heya, are you sure your sshd_config is configured to allow PubkeyAuthentication? sean On Sat, Feb 08, 2003 at 12:03:22AM +0000, Pigeon wrote: > Hi, > > I'm trying to set up ssh to enable passwordless logins from > 192.168.1.1 to 192.168.1.2. I have used ssh-keygen to generate key > pairs for root on 192.168.1.1 and copied the .pub files into > /root/.ssh/authorized_keys. According to man ssh, as I understand it, > this should be enough to get passwordless login working. But it > doesn't - I still get asked for a password. > > I have generated keys in all 3 formats - v1 RSA, v2 RSA and v2 DSA - > as the default /root/.ssh/identity, id_rsa and id_dsa. > None of them work. > > The 'debugging' output from ssh says nothing useful about .ssh/identity, > but appears to claim that the id_rsa and id_dsa files are invalid! I > don't see how they can be unless either ssh or ssh_keygen are up the > spout, and I haven't heard anyone else complaining. > > Any ideas what's going on? > > Pigeon > > ssh is OpenSSH_3.4p1 Debian 1:3.4p1-1 > ssh-keygen doesn't want to give a version number but it's the woody > version, file size 84616 date Jun 28 2002. > > The id_rsa file it moans about looks like > -----BEGIN RSA PRIVATE KEY----- > (12 lines of random-seeming characters) > -----END RSA PRIVATE KEY----- > > The 'debugging' (-vvv) output from ssh follows: > > OpenSSH_3.4p1 Debian 1:3.4p1-1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Rhosts Authentication disabled, originating port will not be trusted. > debug1: ssh_connect: needpriv 0 > debug1: Connecting to 192.168.1.2 [192.168.1.2] port 22. > debug1: Connection established. > debug1: identity file /root/.ssh/identity type 0 > debug3: Not a RSA1 key file /root/.ssh/id_rsa. > debug2: key_type_from_name: unknown key type '-----BEGIN' > debug3: key_read: no key found > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug2: key_type_from_name: unknown key type '-----END' > debug3: key_read: no key found > debug1: identity file /root/.ssh/id_rsa type 1 > debug3: Not a RSA1 key file /root/.ssh/id_dsa. > debug2: key_type_from_name: unknown key type '-----BEGIN' > debug3: key_read: no key found > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug2: key_type_from_name: unknown key type '-----END' > debug3: key_read: no key found > debug1: identity file /root/.ssh/id_dsa type 2 > debug1: Remote protocol version 2.0, remote software version OpenSSH_3.4p1 Debian 1:3.4p1-1 > debug1: match: OpenSSH_3.4p1 Debian 1:3.4p1-1 pat OpenSSH* > Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none > debug2: kex_parse_kexinit: none > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_init: found hmac-md5 > debug1: kex: server->client aes128-cbc hmac-md5 none > debug2: mac_init: found hmac-md5 > debug1: kex: client->server aes128-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug1: dh_gen_key: priv key bits set: 117/256 > debug1: bits set: 1591/3191 > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts > debug3: check_host_in_hostfile: match line 1 > debug1: Host '192.168.1.2' is known and matches the RSA host key. > debug1: Found key in /root/.ssh/known_hosts:1 > debug1: bits set: 1588/3191 > debug1: ssh_rsa_verify: signature correct > debug1: kex_derive_keys > debug1: newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: waiting for SSH2_MSG_NEWKEYS > debug1: newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: done: ssh_kex2. > debug1: send SSH2_MSG_SERVICE_REQUEST > debug1: service_accept: ssh-userauth > debug1: got SSH2_MSG_SERVICE_ACCEPT > debug1: authentications that can continue: publickey,password,keyboard-interactive > debug3: start over, passed a different list publickey,password,keyboard-interactive > debug3: preferred publickey,keyboard-interactive,password > debug3: authmethod_lookup publickey > debug3: remaining preferred: keyboard-interactive,password > debug3: authmethod_is_enabled publickey > debug1: next auth method to try is publickey > debug1: try pubkey: /root/.ssh/id_rsa > debug3: send_pubkey_test > debug2: we sent a publickey packet, wait for reply > debug1: authentications that can continue: publickey,password,keyboard-interactive > debug1: try pubkey: /root/.ssh/id_dsa > debug3: send_pubkey_test > debug2: we sent a publickey packet, wait for reply > debug1: authentications that can continue: publickey,password,keyboard-interactive > debug2: we did not send a packet, disable method > debug3: authmethod_lookup keyboard-interactive > debug3: remaining preferred: password > debug3: authmethod_is_enabled keyboard-interactive > debug1: next auth method to try is keyboard-interactive > debug2: userauth_kbdint > debug2: we sent a keyboard-interactive packet, wait for reply > debug1: authentications that can continue: publickey,password,keyboard-interactive > debug3: userauth_kbdint: disable: no info_req_seen > debug2: we did not send a packet, disable method > debug3: authmethod_lookup password > debug3: remaining preferred: > debug3: authmethod_is_enabled password > debug1: next auth method to try is password > > # at this point I get the root@192.168.1.2's password: prompt > > > -- > To UNSUBSCRIBE, email to debian-user-request@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org >
Attachment:
pgpupQCKWg6Av.pgp
Description: PGP signature