Re: sshd: server refused our key

Mark Zurl · ‎04-08-2005

Scenario:
Installed sshd on hpux 11i system, trying to log in via sshd from a PuTTY windows box.

Everything works OK, except sshd on the hpux machine will not go beyond asking for a password. At the login prompt that appears on the putty box, all I get is a "server refused our key", then sshd on the hpux system asks for a password. I enter the password, and sshd lets me in.

I copied the public key over to ~/.ssh/authorized_keys as required.

Any ideas?
Z

Tech Tip #167: Coffee and donuts make a meal.

RAC_1 · ‎04-08-2005

Post /usr/sbin/sshd -ddd from hpux. (stop exisiting sshd)Try connecting now and post.

There is no substitute to HARDWORK

Mark Zurl · ‎04-08-2005

OK, stopped sshd, then restarted at the command line:

Output on hpux was as follows:
# /opt/ssh/sbin/sshd -ddd
debug3: RNG is ready, skipping seeding
debug2: load_server_config: filename /opt/ssh/etc/sshd_config
debug2: load_server_config: done config len = 242
debug2: parse_server_config: config /opt/ssh/etc/sshd_config len 242
debug1: sshd version OpenSSH_3.9 [ HP-UX Secure Shell-A.03.91.002 ]
debug3: Not a RSA1 key file /opt/ssh/etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /opt/ssh/etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/opt/ssh/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 242
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8

On the windows box, I get:
Using username "testuser"
Server refused our key
password:

The PassPhrase was never requested .. I enter the password, log in, and that's it.

Z

Tech Tip #167: Coffee and donuts make a meal.

Wilfred Chau_1 · ‎04-08-2005

putty uses openssh.
Do you also have openssh on the hpux box?

is the exported key from putty in openssh or commerical ssh format?

Mark Zurl · ‎04-08-2005

The version of sshd running on hpux is in log posted in the previous reply. It is HP-UX Secure Shell-A.03.91.002.

Keys generated on the windows putty box were SSH2 RSA.

I figure the solution to this problem must reside somewhere in sshd_config? What forces sshd to request the passphrase instead of just a password??

Z

Tech Tip #167: Coffee and donuts make a meal.

Robert Bennett_3 · ‎04-08-2005

This is how I set up trusts for ssh.

Edit the /opt/ssh/etc/ssh_config file, change the following keyword to the example.
Protocol 2,1

Edit the /opt/ssh/etc/sshd_config file, change the following keywords or uncomment the keywords as listed below.

Protocol 2,1
HostKey /opt/ssh/etc/ssh_host_key
HostKey /opt/ssh/etc/ssh_host_rsa_key
HostKey /opt/ssh/etc/ssh_host_dsa_key
PermitRootLogin yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
RhostsAuthentication no
IgnoreRhosts yes
PermitEmptyPasswords no
X11Forwarding no

Establish the root trust from master server to the root account on your server.
cd /roots/.ssh
scp master_server:/roots/.ssh/id.rsa.pub ./id.rsa.pub.master_server
Cat id.rsa.pub.master_server >> authorized_keys

Test the trusted login ability of root on master server
root@master_server# ssh dnuxXXX
if the login was successful without a password the configuration is complete.

Hope this helps

B

"All there is to thinking is seeing something noticeable which makes you see something you weren't noticing which makes you see something that isn't even visible." - Norman Maclean

Mark Zurl · ‎04-08-2005

Everyone:

This has been my first post on the ITRC forums. Many thanks to all who have responded!!

I have applied the suggestions that have been offered so far with no luck; however, I do appreciate the online assistance. I'm now leaning towards the problem being with the keys generated by "putty", but nonetheless feel that sshd should not have let me log in without supplying a passphrase.

Once again, thanks everyone and I'm glad I've joined the forum!
Z

Tech Tip #167: Coffee and donuts make a meal.

RAC_1 · ‎04-08-2005

When you set the key, in authorized_keys file), did you do cut and paste?? Do not do that. Generate the new keys and do a cat to put the key in authorized_keys file.

There is no substitute to HARDWORK

Mark Zurl · ‎04-08-2005

I generated the keys on my windows box (using putty), and then ftp'd the public key over to my hpux machine, and put it in as ~/.ssh/public

Then I copied ~/.ssh/public to ~/.ssh/authorized_keys, and checked all the permissions and ownership. I tried various permissions, like 744, 644, 700, 600, etc.

I appologize for any dumb errors here on my behalf, as I am implementing sshd for the first time.

Thanks,
Z

Tech Tip #167: Coffee and donuts make a meal.

RAC_1 · ‎04-08-2005

How did you generate the keys?? Commands please.

Anil

There is no substitute to HARDWORK

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: sshd: server refused our key

sshd: server refused our key