is id_rsa.pub in .ssh/authorized_keys2 ? On Mon, Oct 08, 2001 at 09:28:46AM -0700, jamie wrote: > Hey gang i spent all day working on this and still a no go. I searched > and read all the stuff in the newsgroup. Also i checked redhats site and > openssh.org. > > Heres the deal. i got 2 RH7.1 boxes. Both with the stock ssh install. > I need to set up some sort of passwordless login so i can use rsync > through ssh. I have made rsa keys and dsa keys with no luck. I messed > with the config files and managed to lock myself out of the box once > but now thats fixed. Maybe someone can spot what i am doing wrong. > Heres the details. > > [root@listserv .ssh]# ssh -v -v -v 172.16.96.51 > OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL 0x0090581f > debug1: Seeding random number generator > debug1: Rhosts Authentication disabled, originating port will not be > trusted. > debug1: ssh_connect: getuid 0 geteuid 0 anon 1 > debug1: Connecting to 172.16.96.51 [172.16.96.51] port 22. > debug1: Connection established. > debug1: identity file /root/.ssh/identity type 0 > debug3: Bad RSA1 key file /root/.ssh/id_rsa. > debug2: key_type_from_name: unknown key type '-----BEGIN' > debug3: key_read: no key found > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug2: key_type_from_name: unknown key type '-----END' > debug3: key_read: no key found > debug1: identity file /root/.ssh/id_rsa type 1 > debug3: Bad RSA1 key file /root/.ssh/id_dsa. > debug2: key_type_from_name: unknown key type '-----BEGIN' > debug3: key_read: no key found > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug2: key_type_from_name: unknown key type '-----END' > debug3: key_read: no key found > debug1: identity file /root/.ssh/id_dsa type 2 > debug1: Remote protocol version 1.99, remote software version > OpenSSH_2.5.2p2 > debug1: match: OpenSSH_2.5.2p2 pat ^OpenSSH > Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_2.5.2p2 > debug1: send KEXINIT > debug1: done > debug1: wait KEXINIT > debug1: got kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group1-a1 > debug1: got kexinit: ssh-rsa,ssh-dss > debug1: got kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes1-cbc,aes256-cbc,rij > ndael128-cbc,rijndael192-cbc,rijndael256-cbc,[EMAIL PROTECTED] > debug1: got kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes1-cbc,aes256-cbc,rij > ndael128-cbc,rijndael192-cbc,rijndael256-cbc,[EMAIL PROTECTED] > debug1: got kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac > -md5-96 > debug1: got kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac > -md5-96 > debug1: got kexinit: none,zlib > debug1: got kexinit: none,zlib > debug1: got kexinit: > debug1: got kexinit: > debug1: first kex follow: 0 > debug1: reserved: 0 > debug1: done > debug2: mac_init: found hmac-md5 > debug1: kex: server->client aes128-cbc hmac-md5 none > debug2: mac_init: found hmac-md5 > debug1: kex: client->server aes128-cbc hmac-md5 none > debug1: Sending SSH2_MSG_KEX_DH_GEX_REQUEST. > debug1: Wait SSH2_MSG_KEX_DH_GEX_GROUP. > debug1: Got SSH2_MSG_KEX_DH_GEX_GROUP. > debug1: dh_gen_key: priv key bits set: 120/256 > debug1: bits set: 994/2049 > debug1: Sending SSH2_MSG_KEX_DH_GEX_INIT. > debug1: Wait SSH2_MSG_KEX_DH_GEX_REPLY. > debug1: Got SSH2_MSG_KEXDH_REPLY. > debug1: Host '172.16.96.51' is known and matches the RSA host key. > debug1: Found key in /root/.ssh/known_hosts2:1 > debug1: bits set: 1034/2049 > debug1: ssh_rsa_verify: signature correct > debug1: Wait SSH2_MSG_NEWKEYS. > debug1: GOT SSH2_MSG_NEWKEYS. > debug1: send SSH2_MSG_NEWKEYS. > debug1: done: send SSH2_MSG_NEWKEYS. > debug1: done: KEX2. > debug1: send SSH2_MSG_SERVICE_REQUEST > debug1: service_accept: ssh-userauth > debug1: got SSH2_MSG_SERVICE_ACCEPT > debug1: authentications that can continue: publickey,password > debug3: start over, passed a different list publickey,password > debug3: preferred publickey,password,keyboard-interactive > debug3: authmethod_lookup publickey > debug3: remaining preferred: password,keyboard-interactive > debug3: