Trouble with Public Key Authentication

Trouble with Public Key Authentication

Post by B.. » Sun, 17 Mar 2002 07:03:39



I've generated a DSA pair of keys, placed the .pub key in
authorized_keys on the server I wish to connect to (and
authorized_keys2, wasn't sure where it should be).  The private key is
now at $HOME/.ssh/myhost.org.key.  On the client that I want to
connect, the file $HOME/.ssh/config has the following two lines:

Host myhost.org
        IdentityFile ~/.ssh/myhost.org.key

It appears to me that everything is set up right in sshd_config, but I
don't know.  When it gets to publickey authentication, I get this in
the debug:

-----------------
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /home/bogosj/.ssh/myhost.org.key
debug1: read PEM private key done: type DSA
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is keyboard-interactive
-----------------

Any clue why it would just skip over my key, it sees that it is
there... sees that it is DSA, but it doesn't accept it?

Following is the full debug of the session up until it prompts for my
password.

myhost.org is not really my host, changed that, as well as the ip

ssh -v -2 myhost.org  
OpenSSH_2.9.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /home/bogosj/.ssh/config
debug1: Applying options for myhost.org
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 500 geteuid 0 anon 1
debug1: Connecting to myhost.org [my.ip.address.here] port 22.
debug1: temporarily_use_uid: 500/500 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 500/500 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/bogosj/.ssh/myhost.org.key type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.0.2p1
debug1: match: OpenSSH_3.0.2p1 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9.9p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 133/256
debug1: bits set: 1558/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'myhost.org' is known and matches the RSA host key.
debug1: Found key in /home/bogosj/.ssh/known_hosts:1
debug1: bits set: 1614/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /home/bogosj/.ssh/myhost.org.key
debug1: read PEM private key done: type DSA
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is password

 
 
 

Trouble with Public Key Authentication

Post by Richard E. Silverm » Sun, 17 Mar 2002 14:58:59


It's trying your key, but the server is rejecting it.  Check the sshd
syslog messages or an sshd -d trace to find out why.

--
  Richard Silverman


 
 
 

Trouble with Public Key Authentication

Post by Bogo » Sun, 17 Mar 2002 16:16:34


Not sure what the problem was, generated new keys, and after these issues
everything is working.  Thank you and everyone for all the help fixing my
problems over the past few days :)

Bogo



Quote:

> It's trying your key, but the server is rejecting it.  Check the sshd
> syslog messages or an sshd -d trace to find out why.

 
 
 

1. SSH-3.2.0 Public /Private key implementation and Public Key Authentication Prob

Hello
I am using SSH-3.2.0 on RH7.2. I have four linux boxes to
connect(node1, node2, node3, node4) and talk to each other using
SSH-3.2.0. (Iptables are set so that they talk to each other and no
connections come from outside these four boxes). I have root access to
all. I will be primarily using these machines to run parallel programs
using MPICH. I have created Public/private key on all of these
machines.My passphrase is carriage return(I know that it is not
recommended, but i am simply trying to make things as transparent as
possible).

When i try to ssh from node1 to node2 , it first asks if i want to
continue connecting since (i guess) the public key or something was
not found on node2 and i type in "yes" , then it asks me to type in
password...everytime after that , wherever i connect i m asked
password! I find all my effort useless, since i feel the public key is
not being used!

Also if i want to put public keys for node2, node3, node4 in ~/.ssh2
directory under what name should i put all the key files. Can i change
the names from id_dsa_2048_a.pub to something node specific like
node2_id_dsa_2048.pub?

Also when i use "ssh-pubkeymgr" script (available with ssh-3.2.0) i
get "client configuration is all set but server configuration does not
show Public key authentication in AllowedAuthentications or
RequiredAuthentications.

What should i add to my ~/.ssh2/ssh2d_config file?  I have uncommented
the line for PublicKey Authentication, thereby allowing it.

Any help in this direction will be greatly appreciated!

Thanks a lot in advance!

Shweta

2. Atari System for Sake

3. Trouble using pscp w. public-key authentication

4. Does Microsoft Phone dialer work with WAVETSP ?

5. SSH 3.2 Public key authentication (Win 2000) : Error 'No further authentication methods available'

6. generating point clouds

7. How public keys should be treated imho (ignore what you read about public keys), part II

8. TD_RAWREAD and IOTDB_WORDSYNC

9. Trouble logging in with public key--Secure Shell and OpenSSH

10. Public Key Trouble

11. Trouble Using Public key Exchange

12. REVIEW: "Authentication: From Passwords to Public Keys", Richard E. Smith

13. Authentication system based on public key cryptosystems