SSH password login issue

solaris_1977 · December 23, 2011, 8:59am

Hi All,

I am facing issue in setting up passwordless login through ssh on two Solaris-10 boxes. user-id ravrwa from server tsapiq04-zrwdq01 should be able to login to server tsbrit03 as cpsuserq, which is not happening. I am not sure where is the problem, while keys are already all set. Here is the example -

(root):/raven/apps/raven_users/ravrwa> id
uid=23286(ravrwa) gid=2201(raven)
(root):/raven/apps/raven_users/ravrwa> pwd
/raven/apps/raven_users/ravrwa
(root):/raven/apps/raven_users/ravrwa> ls -l .ssh
total 17
-rw-------   1 ravrwa   raven        883 Dec 10 18:34 id_rsa
-rw-------   1 ravrwa   raven        887 Jun 16  2011 id_rsa.old
-rw-r--r--   1 ravrwa   raven        233 Dec 10 18:34 id_rsa.pub
-rw-r--r--   1 ravrwa   raven        233 Dec 10 18:34 id_rsa.pub.11222011
-rw-r--r--   1 ravrwa   raven        233 Jun 16  2011 id_rsa.pub.old
-rw-r--r--   1 ravrwa   raven       1648 Dec 10 18:37 known_hosts
(root):/raven/apps/raven_users/ravrwa> cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAvn/x8G/2+4Jc5r5fMwirptHhzpZAeWevv63rLFn8CqSdm6rWeRfik/eQGj7+1xw0dWEHCZj5/uPxoBzcWe8Xe5Qnx4SZVahwYeszg05p+vo3315UV7dzAv22mif7hKKfTrY3E/SMA1lCBtZYnet3468WCLdc0W/5JkjfKLxOFtM= ravrwa@tsapiq04-zrwdq01
(root):/raven/apps/raven_users/ravrwa> ssh cpsuserq@tsbrit03
 
Password:

If I check pub keys on destination server (tsbrit03), those are already there exactly -

$ id
uid=56330(cpsuserq) gid=25030(cpsgrp_q)
$ pwd
/Hyperion/WERQ/raven
$ ls -l .ssh/authorized_keys
-rw-------   1 cpsuserq cpsgrp_q     233 Dec 22 16:46 .ssh/authorized_keys
$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAvn/x8G/2+4Jc5r5fMwirptHhzpZAeWevv63rLFn8CqSdm6rWeRfik/eQGj7+1xw0dWEHCZj5/uPxoBzcWe8Xe5Qnx4SZVahwYeszg05p+vo3315UV7dzAv22mif7hKKfTrY3E/SMA1lCBtZYnet3468WCLdc0W/5JkjfKLxOFtM= ravrwa@tsapiq04-zrwdq01
$

Can anybody help, where could be the issue ?

Regards

bartus11 · December 23, 2011, 9:08am

Post output of

ls -ld /raven/apps/raven_users/ravrwa/.ssh

frappa · December 23, 2011, 9:08am

First two things that come to my mind:

on the local server, check that the homedir of user ravrwa is actually the path /raven/apps/raven_users/ravrwa; if this is not the case, then use the switch -i /raven/apps/raven_users/ravrwa/.ssh/id_rsa to the ssh command.
Perform the same check on the remote host for user cpsuserq (the homedir should be /Hyperion/WERQ/raven).
on the remote server, check that key-based authentication is explicitly enabled in sshd configuration file (it should be the entry "PubkeyAuthentication" in /etc/ssh/sshd_config).

see ya
fra

solaris_1977 · December 23, 2011, 9:24am

bartus11, here is the file from source -

(root):/raven/apps/raven_users/ravrwa> ls -ld /raven/apps/raven_users/ravrwa/.ssh
drwx------   2 ravrwa   raven          8 Dec 22 16:43 /raven/apps/raven_users/ravrwa/.ssh

frappa, home directories seem to be correct, but i do not see PubkeyAuthentication in ssh file

Source Server -
(root):/raven/apps/raven_users/ravrwa> cat /etc/passwd | grep ravrwa
ravrwa:x:23286:2201:Redwood User:/raven/apps/raven_users/ravrwa:/usr/bin/ksh

Destination server -
$ cat /etc/passwd | grep cpsuserq
cpsuserq:x:56330:25030:CPS User-Hyperian:/Hyperion/WERQ/raven:/usr/bin/ksh

$ cat /etc/ssh/sshd_config | grep -i authentication | grep -v "#"
PasswordAuthentication yes
PAMAuthenticationViaKBDInt yes
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes

frappa · December 23, 2011, 9:52am

i see,
on the other hand key-based auth should be enabled by default (you may perform a double check on solaris with man sshd_config) ...

may you please post the output of the ssh key-based session you are trying to start with the -vvv switch (full debugging messages)?

see ya
fra

solaris_1977 · December 23, 2011, 9:59am

It was a big output, so I have attached it output as a textfile named as "ssh_passwordless_login_issue.txt". Please check.

frappa · December 23, 2011, 10:07am

ok,

may you now please post the output of the ssh session with the following command?

ssh -vvv -i /raven/apps/raven_users/ravrwa/.ssh/id_rsa cpsuserq@tsbrit03

and let's see what happens when you explicitly set the id_rsa private key.

solaris_1977 · December 23, 2011, 10:12am

fra, please check textpad "ssh_passwordless_login_issue_1.0.txt"

frappa · December 23, 2011, 10:51am

...running out of ammo...

may you check if the remote host sshd_config file has some non-default value set for "AuthorizedKeysFile"? It may be that the ssh server is looking for authorized keys in some place different than the home directory of the user being authenticated...

solaris_1977 · December 23, 2011, 11:05am

Nothing as such, I checked sshd_config. Infact this was working earlier and suddenly it stopped. I tried hard, but was not able to find the cause

frappa · December 23, 2011, 11:30am

Sorry pal,

it's weird that it suddenly stopped working.

Last shot in the dark could be generating another keypair (using solaris ssh implementation of ssh-keygen, not an openssh one), deliver the public key to the remote server and seeing if the problem is persistent with the new keys.

Have a nice weekend and Xmas time! I'll be offline in a few minutes.

see ya
fra

solaris_1977 · December 23, 2011, 11:32am

Thanks fra for giving time. I will try for something more and then will create new pair of key.
Have a nice weekend you too...

John_Tate · December 23, 2011, 10:56pm

Your key seems to be corrupted. Use ssh-keygen to make a new one.

dinjy · December 24, 2011, 5:38am

if you want to set password than use the right way.

frank_rizzo · December 25, 2011, 12:56pm

looks like the format of your private sskey is incorrect for the version of SSH your using.

debug1: identity file /raven/apps/raven_users/ravrwa/.ssh/identity type -1
debug3: Not a RSA1 key file /raven/apps/raven_users/ravrwa/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'

please post the output of ssh -V