Problem with authorized_keys and ssh login

From: luke (ktaki@wp.pl)
Date: 02/27/03

• Next message: Stefan Fritsch: "Re: Hostbased authentication with OpenSSH 3.4p1"
• Previous message: Darren Tucker: "Re: dlink router dropping ssh ?"
• Next in thread: Richard E. Silverman: "Re: Problem with authorized_keys and ssh login"
• Reply: Richard E. Silverman: "Re: Problem with authorized_keys and ssh login"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: luke <ktaki@wp.pl>
Date: Thu, 27 Feb 2003 10:49:05 +0100

Hello all,

I'm trying to setup ssh on a machine so it will allow me to login from
another machine without entering a password. I must use protocol in version
1 `ssh-keygen -t rsa1`. When I ran `ssh-keygen -t rsa` (copy id_rsa.pub to
remote machine as authorized_keys) all were OK. I could login without
password. But what must I do with rsa1?

Here's what I've done so far:

1. Ran "ssh-keygen -t rsa1" on the client machine. I used an empty
passphrase.

2. Copied /home/user/.ssh/identity.pub to the remote machine as
    /home/user/.ssh/authorized_keys, and chmod 644 authorized_keys

3. From the cient machine I ran "ssh -v remotehost"

4. Below is what I got, along with a prompt for a password

OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to 1.1.1.3 [1.1.1.3] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type 0
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 129/256
debug1: bits set: 1608/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '1.1.1.3' is known and matches the RSA host key.
debug1: Found key in /home/lpiskorz/.ssh/known_hosts:1
debug1: bits set: 1555/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /home/user/.ssh/id_rsa
debug1: try privkey: /home/user/.ssh/id_dsa
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is password:
STOP

Below is my config file from /etc/ssh/sshd-config:

# $OpenBSD: sshd_config,v 1.48 2002/02/19 02:50:59 deraadt Exp $

# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
LogLevel VERBOSE

# Authentication:

#LoginGraceTime 600
#PermitRootLogin yes
#StrictModes no

#RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
# KerberosAuthentication automatically enabled if keyfile exists
#KerberosAuthentication yes
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# AFSTokenPassing automatically enabled if k_hasafs() is true
#AFSTokenPassing yes

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes

#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no

# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server

Can You help me. What can I do with my problem?

thanks to help

luke

• Next message: Stefan Fritsch: "Re: Hostbased authentication with OpenSSH 3.4p1"
• Previous message: Darren Tucker: "Re: dlink router dropping ssh ?"
• Next in thread: Richard E. Silverman: "Re: Problem with authorized_keys and ssh login"
• Reply: Richard E. Silverman: "Re: Problem with authorized_keys and ssh login"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages ssh - connection closed by remote host ... debug1: Authentication succeeded. ... debug1: channel 0: new ... think it is kerberos or ldap that's the problem (mostly because the ... (Fedora) connection closed by remote host ... debug1: Authentication succeeded. ... debug1: channel 0: new ... think it is kerberos or ldap that's the problem (mostly because the ... (SSH) rsa authentication working in RH 7.2 but not RH 9.0 ... I could ssh to my Linux box running RH 7.2 with rsa keys and no ... password authentication. ... debug1: Rhosts Authentication disabled, ... # Kerberos TGT Passing only works with the AFS kaserver ... (comp.security.ssh) problem with sshd and authorized_keys ... I checked the version protocol and I try the verbose mode in my ssh client. ... debug1: Rhosts Authentication disabled, ... # Kerberos TGT Passing does only work with the AFS kaserver ... (comp.security.ssh) I got problems with sshd - openssh_4.0 ... When I built the latest openssh and openssl and started sshd, ... debug1: Reading configuration data /etc/ssh/ssh_config ... debug1: Next authentication method: keyboard-interactive ... # Kerberos TGT Passing only works with the AFS kaserver ... (comp.security.ssh)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint