Operating System - HP-UX
1830939 Members
1921 Online
110017 Solutions
New Discussion

SSH Problem keeps asking password

 
SOLVED
Go to solution

SSH Problem keeps asking password

I have two HP-UX servres (csux002 and csux011), that have host equivalences between them through ssh. Nevertheless i can't login without password with an user (oracle) from one host (csux011) to the other (csux002) even though i can login in the opposite direction and with other users (root, luiz, etc).

Attached is the output from the following command:

$ ssh -vvv csux002

The versions are:

csux011 (HP-UX 11.00)
HP-UX port of OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f

csux002 (HP-UX 11.00)
HP-UX Secure Shell-A.04.30.014, HP-UX Secure Shell version

I already reconfigured a few times, tried to configure with 1024 and 2048 bits keys. I also tried to use the key generated with the command below:

$ ssh-keygen -e -f id_rsa.pub > id_rsa_new.pub

Thanks in advance.
6 REPLIES 6
John Payne_2
Honored Contributor

Re: SSH Problem keeps asking password

Luiz,

It's complaining about however you have your public/private key set up:

debug1: try pubkey: /home/oracle/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: try privkey: /home/oracle/.ssh/id_dsa
debug3: no such identity: /home/oracle/.ssh/id_dsa
debug2: we did not send a packet, disable method

It can't match the 2 up. Are you sure you set them up correctly?

John
Spoon!!!!
Berd
Trusted Contributor

Re: SSH Problem keeps asking password

Luiz,

Please take a look at the attached link,

https://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1125086

I do recall that SSH is very picky about directory and file permissions. So these maybe worth checking.

Regards,
Berd
Matti_Kurkela
Honored Contributor
Solution

Re: SSH Problem keeps asking password

Note that the id_rsa key is sent, but the server won't acknowledge it. There should be a line saying something like "server accepts key" after the "debug2: we sent a publickey packet, wait for reply" line.

You might want to get the server-side debug logs to find out what causes the server to reject the key. If there is no firewall between the two computers, you could do this:
- on csux002:
execute /opt/ssh/sbin/sshd -p 2222 -ddd

- on csux011:
execute ssh -vvv -p 2222 csux002
using the user account that has the keys set up.

The sshd-side debug output on csux002 should reveal why the key is being ignored.

Some common causes are:
- too relaxed permissions on csux002: check the permissions of the user's home directory (drwxr-xr-x is the maximum allowed; if there are any more w's, sshd won't trust any public keys it finds), ~/.ssh directory (ditto) or ~/.ssh/authorized_keys file.

- wrong key format: as both servers use OpenSSH-derived code (HP-UX Secure Shell is an enhanced port of OpenSSH), you don't need "ssh-keygen -e".

MK
MK
Geoff Wild
Honored Contributor

Re: SSH Problem keeps asking password

Did you copy the contents of id_rsa.pub to the remote machine's .ssh/authorized_keys file?

Your key gen command should be:

ssh-keygen -t rsa -f id_rsa

Also, make sure .ssh is 700 and owned by that user.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Re: SSH Problem keeps asking password

Matti Kurkela wrote:

- too relaxed permissions on csux002: check the permissions of the user's home directory (drwxr-xr-x is the maximum allowed; if there are any more w's, sshd won't trust any public keys it finds), ~/.ssh directory (ditto) or ~/.ssh/authorized_keys file.

That's it. The permitions for the oracle home directory were 777. After changing it, it worked.

Thanks a lot! :)

Re: SSH Problem keeps asking password

The permitions for the oracle home directory were 777. After changing it, it worked.