[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: passwordless ssh login not working



heya,

are you sure your sshd_config is configured to allow PubkeyAuthentication?


	sean

On Sat, Feb 08, 2003 at 12:03:22AM +0000, Pigeon wrote:
> Hi,
> 
> I'm trying to set up ssh to enable passwordless logins from
> 192.168.1.1 to 192.168.1.2. I have used ssh-keygen to generate key
> pairs for root on 192.168.1.1 and copied the .pub files into
> /root/.ssh/authorized_keys. According to man ssh, as I understand it,
> this should be enough to get passwordless login working. But it
> doesn't - I still get asked for a password.
> 
> I have generated keys in all 3 formats - v1 RSA, v2 RSA and v2 DSA -
> as the default /root/.ssh/identity, id_rsa and id_dsa.
> None of them work.
> 
> The 'debugging' output from ssh says nothing useful about .ssh/identity,
> but appears to claim that the id_rsa and id_dsa files are invalid! I
> don't see how they can be unless either ssh or ssh_keygen are up the
> spout, and I haven't heard anyone else complaining.
> 
> Any ideas what's going on?
> 
> Pigeon
> 
> ssh is OpenSSH_3.4p1 Debian 1:3.4p1-1
> ssh-keygen doesn't want to give a version number but it's the woody
> version, file size 84616 date Jun 28 2002.
> 
> The id_rsa file it moans about looks like
> -----BEGIN RSA PRIVATE KEY-----
> (12 lines of random-seeming characters)
> -----END RSA PRIVATE KEY-----
> 
> The 'debugging' (-vvv) output from ssh follows:
> 
> OpenSSH_3.4p1 Debian 1:3.4p1-1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Rhosts Authentication disabled, originating port will not be trusted.
> debug1: ssh_connect: needpriv 0
> debug1: Connecting to 192.168.1.2 [192.168.1.2] port 22.
> debug1: Connection established.
> debug1: identity file /root/.ssh/identity type 0
> debug3: Not a RSA1 key file /root/.ssh/id_rsa.
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug3: key_read: no key found
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug2: key_type_from_name: unknown key type '-----END'
> debug3: key_read: no key found
> debug1: identity file /root/.ssh/id_rsa type 1
> debug3: Not a RSA1 key file /root/.ssh/id_dsa.
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug3: key_read: no key found
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug2: key_type_from_name: unknown key type '-----END'
> debug3: key_read: no key found
> debug1: identity file /root/.ssh/id_dsa type 2
> debug1: Remote protocol version 2.0, remote software version OpenSSH_3.4p1 Debian 1:3.4p1-1
> debug1: match: OpenSSH_3.4p1 Debian 1:3.4p1-1 pat OpenSSH*
> Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none
> debug2: kex_parse_kexinit: none
> debug2: kex_parse_kexinit: 
> debug2: kex_parse_kexinit: 
> debug2: kex_parse_kexinit: first_kex_follows 0 
> debug2: kex_parse_kexinit: reserved 0 
> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: 
> debug2: kex_parse_kexinit: 
> debug2: kex_parse_kexinit: first_kex_follows 0 
> debug2: kex_parse_kexinit: reserved 0 
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: dh_gen_key: priv key bits set: 117/256
> debug1: bits set: 1591/3191
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 1
> debug1: Host '192.168.1.2' is known and matches the RSA host key.
> debug1: Found key in /root/.ssh/known_hosts:1
> debug1: bits set: 1588/3191
> debug1: ssh_rsa_verify: signature correct
> debug1: kex_derive_keys
> debug1: newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: waiting for SSH2_MSG_NEWKEYS
> debug1: newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: done: ssh_kex2.
> debug1: send SSH2_MSG_SERVICE_REQUEST
> debug1: service_accept: ssh-userauth
> debug1: got SSH2_MSG_SERVICE_ACCEPT
> debug1: authentications that can continue: publickey,password,keyboard-interactive
> debug3: start over, passed a different list publickey,password,keyboard-interactive
> debug3: preferred publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: next auth method to try is publickey
> debug1: try pubkey: /root/.ssh/id_rsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug1: authentications that can continue: publickey,password,keyboard-interactive
> debug1: try pubkey: /root/.ssh/id_dsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug1: authentications that can continue: publickey,password,keyboard-interactive
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup keyboard-interactive
> debug3: remaining preferred: password
> debug3: authmethod_is_enabled keyboard-interactive
> debug1: next auth method to try is keyboard-interactive
> debug2: userauth_kbdint
> debug2: we sent a keyboard-interactive packet, wait for reply
> debug1: authentications that can continue: publickey,password,keyboard-interactive
> debug3: userauth_kbdint: disable: no info_req_seen
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup password
> debug3: remaining preferred: 
> debug3: authmethod_is_enabled password
> debug1: next auth method to try is password
> 
> # at this point I get the root@192.168.1.2's password: prompt
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 

Attachment: pgpU2a3q8y4Lu.pgp
Description: PGP signature


Reply to: