Problem - Creating SSH Public/Private keys. Please help.

UNIX HP-UX
1

HI,

I'm trying to create SSH public/private keys using following command.

hp023:/users/vikram> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/users/vikram/.ssh/id_rsa): rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in rsa.
Your public key has been saved in rsa.pub.
The key fingerprint is:
2e:3f:4a:ae:4c:52:60:9r:5e:8b:fc:e6:b1:d8:9c:64 vikram@hp023

I'm having valid folder /users/vikram/.ssh/id_rsa
With 777 permission and Suffient space too.
I'm able to place any file in that directory too.

But when i issue the above mentioned command , its not at all creating the keys in that directory.

Please help me.

regards
vikram.

2
3

Hi,

Thank you very much.

I deleted the folder id_rsa And successfully created the id_rsa and id_rsa.pub key

I pasted the id_rsa.pub contents in authorized_keys as well as known_hosts files in .ssh of my home directory directory of target server(user id same for both target as well as the source server)

in know_hosts i entered servername, public key contents.

but still its asking for password while using ssh or scp.

I've have doubt in the formatt and location of authorized_keys and known_hosts.
please help me.

Thanks.

4

Please set the permissions of the .ssh directory and files under the directory to 640

5

Hi dj,

Thanks for the reply.
I did everything , even i gave 640 permission to all of the objects as u said.
Still its asking for the passowrd.

i've ran scp in verbose mode.
Please have a look into it.

hp001:/dtusr1/vikram > scp -v sqlnet.log vikram@hp002.us.dt.com:/dtusr1/vikram
Executing: program /usr/local/bin/ssh host hp002.us.dt.com, user vikram, command scp -v -t /dtusr1/vikram
OpenSSH_4.0p1, OpenSSL 0.9.7f 22 Mar 2005
debug1: Reading configuration data /usr/local/etc/ssh/ssh_config
debug1: Connecting to hp002.us.dt.com [158.151.152.38] port 22.
debug1: Connection established.
debug1: identity file /dtusr1/vikram/.ssh/id_rsa type 1
debug1: identity file /dtusr1/vikram/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.0
debug1: match: OpenSSH_4.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'hp002.us.dt.com' is known and matches the RSA host key.
debug1: Found key in /dtusr1/vikram/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /dtusr1/vikram/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /dtusr1/vikram/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending command: scp -v -t /dtusr1/vikram
Sending file modes: C0644 2703 sqlnet.log
Sink: C0644 2703 sqlnet.log
sqlnet.log                                                                                                               100% 2703     2.6KB/s   00:00
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.3 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0

i'm not able to infer anything out of it as there are error messages. Please help me. need to bypass password .

Thanks
vikram.

6

What is the ssh version?
Try appedn the public key in authorized_keys2 file also. Make sure you give 640 permission to the file.

7

what is the permission on home directory... on both servers
Actually, some ssh implementations will fail if *any* directory in the path to the authorized keys file has group or world write permission.

8

Hi dennis/chakrapani.

I've created authorized_keys2 file and loaded the public key to it

Both home directories are having the permission 755
All subdirectories including.ssh and files are having permission 640

Version is

OpenSSH_4.0p1, OpenSSL 0.9.7f 22 Mar 2005

Debug mode

hp001:/dtusr1/vikram/.ssh > ssh -v vikram@hp002.us.dt.com "ls"
OpenSSH_4.0p1, OpenSSL 0.9.7f 22 Mar 2005
debug1: Reading configuration data /usr/local/etc/ssh/ssh_config
debug1: Connecting to hp002.us.dt.com [158.151.152.38] port 22.
debug1: Connection established.
debug1: identity file /dtusr1/vikram/.ssh/id_rsa type 1
debug1: identity file /dtusr1/vikram/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.0
debug1: match: OpenSSH_4.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'hp002.us.dt.com' is known and matches the RSA host key.
debug1: Found key in /dtusr1/vikram/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /dtusr1/vikram/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /dtusr1/vikram/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending command: ls
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
tnsnames.ora
debug1: channel 0: free: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0

Public key format is

ssh-rsa AAAAB3NzaC1yc2EBBBBBIwAAAIEAsfbel37m86RX8L3vVJth1mWQ62NknTK3+tL8CVhLUI/Tz0UlM3bRpRWfHKvagoET99/qJS1UZ8BBFvxOMklsUm2jb4xU5oedjFNcKYIQGDNNma6TvoIQzL51LW4MJ1YCK52G90RDtfUiJmHx/uPik0hty+wFn7T2LVSMYZpmyCV8= vikram@hp001

Please help me

Thanks
Vikram

9

.ssh sudirectory should be 700...
And you should have copied id_rsa.pub to authorized_keys only... which permissions should be 644...

---------- Post updated at 14:59 ---------- Previous update was at 14:51 ----------

And I just realized:

Pasting wont work! since it will add alien characters...(at end of line instead of being contiguous...)

Start all again
and this time do a cp -p of your ***.pub to authorized_keys and only that...

10

HI, dennis/chakrapani and vbe.

Worked for following permission combination

@server1
users/user1 755
users/user1/.ssh 700
users/user1/.ssh/id_rsa (private key) 600

@server2
users/user1 755
users/user1/.ssh 700
users/user1/.ssh/authorized_keys 644

Thank you all.