1748284 Members
3515 Online
108761 Solutions
New Discussion юеВ

ssh ask for password

 
SOLVED
Go to solution
MikeL_4
Super Advisor

ssh ask for password

I have created a ssh key on two servers that need to ssh to each other to run commands..

I used ssh-keygen -t dsa on each server, then created the authorized_keys file with the files: id_dsa.pub that were generated on each server...

However when I ssh to the server via the login id for this user it still asks for a password...

This is that same process I used for the root user and it works fine...

I did an ssh infort1@cvoicch1, and the last few lines of the debug info are:

debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195

debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195

debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195

debug2: we did not send a packet, disable method
debug1: Next authentication method: publickey
debug1: Trying private key: /osg1/home/infort1/.ssh/identity
debug1: Trying private key: /osg1/home/infort1/.ssh/id_rsa
debug1: Offering public key: /osg1/home/infort1/.ssh/id_dsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
infort1@cvoicch1's password:

Any assistance would be appreciated...
3 REPLIES 3
Steven Schweda
Honored Contributor

Re: ssh ask for password

> I have created a ssh key on two servers
> that need to ssh to each other to run
> commands..

Servers don't run commands, users do. Any
reason not to have one set of keys for this
user to be used on both systems? (One reason
might be that someone else owns one of them,
and you don't want your private key data to
fall into foreign hands.)

These are both GNU+Linux systems of some
kind, running some version on OpenSSH?

> I used ssh-keygen -t dsa on each server,
> then created the authorized_keys file with
> the files: id_dsa.pub that were generated
> on each server...

The key data generated on which server went
into the authorized_keys file on which
server?

> debug1: Next authentication method: publickey

Ok.

> debug1: Trying private key: /osg1/home/infort1/.ssh/identity

Does that file exist? (Contents?)

debug1: Trying private key: /osg1/home/infort1/.ssh/id_rsa

Does that file exist? (Contents?)

debug1: Offering public key: /osg1/home/infort1/.ssh/id_dsa

Shouldn't that be a _private_ key?

> debug1: Next authentication method: password

The server didn't approve of any of your
public key data.

A Forum search (including HP-UX) might find
a large number of similar threads, many of
which involved solutions to similar problems.
Ivan Ferreira
Honored Contributor
Solution

Re: ssh ask for password

A good reason for a problem like this is also the permissions on the home and the .ssh directories, and the id* files.

Ensure that these files and directories does not have write permissions for group or others.

Check also StrictModes.

http://blog.codefront.net/2007/02/28/debugging-ssh-public-key-authentication-problems/
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
MikeL_4
Super Advisor

Re: ssh ask for password

Thanks, found problem on the home directory permissions... Corrected that issue and ssh worked without prompting for password.