HPE Community
Operating System - HP-UX
1827445 Members
5419 Online
109965 Solutions
New Discussion

ssh with password = ok but without = not ok

 
SOLVED
Go to solution
Xavier BLANC
Frequent Advisor

‎01-17-2006 02:32 AM

‎01-17-2006 02:32 AM

ssh with password = ok but without = not ok

hello,
HPUX 11.23, new to ssh
ssh -l userxx localhost
ask for password then login is ok
ssh -l userxx -o PreferredAuthentications=publickey localhost
display
Permission denied (publickey,gssapi,keyboard-interactive).
when i run the ssh command I'm root.
/home/userx directory is 775
/home/userx/.ssh directory is 700
/home/userx/.ssh/* are 600
where should I search
best regards
0 Kudos
Reply
10 REPLIES 10
Tomek Gryszkiewicz
Trusted Contributor

‎01-17-2006 02:42 AM

‎01-17-2006 02:42 AM

Solution

Re: ssh with password = ok but without = not ok

Did you generate the keys and add it to authorized_keys file?
Here is a brief description how to do it: http://www.cs.umd.edu/~arun/misc/ssh.html
Reply
David Bellamy
Respected Contributor

‎01-17-2006 02:45 AM

‎01-17-2006 02:45 AM

Re: ssh with password = ok but without = not ok

Xavier you need to generate the public key and put them on both machines.
Reply
Xavier BLANC
Frequent Advisor

‎01-17-2006 02:55 AM

‎01-17-2006 02:55 AM

Re: ssh with password = ok but without = not ok

thank
I did :
ssh-keygen -t rsa
cd .ssh
cp id_dsa.pub authorized_keys
ls in my .ssh
-rw------- 1 userx groupx 605 17 janv 16:18 authorized_keys
-rw------- 1 userx groupx 668 17 janv 16:18 id_dsa
-rw------- 1 userx groupx 605 17 janv 16:18 id_dsa.pub

Please note I'm o nthe same machine
user1 do : ssh -l userx ... localhost

in fact for the moment user1 is root
going to try from an other server but basicaly I need to do it from localhost( don't know if it change anything).

0 Kudos
Reply
Xavier BLANC
Frequent Advisor

‎01-18-2006 03:55 AM

‎01-18-2006 03:55 AM

Re: ssh with password = ok but without = not ok

Ok sorry
I had done "ssh-keygen -t dsa " and not
"ssh-keygen -t rsa " now It's done, sorry (french reading)

Let's do some stupid tests
I'm on server : myserver ( myserver is localhost)
1.logged userx : ssh -l userx myserver (no password asked) = ok
2.logged root : ssh -l userx myserver ask for password, type userx password = Ok.
2.logged root : ssh -l userx -o PreferredAuthentications=publickey myserver
I got the message : Permission denied (publickey,keyboard-interactive).

Is it some permission problem ?
Some parameters on sshd_conf ssh_conf.

Maybe I should explain I want to replace :
su userx -c Shell-script done by root,
with ssh command
another way to do this ?
hope I'm not so far !
Best regards !



0 Kudos
Reply
Xavier BLANC
Frequent Advisor

‎01-18-2006 03:59 AM

‎01-18-2006 03:59 AM

Re: ssh with password = ok but without = not ok

If it can help :
ssh -v -l userx -o PreferredAuthentications=publickey myserver
OpenSSH_3.7, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep 2003
HP-UX_Secure_Shell-A.03.71.006.%ic71N, HP_UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to myserver [192.9.250.100] port 22.
debug1: Connection established.
debug1: identity file /.ssh/id_rsa type 1
debug1: identity file /.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7
debug1: match: OpenSSH_3.7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.7
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'myserver' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎01-18-2006 05:47 AM

‎01-18-2006 05:47 AM

Re: ssh with password = ok but without = not ok

Shalom,

The most common problem here is ownerhip and permissions.

The user MUST own its home directory. Permissions on it must be 755. The user must own the .ssh directory. The file permissions must be restrictive rw r r.

swlist -l product | grep -i secure

This will get the version number you are using.

I had a Linux box with openssh that had been set up for years with password free ssh to and from it. One day it stopped. On inbound connections it required a password.

I was mystified. Then I saw that mysql user owned the root home directory. Changed it back to root. Problem solved.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Sameer_Nirmal
Honored Contributor

‎01-18-2006 06:09 AM

‎01-18-2006 06:09 AM

Re: ssh with password = ok but without = not ok

Hi,

When public key authentication is used, restrications are applied because "StrictModes" is enabled by default in "sshd_config". The restrictions are applied to user's home directory and files.

The user home directory "/home/userx" permission should be 755 instead of 775.

Refer the man page of sshd_config
Reply
Xavier BLANC
Frequent Advisor

‎01-18-2006 07:37 PM

‎01-18-2006 07:37 PM

Re: ssh with password = ok but without = not ok

Hi steven
swlist -l product | grep -i secure
Secure_Shell A.03.71.007 HP-UX Secure Shell
openssl A.00.09.07-d.011 Secure Network Communications Protocol
what sould I do with this ?
0 Kudos
Reply
Kasper Hedensted
Trusted Contributor

‎01-18-2006 08:12 PM

‎01-18-2006 08:12 PM

Re: ssh with password = ok but without = not ok

Hi Xavier,

Did you run the "ssh-keygen -t rsa" as root and append root's id_rsa.pub file to ~userx/.ssh/authorized_keys file ?

Cheers,
Kasper
Reply
Xavier BLANC
Frequent Advisor

‎01-18-2006 08:27 PM

‎01-18-2006 08:27 PM

Re: ssh with password = ok but without = not ok

Kasper !
GOOOOOOOOOOOAAAAAAAAAAAAAAAAALLLLLLLLLL !

I was stupidly appending userx.pub to root authorized_keys
Best regards
And many thanks to all take some time for me!


0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.