ssh - still ask for password

[desb01]

Hello,

I tried to setup two servers so I can ssh without any password asked.

I tried a couple of thing without any success

I use GNU/Linux on both server with OpenSSH_3.9p1.

I use dsa.

I found other posts with this problem but never resolved

I did the following :

On the client run the following commands:
$ mkdir -p $HOME/.ssh
$ chmod 0700 $HOME/.ssh
$ ssh-keygen -t dsa -f $HOME/.ssh/id_dsa -P ''

Copy $HOME/.ssh/id_dsa.pub to the server.

Server:
On the server run the following commands:
$ mkdir -p $HOME/.ssh
$ cat id_dsa.pub >> $HOME/.ssh/authorized_keys2
$ chmod 0600 $HOME/.ssh/authorized_keys2

TRYING ... still ask for password

Depending on the version of OpenSSH the following commands may also be required:
$ cat id_dsa.pub >> $HOME/.ssh/authorized_keys
$ chmod 0600 $HOME/.ssh/authorized_keys

TRYING ... still ask for password

[meATmy_client]$ ssh -vvv meATmy_server
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to my_server [my_server] port 22.
debug1: Connection established.
debug1: identity file /home/me/.ssh/identity type -1
debug1: identity file /home/me/.ssh/id_rsa type -1
debug3: Not a RSA1 key file /home/me/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/me/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 124/256
debug2: bits set: 510/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/me/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'my_server' is known and matches the RSA host key.
debug1: Found key in /home/me/.ssh/known_hosts:1
debug2: bits set: 522/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/me/.ssh/id_dsa (0x552ac09820)
debug2: key: /home/me/.ssh/identity ((nil))
debug2: key: /home/me/.ssh/id_rsa ((nil))
debug2: key: /home/me/.ssh/id_dsa (0x552ac00430)
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-with-mic,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: An invalid name was supplied
Unknown code krb5 243

debug1: An invalid name was supplied
Unknown code krb5 243

debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/me/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /home/me/.ssh/identity
debug3: no such identity: /home/me/.ssh/identity
debug1: Trying private key: /home/me/.ssh/id_rsa
debug3: no such identity: /home/me/.ssh/id_rsa
debug1: Offering public key: /home/me/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
meATmy_server's password:

[Shutdown]

What about modifying the hosts.allow file? Just for kicks?

[Lazydog]

What about modifying the hosts.allow file? Just for kicks?

hosts.allow is for listing what services a host can access and does not have anything to do with ssh asking for a password.

I did the following :

On the client run the following commands:
$ mkdir -p $HOME/.ssh
$ chmod 0700 $HOME/.ssh
$ ssh-keygen -t dsa -f $HOME/.ssh/id_dsa -P ''

Copy $HOME/.ssh/id_dsa.pub to the server.

Server:
On the server run the following commands:
$ mkdir -p $HOME/.ssh
$ cat id_dsa.pub >> $HOME/.ssh/authorized_keys2
$ chmod 0600 $HOME/.ssh/authorized_keys2

TRYING ... still ask for password

How did you copy id_dsa.pub?

As a file or just the contents?

What you should have done was add the key to .ssh/authorized_keys on the server. This is where the server looks for the keys.

[secondmouse]

debug1: identity file /home/me/.ssh/id_rsa type -1

So you have rsa key in your ~/.ssh/ as well? That means you should have id_rsa.pub at the same location, why don't you try to copy the content of id_rsa.pub to server's authorized_keys file? If that doesn't work I would suggest start from scratch:
1) mv ~/.ssh{,.bak}
make a backup of your current ~/.ssh folder in case you want to go back
2) ssh-keygen -t rsa
It'll ask you where to put the key and phrase, just press Enters to accept the default and use blank phrase.
3) copy the content or ~/.ssh/id_rsa.pub [ scp works well, copy & paste with cat and mouse should work as well ] to server's ~/.ssh/authorized_keys

Sometimes you might need a ~/.ssh/authorized_keys2 to make it work, simply do (on the server)
cd ~/.ssh
ln -s authorized_keys{,2}