HPE Community
Operating System - HP-UX
1820646 Members
2050 Online
109626 Solutions
New Discussion

Re: ssh private/public key authentication

 
Andrew_adm
Advisor

‎10-11-2006 02:27 AM

‎10-11-2006 02:27 AM

ssh private/public key authentication

Hi,
I´ve generated private and public keys with ssh-keygen -t dsa in two servers for non-root user (oracle in this case). I use default files for keys but it doesn´t work properly, i´ve not entered passphrase but the server response waiting for user´s password, why is it? it shouldn´t do this. These are the debug lines with ssh -v host:
$ ssh -v safi_iur
OpenSSH_4.1, OpenSSL 0.9.7e 25 Oct 2004
HP-UX Secure Shell-A.04.00.000, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to safi_iur [172.20.32.107] port 22.
debug1: Connection established.
debug1: identity file /extend/oracle/.ssh/id_rsa type -1
debug1: identity file /extend/oracle/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8
debug1: match: OpenSSH_3.8 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'safi_iur' is known and matches the RSA host key.
debug1: Found key in /extend/oracle/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /extend/oracle/.ssh/id_rsa
debug1: Offering public key: /extend/oracle/.ssh/id_dsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password:

One more question, it´s possible than another keys exist from time before, any problem if i delete id_dsa´s ?
0 Kudos
6 REPLIES 6
Jonathan Fife
Honored Contributor

‎10-11-2006 03:02 AM

‎10-11-2006 03:02 AM

Re: ssh private/public key authentication

Most of the key-exchange problems I've run into were permissions-related.

Check /var/adm/syslog/syslog.log for any errors thrown by ssh.
Decay is inherent in all compounded things. Strive on with diligence
0 Kudos
Ivan Ferreira
Honored Contributor

‎10-11-2006 05:14 AM

‎10-11-2006 05:14 AM

Re: ssh private/public key authentication

You can delete any id_dsa files that you want, but ensure that you transfer the new id_dsa.pub files to the remote host if you generate a new key.

Also, ensure that the permissions for the files are correct, in both hosts run:

chown -R oracle .ssh
chmod go-w .ssh
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
John Kelly_3
Regular Advisor

‎10-11-2006 07:35 AM

‎10-11-2006 07:35 AM

Re: ssh private/public key authentication

Permissions to check are -
Your home directory. Try 750 or 755.
The ~/.ssh directory. Set to 700
The ~/.ssh/authorized_keys file. Set to 600

Also make sure ownership is appropriate on all the above.

These are the most common problems.

JohnK
0 Kudos
Tim Nelson
Honored Contributor

‎10-11-2006 07:36 AM

‎10-11-2006 07:36 AM

Re: ssh private/public key authentication

Always seems to be one of two things.

Either the public key was pasted into the authorized_keys file or the permissions are wrong.

700 or 600 on all.
0 Kudos
Andrew_adm
Advisor

‎10-13-2006 12:51 AM

‎10-13-2006 12:51 AM

Re: ssh private/public key authentication

The problem was fixed, i think he permissions weren´t the only thing, one server had a 04.00.20 version and the other a 03.80.X, the connection worked properly un sense 04.00 to 03.80, i upgraded to 04.00 and actually, the authentication works in the two ways. The actual permission are 750 for oracle user´s home, 700 for .ssh and 600 for id_dsa.
Thanks a lot for your help.
Regards.
0 Kudos
Andrew_adm
Advisor

‎10-13-2006 12:53 AM

‎10-13-2006 12:53 AM

Re: ssh private/public key authentication

Closed xD.
Bye, and thx again!
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.