passwordless ssh connection problem

migurus · October 26, 2011, 2:16am

I need to ssh from Host A to Hosts B and C. A->B works, but A->C does not.
I can do rcp/rcmd A->B and A->C.
B and C are identical systems. All three are SCO OSR 5.

More relevant info:

Host A$ ssh -V
OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004

Hosts B and C are:

OpenSSH_4.3p2, OpenSSL 0.9.7i 14 Oct 2005

What I did:

... on A

$ ssh-keygen -t rsa 
$ rcp id_rsa.pub B:/tmp
$ rcp id_rsa.pub C:/tmp

... on B and C

$ cat /tmp/id_rsa.pub >> ~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys

And then I repeated the same with dsa public key.

Here is debug info from failing attempt to connect A->C

 
$ ssh -v C
OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to C [192.168.1.9] port 22.
debug1: Connection established.
debug1: identity file /u/myuser/.ssh/identity type -1
debug1: identity file /u/myuser/.ssh/id_rsa type 1
debug1: identity file /u/myuser/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'C' is known and matches the RSA host key.
debug1: Found key in /u/myuser/.ssh/known_hosts:6
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /u/myuser/.ssh/identity
debug1: Offering public key: /u/myuser/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering public key: /u/myuser/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
myuser@C's password: 
...etc...

Any suggestions would be appreciated.

toro95037 · October 26, 2011, 2:45am

I've had a similar error when there was a broken key above mine in the ~/.ssh/authorized_keys file. Move your key to the top and see if that helps.

migurus · October 28, 2011, 5:20pm

I tried to have just one key in my authorized_keys file, but that made no difference

vgersh99 · October 28, 2011, 6:00pm

if you copy/pasted the key(s) in the file, make sure that each key is one CONTINUOUS line with no 'line wraps' (as the keys are long and copy/pasting from one window to the other may introduce some line wraps).

migurus · October 29, 2011, 10:40pm

No, as you see in my post I did not manually cut/paste. I did cat /tmp/id_rsa.pub >> ~/.ssh/authorized_keys

binlib · October 30, 2011, 9:47am

From SSH FAQ:

3.14 - I copied my public key to authorized_keys but public-key authentication still doesn't work.

Typically this is caused by the file permissions on $HOME, $HOME/.ssh or $HOME/.ssh/authorized_keys being more permissive than sshd allows by default.
In this case, it can be solved by executing the following on the server. $ chmod go-w $HOME $HOME/.ssh
$ chmod 600 $HOME/.ssh/authorized_keys
$ chown `whoami` $HOME/.ssh/authorized_keys
If this is not possible for some reason, an alternative is to set StrictModes no in sshd_config, however this is not recommended.