SUMMARY: SSH Problem --WITH NEW PROBLEM--

From: UnixAdmin <sunixadm_at_yahoo.com>
Date: Fri Jun 27 2003 - 06:44:21 EDT
Hi Admins,
 
Thanks for all of the answers from:
Pavic, Aleksander
Romande Carter
Darren Dunham
Steven Hawood
Harvey Wamboldt
Ed Rolison
Scott Croft   
 
Special thanks goes to Scott Craft and Steven Hawood.
Scott wrote:
The first thing I would do is verify that your root user has the proper
group. Looks like it is other instead of root.

I would also use ssh-keygen -t rsa and don't worry about rsa1 vs. rsa.,
then copy the id_rsa to identity and the id_rsa.pub to identity.pub.

Try that.

Scott
 
And Steven wrote:
Hi
Your problem is that your ssh client is reading your public identity 
file when it should be reading the private one.
Look in your ssh_config file for the IdentityFile directives and make 
sure they reference private keyfiles, not public ones.

Cheers
S

A combination of these two things worked and got the ball rolling for root.  Now I am experincing a problem when someone other than root tries to ssh to a server.  The user is never asked for the passphrase, instead the user is prompted for his password.  Below is the -vvv output from the user (which fails) and root.
 
>From the user:

debug3: start over, passed a different list publickey,password,keyboard-interactive

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: next auth method to try is publickey

debug1: try pubkey: /home/user/.ssh/identity

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: authentications that can continue: publickey,password,keyboard-interactive

debug1: try privkey: /home/user/.ssh/id_dsa

debug3: no such identity: /home/user/.ssh/id_dsa

debug1: try privkey: /home/user/.ssh/id_rsa

debug3: no such identity: /home/user/.ssh/id_rsa

debug2: we did not send a packet, disable method

debug3: authmethod_lookup keyboard-interactive

debug3: remaining preferred: password

debug3: authmethod_is_enabled keyboard-interactive

debug1: next auth method to try is keyboard-interactive

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug1: authentications that can continue: publickey,password,keyboard-interactive

debug3: userauth_kbdint: disable: no info_req_seen

debug2: we did not send a packet, disable method

debug3: authmethod_lookup password

debug3: remaining preferred: 

debug3: authmethod_is_enabled password

debug1: next auth method to try is password

user@serveri's password: 

>From root:

debug3: start over, passed a different list publickey,password,keyboard-interactive

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: next auth method to try is publickey

debug1: try pubkey: /.ssh/identity

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 11ab20 hint 0

debug2: input_userauth_pk_ok: fp 3c:64:7c:33:0b:07:e7:5c:42:21:16:ef:a3:d7:bc:c9

debug3: sign_and_send_pubkey

debug1: read PEM private key done: type RSA

debug1: ssh-userauth2 successful: method publickey

debug3: clear hostkey 0

debug3: clear hostkey 1

debug3: clear hostkey 2

debug1: channel 0: new [client-session]

debug3: ssh_session2_open: channel_new: 0

debug1: send channel open 0

debug1: Entering interactive session.

debug2: callback start

debug1: ssh_session2_setup: id 0

debug3: tty_make_modes: ospeed 9600

debug3: tty_make_modes: ispeed 0

debug3: tty_make_modes: 1 3

debug3: tty_make_modes: 2 28

debug3: tty_make_modes: 3 127

debug3: tty_make_modes: 4 21

debug3: tty_make_modes: 5 4

debug3: tty_make_modes: 6 0

debug3: tty_make_modes: 7 0

debug3: tty_make_modes: 8 17

debug3: tty_make_modes: 9 19

debug3: tty_make_modes: 10 26

debug3: tty_make_modes: 11 25

debug3: tty_make_modes: 12 18

debug3: tty_make_modes: 13 23

debug3: tty_make_modes: 14 22

debug3: tty_make_modes: 16 0

debug3: tty_make_modes: 18 15

debug3: tty_make_modes: 30 0

debug3: tty_make_modes: 31 0

debug3: tty_make_modes: 32 0

debug3: tty_make_modes: 33 0

debug3: tty_make_modes: 34 0

debug3: tty_make_modes: 35 0

debug3: tty_make_modes: 36 1

debug3: tty_make_modes: 37 0

debug3: tty_make_modes: 38 1

debug3: tty_make_modes: 39 0

debug3: tty_make_modes: 40 0

debug3: tty_make_modes: 41 1

debug3: tty_make_modes: 50 1

debug3: tty_make_modes: 51 1

debug3: tty_make_modes: 52 0

debug3: tty_make_modes: 53 1

debug3: tty_make_modes: 54 1

debug3: tty_make_modes: 55 1

debug3: tty_make_modes: 56 0

debug3: tty_make_modes: 57 0

debug3: tty_make_modes: 58 0

debug3: tty_make_modes: 59 1

debug3: tty_make_modes: 60 1

debug3: tty_make_modes: 61 1

debug3: tty_make_modes: 62 0

debug3: tty_make_modes: 70 1

debug3: tty_make_modes: 71 0

debug3: tty_make_modes: 72 1

debug3: tty_make_modes: 73 0

debug3: tty_make_modes: 74 0

debug3: tty_make_modes: 75 0

debug3: tty_make_modes: 90 1

debug3: tty_make_modes: 91 1

debug3: tty_make_modes: 92 0

debug3: tty_make_modes: 93 0

debug1: channel request 0: shell

debug2: callback done

debug1: channel 0: open confirm rwindow 0 rmax 16384

debug2: channel 0: rcvd adjust 32768

 

Thanks and I will summarize.

-Joe

Below is my original post:

Hi Admins,
 
We are using OpenSSH version 3.0.1.p1 and are trying to allow 
authentication via Public-key authentication but can't seem to get it to work.
 
I generated the key pair by doing:
# ssh-keygen -t rsa1
which created the files ~/.ssh/identity and ~/.ssh/identity.pub
 
I then copied identity.pub to ~/.ssh/authorized_keys
and change the permissions to 600 on these three new files.
 
I did this as root on one server and then copied the new files to 
~/.ssh on a second server.
 
When I ssh from server one to server two I am prompted for a pass 
phrase but receive the error message that /.ssh/identity.pub is not a RSA1 
key file, although I created the key as a RSA1 key using the -t rsa1 
option with ssh-keygen.
 
I then receive the error message bad passphrase given, try again...
 
After three tries, I am prompted for the password and am granted 
access.
 
Below is part of the output from ssh -vvv server2:
 
I will summarize.
 
Thanks in advance!!
 
-Joe
SBC Yahoo! DSL - Now only $29.95 per month!
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Fri Jun 27 06:47:37 2003

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:15 EST