Find the answer to your Linux question:
Results 1 to 2 of 2
Hello, I've been searching for a while in forums about the issue I'm facing but couldn't find anything clear, or at least my net search skills are pretty lame. I'm ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2010
    Posts
    2

    [SOLVED] SSH chaining (tunnelling) problem with public keys


    Hello,

    I've been searching for a while in forums about the issue I'm facing but couldn't find anything clear, or at least my net search skills are pretty lame.
    I'm facing a problem with prompted user password in a SSH chain connection when using authorized_keys.

    I have:

    (1) Client - (2) Server - (3) Testing machine (testing machine is connect to Server via usb network)

    I've created keys for Client and Server, and updated authorized_keys in host machines with the key values:

    Testing machine has Server public key, and Server has Client public key.

    Until now everything is fine, if I try to connect via ssh the user password prompt is not shown since public key is found in authorized_keys.

    For example:

    from Client:
    Code:
    ssh server
    Works fine, no password prompt.
    from Server:
    Code:
    ssh testing_machine
    Works fine, no password prompt.

    But if try to do that from Client only:

    from Client:
    Code:
    client:$ ssh server
    Works fine, no password prompt.
    from Client:
    Code:
    server:$ ssh testing_machine
    Asks for password.

    Bellow the verbose output from previous ssh command:

    Code:
    ssh -v root(at)192.168.100.2
    OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Connecting to 192.168.100.2 [192.168.100.2] port 22.
    debug1: Connection established.
    debug1: identity file /home/hudson/.ssh/identity type -1
    debug1: identity file /home/hudson/.ssh/id_rsa type -1
    debug1: identity file /home/hudson/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
    debug1: match: OpenSSH_5.3 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu4
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host '192.168.100.2' is known and matches the RSA host key.
    debug1: Found key in /home/hudson/.ssh/known_hosts:1
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/hudson/.ssh/identity
    debug1: Trying private key: /home/hudson/.ssh/id_rsa
    debug1: Trying private key: /home/hudson/.ssh/id_dsa
    debug1: Next authentication method: password
    root(at)192.168.100.2's password:

    I feel like I'm missing something pretty basic, but could not find solution for this in the last couple of days...

    Anyone ever faced the same issue ?
    Last edited by lmendes1979; 09-30-2010 at 02:59 PM. Reason: Solved

  2. #2
    Just Joined!
    Join Date
    Sep 2010
    Posts
    2

    Thumbs up Solved!

    From verbose output it seems it was looking for id_dsa key, I had renamed it to something else to be more human 'readable', tried to rename it back but same problem persisted.

    Tried a clean start.

    1. Deleted all authorized_keys
    2. Deleted all known_hosts
    3. Deleted all public/private keys
    4. Created again all keys "ssh-keygen -t dsa" and left default name
    5. Copied public keys to right locations "ssh-copy-id"


    And now it works!
    Guess I've messed up trying to rename private/public keys or something

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •