HPE Community
Operating System - HP-UX
1828038 Members
1925 Online
109973 Solutions
New Discussion

ssh keys

 
SOLVED
Go to solution
fizan
Super Advisor

‎04-24-2010 09:57 PM

‎04-24-2010 09:57 PM

ssh keys

rx26-183 from this node i generated the public key & uploaded in the rx26-184. so passwordless login is happnening.

2.from rx26-184 generated a public key & uploaded in the rx26-183.psswordless login happens.

3. but when i login again from rx26-183 to rx26-184 it's asking for password.

botht the keys are uploaded in both server.

Thanks
0 Kudos
Reply
10 REPLIES 10
Steven Schweda
Honored Contributor

‎04-24-2010 10:23 PM

‎04-24-2010 10:23 PM

Re: ssh keys

As usual, some basic information might be
nice. For example:

uname -a
ssh -V

> [...]
> botht the keys are uploaded in both server.

After all that, I don't really know which key
files are where, or who owns them, or what
their permissions are. Showing actual
commands with their actual output can be more
helpful than vague descriptions and
interpretations.

Adding "-v" (or "-vv", or ...) to an "ssh"
command might provide some useful
information. Potentially interesting, as a
start:

who am i
ls -ld ~/.ssh
ls -l ~/.ssh

(on both systems).

The system log file on the server often has
something to say about SSH login problems.

There must be dozens of old Forum threads on
various SSH problems, too.
Reply
madhuchakkaravarthy
Trusted Contributor

‎04-24-2010 10:41 PM

‎04-24-2010 10:41 PM

Re: ssh keys

hi

in host1

1.mkdir .ssh
cd .ssh
ssh-keygen -t rsa
two files will be generating
add the host entry of host2 in host1 in /etc/hosts.

in host2

create a dir .ssh
copy the id.rsa.pub key in to .ssh of ur home dir.and the same u redirect to authorized_keys.
set 700 for .ssh and 600 for authorized keys
--
follow this step

regards

MC
0 Kudos
Reply
madhuchakkaravarthy
Trusted Contributor

‎04-24-2010 10:44 PM

‎04-24-2010 10:44 PM

Re: ssh keys

hi

just left final steps

ssh [ipaddress or hostname ]

then it will be added permanently in knowhost file in host1.

regards

MC
Reply
fizan
Super Advisor

‎04-24-2010 10:52 PM

‎04-24-2010 10:52 PM

Re: ssh keys

[rx26-183]/.ssh
# ll
total 80
-rw-r--r-- 1 root sys 573 Apr 25 01:57 16.118.112.88
-rw------- 1 root sys 2203 Apr 25 01:46 authorized_keys
-rw------- 1 root sys 1675 Apr 25 01:43 id_rsa
-rw-r--r-- 1 root sys 395 Apr 25 01:46 id_rsa.pub
-rw-r--r-- 1 root sys 884 Apr 25 01:47 known_hosts
[rx26-183]/.ssh
# ls -ld /.ssh
drwxr-xr-x 2 root sys 8192 Apr 25 02:49 /.ssh
[rx26-183]/.ssh
------------------------------

[rx26-184]/
# ls -ld /.ssh
drwxr-xr-x 2 root sys 8192 Apr 25 01:48 /.ssh
[rx26-184]/
# cd .ssh
[rx26-184]/.ssh
# ll
total 80
-rw------- 1 root sys 2598 Apr 25 01:48 authorized_keys
-rw------- 1 root sys 1675 Apr 25 01:45 id_rsa
-rw-r--r-- 1 root sys 395 Apr 25 01:45 id_rsa.pub
-rw-r--r-- 1 root sys 395 Apr 25 01:47 id_rsa.pub.old
-rw-r--r-- 1 root sys 884 Apr 25 01:46 known_hosts
-----------------------------------------

HP-UX rx26-183 B.11.31 U ia64 3870505015 unlimited-user license
0 Kudos
Reply
fizan
Super Advisor

‎04-24-2010 10:57 PM

‎04-24-2010 10:57 PM

Re: ssh keys

Madhu changed the permissions to 700 for .ssh dir and 600 for authorized-keys.

