This discussion is archived
8 Replies Latest reply: Apr 5, 2013 6:54 AM by CyberNinja RSS

SSH issue - can't get password less login to work

CyberNinja Newbie
Currently Being Moderated
Hello,
I can't seem to get the password less login to work on one of my SLES 11 servers. My ssh agent lets me login to all my other servers, which are Solaris 10, RHEL 5, and SLES 11 servers. Some servers mount my home directory and others don't.

The server that I'm having an issue with doesn't mount my home directory. I can log in with my password. My agent on a Solaris 10 server is working with the other servers. Usually if the agent is not working it will ask for my passphrase, which leads me to believe it is a configuration issue.

I have copied my pub key over and put in authorized_keys file.

Any ideas?
  • 1. Re: SSH issue - can't get password less login to work
    Bjoern Rost Oracle ACE Director
    Currently Being Moderated
    CyberNinja wrote:
    The server that I'm having an issue with doesn't mount my home directory. I can log in with my password.
    Where is your public key stored? If it is in your home directory and that is not mounted, it would explain why public key auth does not work for you. Also, have you tried the -v flag with your ssh client to gather verbose debug information?

    cheers
    bjoern
  • 2. Re: SSH issue - can't get password less login to work
    CyberNinja Newbie
    Currently Being Moderated
    Bjoern Rost,
    Thanks for replying.
    I copied my public key over to the Suse 11 server and put it here; ~/.ssh/. I also added it to the authorized_keys file.
  • 3. Re: SSH issue - can't get password less login to work
    CyberNinja Newbie
    Currently Being Moderated
    Here is the out put of the ssh -v command

    bitlord@Solaris-server
    < ssh -v Suse-server
    Sun_SSH_1.1.4, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Rhosts Authentication disabled, originating port will not be trusted.
    debug1: ssh_connect: needpriv 0
    debug1: Connecting to Suse-server [xxx.xxx.xxx.62] port 22.
    debug1: Connection established.
    debug1: identity file /home/bitlord/.ssh/identity type -1
    debug1: identity file /home/bitlord/.ssh/id_rsa type 1
    debug1: identity file /home/bitlord/.ssh/id_dsa type -1
    debug1: Logging to host: Suse-server
    debug1: Local user: bitlord Remote user: bitlord
    debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1
    debug1: match: OpenSSH_5.1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-Sun_SSH_1.1.4
    debug1: use_engine is 'yes'
    debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
    debug1: pkcs11 engine initialization complete
    debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
    Unknown code 0
    )
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr hmac-sha1 none
    debug1: kex: client->server aes128-ctr hmac-sha1 none
    debug1: Peer sent proposed langtags, ctos:
    debug1: Peer sent proposed langtags, stoc:
    debug1: We proposed langtags, ctos: en-US
    debug1: We proposed langtags, stoc: en-US
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: dh_gen_key: priv key bits set: 168/320
    debug1: bits set: 1059/2048
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'Suse-server' is known and matches the RSA host key.
    debug1: Found key in /home/bitlord/.ssh/known_hosts:125
    debug1: bits set: 1021/2048
    debug1: ssh_rsa_verify: signature correct
    debug1: newkeys: mode 1
    debug1: set_newkeys: setting new keys for 'out' mode
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: newkeys: mode 0
    debug1: set_newkeys: setting new keys for 'in' mode
    debug1: SSH2_MSG_NEWKEYS received
    debug1: done: ssh_kex2.
    debug1: send SSH2_MSG_SERVICE_REQUEST
    debug1: got SSH2_MSG_SERVICE_ACCEPT
    debug1: Authentications that can continue: publickey,keyboard-interactive
    debug1: Next authentication method: publickey
    debug1: Offering agent key: /home/bitlord/.ssh/id_rsa
    debug1: Authentications that can continue: publickey,keyboard-interactive
    debug1: Trying private key: /home/bitlord/.ssh/identity
    debug1: Trying public key: /home/bitlord/.ssh/id_rsa
    debug1: Authentications that can continue: publickey,keyboard-interactive
    debug1: Trying private key: /home/bitlord/.ssh/id_dsa
    debug1: Next authentication method: keyboard-interactive
    Password:
    debug1: Authentication succeeded (keyboard-interactive)
    debug1: channel 0: new [client-session]
    debug1: send channel open 0
    debug1: Entering interactive session.
    debug1: ssh_session2_setup: id 0
    debug1: channel request 0: env
    debug1: channel request 0: pty-req
    debug1: channel request 0: shell
    debug1: fd 4 setting TCP_NODELAY
    debug1: channel 0: open confirm rwindow 0 rmax 32768
    Last login: Thu Apr 4 17:35:14 2013 from Solaris-server
  • 4. Re: SSH issue - can't get password less login to work
    Bjoern Rost Oracle ACE Director
    Currently Being Moderated
    ok, that stuff is looking ok so far, the server sais publickey auth is accepted (so it is allowed in the server config) but somehow none of your keys get accepted. Did you check the logfiles (most likely auth.log but I am not sure how SLES does it exactly) on the server? Maybe the permissions on .ssh or ~ are not correct.

    cheers
    bjoern
  • 5. Re: SSH issue - can't get password less login to work
    Reidod Explorer
    Currently Being Moderated
    Hi,

    You may try the following:
    remove the key of your server from the /home/bitlord/.ssh/known_hosts file and try to ssh again.
    the public key should be copied/appended to the authorized_keys as follows: cat id_rsa.pub >> authorized_keys
    check the path of your home directory in the ssh server, it may help in diagnosing why your home directory fails to mount.
    Regards,
    Rei
  • 6. Re: SSH issue - can't get password less login to work
    CyberNinja Newbie
    Currently Being Moderated
    bjoern,
    The ~/.ssh is 700 and the Known_hosts file is 644
  • 7. Re: SSH issue - can't get password less login to work
    CyberNinja Newbie
    Currently Being Moderated
    Rei,
    I have added the id_rsa.pub to authorized_keys
  • 8. Re: SSH issue - can't get password less login to work
    CyberNinja Newbie
    Currently Being Moderated
    Thank you everyone for all your help. I now know why the keys was not working.

    It was my fault. Basically there was a typo, I had autherized_keys instead of authorized_keys. I copied autherized_keys to authorized_keys and now everything works.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points