HPE Community
Operating System - HP-UX
1839932 Members
3126 Online
110157 Solutions
New Discussion

SSH trusting not working

 
SOLVED
Go to solution
Matt Hearn
Regular Advisor

‎10-06-2004 06:08 AM

‎10-06-2004 06:08 AM

SSH trusting not working

So I'm trying to set up ssh trusting for one of our customers. We're using the HP release, A.3.71. The part that's tricky is that the customer wants to scp from one account on a box to another account ON THE SAME BOX. (The reasons for this are not worth explaining.)

Anyway, I have created both DSA and RSA keypairs for both accounts and added them to BOTH authorized_keys and authorized_keys2 (since nobody around here seems to know which file v3.71 actually uses) on the destination account. Still no dice. Here's what an ssh -v gives me:

-----------------------------------
debug1: Found key in /u/Informatica7/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /u/Informatica7/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering public key: /u/Informatica7/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password:
----------------------------------------

Why on earth is it prompting me for a password? Why didn't it just accept the rsa and dsa keys? Argh.

Note that the server root account trusts the root account on our admin server, and I can get in with no problems.

I've looked at permissions; some of them looked a little hazy (the .ssh directory for both accounts was 700, I changed it to 755). I've changed everything I can think of! Am I missing something painfully obvious here? I know it's possible to set up trust for an account from a server to itself, so I can't see what's going wrong.

Thanks!!!
0 Kudos
Reply
4 REPLIES 4
Sridhar Bhaskarla
Honored Contributor

‎10-06-2004 06:12 AM

‎10-06-2004 06:12 AM

Solution

Re: SSH trusting not working

Hi,

You will get more information if you run sshd in debug mode. Do the following.

#sshd -d -p 1212 (some orbitrary port)

Take another session and do ssh

$ssh otheruser@thishost -p 1212

Look at the output sshd gives.

I believe it's most likely due to permissions on the destination account. Make sure the permissions are not wide open on the home directory as well .ssh directory in side.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
Steven E. Protter
Exalted Contributor

‎10-06-2004 06:17 AM

‎10-06-2004 06:17 AM

Re: SSH trusting not working

I've never heard of doing it on the same box. Don't see why not though, though this could be an issue.

Run through this doc, ignoring the x-windows part and doing the setup again with cat ...

Wait!

Changing users?

Well. Never tried anyway. The doc I'm attaching allows the same user on multiple machines to do it.

root can always do what it wants.

I would check directory permission on the two users home directories.

See Doc, it might help you catch something. Word format.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Gary L. Paveza, Jr.
Trusted Contributor

‎10-06-2004 06:18 AM

‎10-06-2004 06:18 AM

Re: SSH trusting not working

.ssh should be 700, not 755. I have noticed that A.3.71 is a bit buggy. I had a bunch of problems with it that went away with A.3.81.
0 Kudos
Reply
Matt Hearn
Regular Advisor

‎10-06-2004 06:38 AM

‎10-06-2004 06:38 AM

Re: SSH trusting not working

THe destination user's home directory was chmod 775 instead of chmod 755!

Setting up a temporary sshd daemon on port 12121 so I could read the output showed me the exact problem. Thanks, y'all!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.