007 09:57 AM

тАО10-22-2007 09:57 AM

Re: ssh authorized_keys not working

All the above and...

/var/adm/syslog/syslog.log does a good job at pointing out the ssh issues if any. Especially if the home directory permissions are wrong.



0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.