Need assistance in troubleshooting SSH keyless. Below are the steps i have done . Appreciate more inputs
Node1 and Node2
Node1
ssh-keygen -t rsa -b 2048 cat id_rsa.pub | ssh id@node2 'cat >>.ssh/authorized_keys'
Node2
touch authorized_keys Tries ssh from NODE2 TO NODE1 getting passwd prompt.
Check the id user's home directory owner and permissions.
It was set to 755. Any other inputs
chmod 600 ~/.ssh/authorized_keys
changed to 600 for ~/.ssh/authorized_keys still asking the same passwd
when we do ssh with -v .
Sun_SSH_2.2, SSH protocols 1.5/2.0, OpenSSL 0x1000110f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to hrappt52 [10.62.104.158] port 22.
debug1: Connection established.
debug1: ssh_kmf_check_uri: /export/home/wrkbrain/.ssh/identity
debug1: Identity file/URI '/export/home/wrkbrain/.ssh/identity' pubkey type UNKNOWN
debug1: ssh_kmf_check_uri: /export/home/wrkbrain/.ssh/id_rsa
debug1: Identity file/URI '/export/home/wrkbrain/.ssh/id_rsa' pubkey type UNKNOWN
debug1: ssh_kmf_check_uri: /export/home/wrkbrain/.ssh/id_dsa
debug1: Identity file/URI '/export/home/wrkbrain/.ssh/id_dsa' pubkey type UNKNOWN
debug1: Logging to host: hrappt52
debug1: Local user: wrkbrain Remote user: wbsftp
debug1: Remote protocol version 2.0, remote software version Sun_SSH_2.2
debug1: match: Sun_SSH_2.2 pat Sun_SSH_2.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_2.2
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: Creating a global KMF session.
debug1: My KEX proposal before adding the GSS KEX algorithm:
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: My KEX proposal I sent to the peer:
debug1: KEX proposal I received from the peer:
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
debug1: Peer sent proposed langtags, ctos: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: Peer sent proposed langtags, stoc: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: We proposed langtags, ctos: en-US
debug1: We proposed langtags, stoc: en-US
debug1: Negotiated lang: en-US
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: en_US.UTF-8
debug1: Remote: Negotiated messages locale: en_US.UTF-8
debug1: dh_gen_key: priv key bits set: 250/512
debug1: bits set: 2020/4095
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: Host 'hrappt52' is known and matches the RSA host key.
debug1: Found key in /export/home/wrkbrain/.ssh/known_hosts:1
debug1: bits set: 2093/4095
debug1: ssh_rsa_verify: signature correct
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: Next authentication method: gssapi-with-mic
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
)
debug1: Next authentication method: publickey
debug1: Trying private key: /export/home/wrkbrain/.ssh/identity
debug1: ssh_kmf_check_uri: /export/home/wrkbrain/.ssh/identity
debug1: Trying private key: /export/home/wrkbrain/.ssh/id_rsa
debug1: ssh_kmf_check_uri: /export/home/wrkbrain/.ssh/id_rsa
debug1: Trying private key: /export/home/wrkbrain/.ssh/id_dsa
debug1: ssh_kmf_check_uri: /export/home/wrkbrain/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Did you check the home directory is owned by the right user too ?
Wrong /home permissions might also prevent sshd to accept passwordless logins.
ls -ld /home/id /home
Finally, there seems to be an issue with the public key:
debug1: Identity file/URI '/export/home/wrkbrain/.ssh/id_rsa' pubkey type UNKNOWN
should probably be:
debug1: Identity file/URI '/export/home/wrkbrain/.ssh/id_rsa' pubkey type ssh-rsa
debug1: ssh_kmf_check_uri: /export/home/wrkbrain/.ssh/identity
debug1: Identity file/URI '/export/home/wrkbrain/.ssh/identity' pubkey type UNKNOWN
debug1: ssh_kmf_check_uri: /export/home/wrkbrain/.ssh/id_rsa
debug1: Identity file/URI '/export/home/wrkbrain/.ssh/id_rsa' pubkey type UNKNOWN
debug1: ssh_kmf_check_uri: /export/home/wrkbrain/.ssh/id_dsa
debug1: Identity file/URI '/export/home/wrkbrain/.ssh/id_dsa' pubkey type UNKNOWN
looks like an invalid format... perhaps generated from PuttyGen
Here is the setup i tried may be this could be the problem as well.
on Node1 I have a xuser account and generated sshkey under that xuser. I copy the id_ras.pub from xuser into yuser authorized_keys on Node2 .
Can i ssh from Node2 to Node1 using the below command
node2#> ssh xuser@node1
No you can't. That's the other way around.
Please answer to the questions previously asked.
and following the same logic...
how did you generate key?
as in specifically what command?