Hi Admins, Thanks for all of the answers from: Pavic, Aleksander Romande Carter Darren Dunham Steven Hawood Harvey Wamboldt Ed Rolison Scott Croft Special thanks goes to Scott Craft and Steven Hawood. Scott wrote: The first thing I would do is verify that your root user has the proper group. Looks like it is other instead of root. I would also use ssh-keygen -t rsa and don't worry about rsa1 vs. rsa., then copy the id_rsa to identity and the id_rsa.pub to identity.pub. Try that. Scott And Steven wrote: Hi Your problem is that your ssh client is reading your public identity file when it should be reading the private one. Look in your ssh_config file for the IdentityFile directives and make sure they reference private keyfiles, not public ones. Cheers S A combination of these two things worked and got the ball rolling for root. Now I am experincing a problem when someone other than root tries to ssh to a server. The user is never asked for the passphrase, instead the user is prompted for his password. Below is the -vvv output from the user (which fails) and root. >From the user: debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: next auth method to try is publickey debug1: try pubkey: /home/user/.ssh/identity debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: try privkey: /home/user/.ssh/id_dsa debug3: no such identity: /home/user/.ssh/id_dsa debug1: try privkey: /home/user/.ssh/id_rsa debug3: no such identity: /home/user/.ssh/id_rsa debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: next auth method to try is keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug1: authentications that can continue: publickey,password,keyboard-interactive debug3: userauth_kbdint: disable: no info_req_seen debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: debug3: authmethod_is_enabled password debug1: next auth method to try is password user@serveri's password: >From root: debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: next auth method to try is publickey debug1: try pubkey: /.ssh/identity debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 11ab20 hint 0 debug2: input_userauth_pk_ok: fp 3c:64:7c:33:0b:07:e7:5c:42:21:16:ef:a3:d7:bc:c9 debug3: sign_and_send_pubkey debug1: read PEM private key done: type RSA debug1: ssh-userauth2 successful: method publickey debug3: clear hostkey 0 debug3: clear hostkey 1 debug3: clear hostkey 2 debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug1: send channel open 0 debug1: Entering interactive session. debug2: callback start debug1: ssh_session2_setup: id 0 debug3: tty_make_modes: ospeed 9600 debug3: tty_make_modes: ispeed 0 debug3: tty_make_modes: 1 3 debug3: tty_make_modes: 2 28 debug3: tty_make_modes: 3 127 debug3: tty_make_modes: 4 21 debug3: tty_make_modes: 5 4 debug3: tty_make_modes: 6 0 debug3: tty_make_modes: 7 0 debug3: tty_make_modes: 8 17 debug3: tty_make_modes: 9 19 debug3: tty_make_modes: 10 26 debug3: tty_make_modes: 11 25 debug3: tty_make_modes: 12 18 debug3: tty_make_modes: 13 23 debug3: tty_make_modes: 14 22 debug3: tty_make_modes: 16 0 debug3: tty_make_modes: 18 15 debug3: tty_make_modes: 30 0 debug3: tty_make_modes: 31 0 debug3: tty_make_modes: 32 0 debug3: tty_make_modes: 33 0 debug3: tty_make_modes: 34 0 debug3: tty_make_modes: 35 0 debug3: tty_make_modes: 36 1 debug3: tty_make_modes: 37 0 debug3: tty_make_modes: 38 1 debug3: tty_make_modes: 39 0 debug3: tty_make_modes: 40 0 debug3: tty_make_modes: 41 1 debug3: tty_make_modes: 50 1 debug3: tty_make_modes: 51 1 debug3: tty_make_modes: 52 0 debug3: tty_make_modes: 53 1 debug3: tty_make_modes: 54 1 debug3: tty_make_modes: 55 1 debug3: tty_make_modes: 56 0 debug3: tty_make_modes: 57 0 debug3: tty_make_modes: 58 0 debug3: tty_make_modes: 59 1 debug3: tty_make_modes: 60 1 debug3: tty_make_modes: 61 1 debug3: tty_make_modes: 62 0 debug3: tty_make_modes: 70 1 debug3: tty_make_modes: 71 0 debug3: tty_make_modes: 72 1 debug3: tty_make_modes: 73 0 debug3: tty_make_modes: 74 0 debug3: tty_make_modes: 75 0 debug3: tty_make_modes: 90 1 debug3: tty_make_modes: 91 1 debug3: tty_make_modes: 92 0 debug3: tty_make_modes: 93 0 debug1: channel request 0: shell debug2: callback done debug1: channel 0: open confirm rwindow 0 rmax 16384 debug2: channel 0: rcvd adjust 32768 Thanks and I will summarize. -Joe Below is my original post: Hi Admins, We are using OpenSSH version 3.0.1.p1 and are trying to allow authentication via Public-key authentication but can't seem to get it to work. I generated the key pair by doing: # ssh-keygen -t rsa1 which created the files ~/.ssh/identity and ~/.ssh/identity.pub I then copied identity.pub to ~/.ssh/authorized_keys and change the permissions to 600 on these three new files. I did this as root on one server and then copied the new files to ~/.ssh on a second server. When I ssh from server one to server two I am prompted for a pass phrase but receive the error message that /.ssh/identity.pub is not a RSA1 key file, although I created the key as a RSA1 key using the -t rsa1 option with ssh-keygen. I then receive the error message bad passphrase given, try again... After three tries, I am prompted for the password and am granted access. Below is part of the output from ssh -vvv server2: I will summarize. Thanks in advance!! -Joe SBC Yahoo! DSL - Now only $29.95 per month! _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Fri Jun 27 06:47:37 2003
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:15 EST