HPE Community
Operating System - HP-UX
1830939 Members
1921 Online
110017 Solutions
New Discussion

SSH Problem keeps asking password

 
SOLVED
Go to solution
Luiz Christofoletti
Advisor

‎08-17-2007 03:25 AM

‎08-17-2007 03:25 AM

SSH Problem keeps asking password

I have two HP-UX servres (csux002 and csux011), that have host equivalences between them through ssh. Nevertheless i can't login without password with an user (oracle) from one host (csux011) to the other (csux002) even though i can login in the opposite direction and with other users (root, luiz, etc).

Attached is the output from the following command:

$ ssh -vvv csux002

The versions are:

csux011 (HP-UX 11.00)
HP-UX port of OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f

csux002 (HP-UX 11.00)
HP-UX Secure Shell-A.04.30.014, HP-UX Secure Shell version

I already reconfigured a few times, tried to configure with 1024 and 2048 bits keys. I also tried to use the key generated with the command below:

$ ssh-keygen -e -f id_rsa.pub > id_rsa_new.pub

Thanks in advance.
0 Kudos
6 REPLIES 6
John Payne_2
Honored Contributor

‎08-17-2007 03:30 AM

‎08-17-2007 03:30 AM

Re: SSH Problem keeps asking password

Luiz,

It's complaining about however you have your public/private key set up:

debug1: try pubkey: /home/oracle/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: try privkey: /home/oracle/.ssh/id_dsa
debug3: no such identity: /home/oracle/.ssh/id_dsa
debug2: we did not send a packet, disable method

It can't match the 2 up. Are you sure you set them up correctly?

John
Spoon!!!!
0 Kudos
Berd
Trusted Contributor

‎08-17-2007 03:42 AM

‎08-17-2007 03:42 AM

Re: SSH Problem keeps asking password

Luiz,

Please take a look at the attached link,

https://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1125086

I do recall that SSH is very picky about directory and file permissions. So these maybe worth checking.

Regards,
Berd
0 Kudos
Matti_Kurkela
Honored Contributor

‎08-17-2007 03:51 AM

‎08-17-2007 03:51 AM

Solution

Re: SSH Problem keeps asking password

Note that the id_rsa key is sent, but the server won't acknowledge it. There should be a line saying something like "server accepts key" after the "debug2: we sent a publickey packet, wait for reply" line.

You might want to get the server-side debug logs to find out what causes the server to reject the key. If there is no firewall between the two computers, you could do this:
- on csux002:
execute /opt/ssh/sbin/sshd -p 2222 -ddd

- on csux011:
execute ssh -vvv -p 2222 csux002
using the user account that has the keys set up.

The sshd-side debug output on csux002 should reveal why the key is being ignored.

Some common causes are:
- too relaxed permissions on csux002: check the permissions of the user's home directory (drwxr-xr-x is the maximum allowed; if there are any more w's, sshd won't trust any public keys it finds), ~/.ssh directory (ditto) or ~/.ssh/authorized_keys file.

- wrong key format: as both servers use OpenSSH-derived code (HP-UX Secure Shell is an enhanced port of OpenSSH), you don't need "ssh-keygen -e".

MK
MK
0 Kudos
Geoff Wild
Honored Contributor

‎08-17-2007 04:11 AM

‎08-17-2007 04:11 AM

Re: SSH Problem keeps asking password

Did you copy the contents of id_rsa.pub to the remote machine's .ssh/authorized_keys file?

Your key gen command should be:

ssh-keygen -t rsa -f id_rsa

Also, make sure .ssh is 700 and owned by that user.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Luiz Christofoletti
Advisor

‎08-17-2007 04:34 AM

‎08-17-2007 04:34 AM

Re: SSH Problem keeps asking password

Matti Kurkela wrote:

- too relaxed permissions on csux002: check the permissions of the user's home directory (drwxr-xr-x is the maximum allowed; if there are any more w's, sshd won't trust any public keys it finds), ~/.ssh directory (ditto) or ~/.ssh/authorized_keys file.

That's it. The permitions for the oracle home directory were 777. After changing it, it worked.

Thanks a lot! :)

0 Kudos
Luiz Christofoletti
Advisor

‎08-17-2007 05:52 AM

‎08-17-2007 05:52 AM

Re: SSH Problem keeps asking password

The permitions for the oracle home directory were 777. After changing it, it worked.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.