Now also it asks for passwd::

# sftp -v root@rx26-184
Connecting to rx26-184...
OpenSSH_4.7p1+sftpfilecontrol-v1.2-hpn12v17, OpenSSL 0.9.7m 23 Feb 2007
HP-UX Secure Shell-A.04.70.023, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to rx26-184 [16.118.112.88] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/3
debug1: identity file /.ssh/id_rsa type 1
debug1: identity file /.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7p1+sftpfilecontrol-v1.2-hpn12v17
debug1: match: OpenSSH_4.7p1+sftpfilecontrol-v1.2-hpn12v17 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7p1+sftpfilecontrol-v1.2-hpn12v17
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'rx26-184' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
0 Kudos
Reply
Raj D.
Honored Contributor

‎04-24-2010 11:14 PM

‎04-24-2010 11:14 PM

Solution

Re: ssh keys

fizan,

try following again to have transparent loging from : rx26-183 to rx26-184.

- Also make sure both the server having same ssh & same ver.

1. on rx26-183:
# ssh-keygen -t dsa

2. Copy the file : id-dsa.pub to rx26-184 in the user path: (in this case root user example)
id-dsa.pub -> copy to rx26-184:/root/.ssh/authorized_keys

3. From rx26-183 try transparent login:
rx26-183:#: ssh rx26-183




Hth,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
Reply
Raj D.
Honored Contributor

‎04-24-2010 11:21 PM

‎04-24-2010 11:21 PM

Re: ssh keys

fizan,

Also check the permissions on the home directory of the user ,
check the following link, most likely you have permission issue :




http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1303925


http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1364024


Hth,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
Steven Schweda
Honored Contributor

‎04-25-2010 05:45 AM

‎04-25-2010 05:45 AM

Re: ssh keys

> SSH-2.0-OpenSSH_4.7p1+sftpfilecontrol-v1.2-hpn12v17

Not exactly the latest stuff, but that's
probably not the biggest problem here.


What is this junk?:

-rw-r--r-- 1 root sys 573 Apr 25 01:57 16.118.112.88

-rw-r--r-- 1 root sys 395 Apr 25 01:47 id_rsa.pub.old


How did you get a public+private key pair
with modified-date-times which differ by
three minutes?:

-rw------- 1 root sys 1675 Apr 25 01:43 id_rsa
-rw-r--r-- 1 root sys 395 Apr 25 01:46 id_rsa.pub


I can't see what you have in your
authorized_keys files.


> [...]
> debug1: Next authentication method: publickey
> debug1: Offering public key: /.ssh/id_rsa
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> [...]

The server did not find an appropriate key
for that in the user's authorized_keys file.

Note: "Offering public key: /.ssh/id_rsa".
That should be a _private_ key. A _public_
key should be named "xxx.pub".

I can't see what's in your key files, but,
from what I can see, they seem to be mostly
corrupt. I would throw all this stuff away,
and try again.


A working log-in sequence should look more
like the following. (My keys are DSA, not
RSA, but it all looks similar.)

> dyi # ssh -v -l sms alp-l
OpenSSH_5.2p1+sftpfilecontrol-v1.3-hpn13v5, OpenSSL 0.9.8k 25 Mar 2009
> [...]
> debug1: Trying private key: /root/.ssh/id_dsa
> debug1: read PEM private key done: type DSA
> debug1: Authentication succeeded (publickey).
> [...]
0 Kudos
Reply
Steven Schweda
Honored Contributor

‎04-25-2010 02:02 PM

‎04-25-2010 02:02 PM

Re: ssh keys

If you're generating different key file pairs
on different systems, then you might get less
confusion if you give them different names.
For example:
id_rsa-183
id_rsa-183.pub
id_rsa-184
id_rsa-184.pub

Then, on any particular system, you could
create a symbolic link to one of the real key
files from a name which the SSH client will
try to use. For example:

ln -s id_rsa-183 ~/.ssh2/id_rsa
0 Kudos
Reply
fizan
Super Advisor

‎04-25-2010 06:09 PM

‎04-25-2010 06:09 PM

Re: ssh keys

fine steven,

now the two way communication happens. as that key was corrupted.

Thanks
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.