authmethod_is_enabled publickey > debug1: next auth method to try is publickey > debug1: try pubkey: /root/.ssh/id_rsa > debug3: send_pubkey_test > debug2: we sent a publickey packet, wait for reply > debug1: authentications that can continue: publickey,password > debug1: try pubkey: /root/.ssh/id_dsa > debug3: send_pubkey_test > debug2: we sent a publickey packet, wait for reply > debug1: authentications that can continue: publickey,password > debug2: we did not send a packet, disable method > debug3: authmethod_lookup password > debug3: remaining preferred: keyboard-interactive > debug3: authmethod_is_enabled password > debug1: next auth method to try is password > [EMAIL PROTECTED]'s password: > > It looks as if it likes the key but is still asking me for a password. > Here are some of my config files. > > /etc/ssh/ssh_config > > # $OpenBSD: ssh_config,v 1.9 2001/03/10 12:53:51 deraadt Exp $ > > > # Site-wide defaults for various options > > # Host * > # ForwardAgent no > # ForwardX11 no > # RhostsAuthentication no > # RhostsRSAAuthentication yes > # RSAAuthentication yes > # PasswordAuthentication yes > # FallBackToRsh no > # UseRsh no > # BatchMode yes > # CheckHostIP yes > # StrictHostKeyChecking yes > # IdentityFile ~/.ssh/identity > # IdentityFile ~/.ssh/id_dsa > # IdentityFile ~/.ssh/id_rsa1 > # IdentityFile ~/.ssh/id_rsa2 > # Port 22 > # Protocol 2,1 > # Cipher blowfish > # EscapeChar ~ > Host * > ForwardX11 yes > Protocol 2,1 > > > > /etc/ssh/sshd_config > > # $OpenBSD: sshd_config,v 1.34 2001/02/24 10:37:26 deraadt Exp $ > > # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin > > # This is the sshd server system-wide configuration file. See sshd(8) > # for more information. > > Port 22 > Protocol 2,1 > #ListenAddress 0.0.0.0 > #ListenAddress :: > HostKey /etc/ssh/ssh_host_key > HostKey /etc/ssh/ssh_host_rsa_key > HostKey /etc/ssh/ssh_host_dsa_key > ServerKeyBits 768 > LoginGraceTime 600 > KeyRegenerationInterval 3600 > PermitRootLogin yes > # > # Don't read ~/.rhosts and ~/.shosts files > IgnoreRhosts yes > # Uncomment if you don't trust ~/.ssh/known_hosts for > RhostsRSAAuthenticat$ > #IgnoreUserKnownHosts yes > StrictModes yes > X11Forwarding yes > X11DisplayOffset 10 > PrintMotd yes > KeepAlive yes > > # Logging > SyslogFacility AUTHPRIV > LogLevel INFO > #obsoletes QuietMode and FascistLogging > > RhostsAuthentication no > # > # For this to work you will also need host keys in > /etc/ssh/ssh_known_hosts > RhostsRSAAuthentication no > # > RSAAuthentication yes > > # To disable tunneled clear text passwords, change to no here! > PasswordAuthentication yes > PermitEmptyPasswords yes > > # Comment to enable s/key passwords or PAM interactive authentication > # NB. Neither of these are compiled in by default. Please read the > # notes in the sshd(8) manpage before enabling this on a PAM system. > ChallengeResponseAuthentication no > > # To change Kerberos options > #KerberosAuthentication no > #KerberosOrLocalPasswd yes > #AFSTokenPassing no > #KerberosTicketCleanup no > #AFSTokenPassing no > #KerberosTicketCleanup no > > # Kerberos TGT Passing does only work with the AFS kaserver > #KerberosTgtPassing yes > > #CheckMail yes > #UseLogin no > > #MaxStartups 10:30:60 > #Banner /etc/issue.net > #ReverseMappingCheck yes > > Subsystem sftp /usr/libexec/openssh/sftp-server > > And last but not least my /etc/pam.d/sshd > > > #%PAM-1.0 > auth required /lib/security/pam_stack.so service=system-auth > auth required /lib/security/pam_nologin.so > account required /lib/security/pam_stack.so service=system-auth > password required /lib/security/pam_stack.so service=system-auth > session required /lib/security/pam_stack.so service=system-auth > session optional /lib/security/pam_console.so > > If you can spot what i am doing wrong please let me know! > > Thanks > jamie > -- > Jamie McParland > Computer nerd by day... Stunt man by night! > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] >
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
