Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 11
I am trying to get ssh public key authenitcation to work, but I'm always greeted with a password prompt. I did the following: 1.) Created a public/private key pair via ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2005
    Posts
    20

    ssh public key problem


    I am trying to get ssh public key authenitcation to work, but I'm always greeted with a password prompt. I did the following:

    1.) Created a public/private key pair via
    Code:
    $ ssh-keygen -b 2048 -t dsa
    2.) scp'd the id_dsa.pub file to the remote server and added it to the authorized_keys file via
    Code:
    $ cat id_dsa.pub >>authorized_keys
    3.) added the private key to my ssh-agent via
    Code:
    $ ssh-add
    In the sshd_conf file on the remote machine, PubkeyAuthentication is set to yes, so it should work. Logging in via password authentication also works fine. So what is the poblem?

    PS: This is the ssh output with the -vvv option enabled (abridged):
    Code:
    (...)
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /home/lo/.ssh/id_dsa (0x8090518)
    debug2: key: /home/lo/.ssh/identity ((nil))
    debug2: key: /home/lo/.ssh/id_rsa ((nil))
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug3: start over, passed a different list publickey,password,keyboard-interactive
    debug3: preferred publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Offering public key: /home/lo/.ssh/id_dsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Trying private key: /home/lo/.ssh/identity
    debug3: no such identity: /home/lo/.ssh/identity
    debug1: Trying private key: /home/lo/.ssh/id_rsa
    debug3: no such identity: /home/lo/.ssh/id_rsa
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup keyboard-interactive
    debug3: remaining preferred: password
    debug3: authmethod_is_enabled keyboard-interactive
    debug1: Next authentication method: keyboard-interactive
    debug2: userauth_kbdint
    debug2: we sent a keyboard-interactive packet, wait for reply
    debug2: input_userauth_info_req
    debug2: input_userauth_info_req: num_prompts 1
    Password:

  2. #2
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    Where is the authorized_keys file on the remote machine? It needs to be in the ~/.ssh directory.

    Permissions should look like so:
    Code:
    hector@troy:~/.ssh> ls -la
    
    drwx------   2 hector users 4096 2005-11-23 23:32 .
    drwx------  17 hector users 8192 2005-12-23 14:01 ..
    -rw-------   1 hector users  391 2005-10-29 16:23 authorized_keys

  3. #3
    Just Joined!
    Join Date
    Nov 2005
    Posts
    20
    The authorized_keys file is in the right directory, the permissions are OK.

  4. #4
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    Some basic stuff then:
    1. Same user name on both machines?
    2. What ssh command are you using to do this?
    3. On the local machine, what does
    Code:
    grep 'IdentityFile' /etc/ssh/ssh_config
    show you?
    4. Did you remember to restart sshd on the remote machine after setting PubkeyAuthentication to yes in sshd_config?
    5. On the local machine, what do the permissions for ~/.ssh/id_dsa look like?

  5. #5
    Just Joined!
    Join Date
    Nov 2005
    Posts
    20
    Quote Originally Posted by anomie
    Some basic stuff then:
    1. Same user name on both machines?
    No, see below.
    2. What ssh command are you using to do this?
    $ ssh remoteuser@remotemachine.domain.com
    3. On the local machine, what does
    Code:
    grep 'IdentityFile' /etc/ssh/ssh_config
    show you?
    # IdentityFile ~/.ssh/identity
    # IdentityFile ~/.ssh/id_rsa
    # IdentityFile ~/.ssh/id_dsa
    4. Did you remember to restart sshd on the remote machine after setting PubkeyAuthentication to yes in sshd_config?
    I did not have to change anything there, the settings were already ok.
    5. On the local machine, what do the permissions for ~/.ssh/id_dsa look like?
    the permissions are:
    Code:
    -rw-------  1 lo lo 1,2K 2005-12-24 15:59 id_dsa
    ssh with password authentication works fine, so the basics must be configured right.
    Any more ideas?

  6. #6
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    I wonder if this has something to do with how the authorized_keys file was created. Could you run (on the remote machine):
    Code:
    cat ~/.ssh/authorized_keys
    But do not post the output here. Have a look at the user@host part at the very end of the output. What does it say there?

    Also, for peace of mind could you post the results (run from remote machine) of:
    Code:
    grep 'Pubkey' /etc/ssh/sshd_config
    And the permissions for both ~/.ssh and ~/.ssh/authorized_keys on the remote machine. I know you checked, but might as well double-check.

  7. #7
    Just Joined!
    Join Date
    Nov 2005
    Posts
    20
    Have a look at the user@host part at the very end of the output. What does it say there?
    It says something like
    Code:
    == username@localmachine
    where username is my username on the local machine and localmachine is the name of my local machine.

    Also, for peace of mind could you post the results (run from remote machine) of:
    Code:
    grep 'Pubkey' /etc/ssh/sshd_config
    It is:
    Code:
    PubkeyAuthentication yes
    And the permissions for both ~/.ssh and ~/.ssh/authorized_keys on the remote machine. I know you checked, but might as well double-check.
    The permissions are:
    Code:
    drwx------   2 schmidlo exp1  544 Dec 29 14:14 .ssh
    -rw-------   1 schmidlo exp1 2.2K Dec 29 14:14 authorized_keys

  8. #8
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    No problems there. One more thing occurs to me; can you post the results (run on remote machine) of
    Code:
    grep 'AuthorizedKeysFile' /etc/ssh/sshd_config
    If we see anything other than .ssh/authorized_keys there we can adjust accordingly.

    If that is the value you see there, then this is a very strange problem. What I would do in that case is:
    • Copy the .pub key to the remote .ssh directory again, giving it the appropriate name (assuming authorized_keys unless you find out otherwise). This time clobber the existing file with the > redirection operator (not >>) - unless you have a good reason not to.
    • Restart sshd on the remote machine - even if you think you don't need to.
    • Try again.

  9. #9
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    P.S. One question about your ls listing in your post above. The authorized_keys file is within the .ssh directory, correct?

    The way you posted it it looks like they're on the same directory level (which won't work).

  10. #10
    Just Joined!
    Join Date
    Nov 2005
    Posts
    20
    Quote Originally Posted by anomie
    No problems there. One more thing occurs to me; can you post the results (run on remote machine) of
    Code:
    grep 'AuthorizedKeysFile' /etc/ssh/sshd_config
    It returns:
    #AuthorizedKeysFile %h/.ssh/authorized_keys
    which should be ok, because according to the manpage of sshd_config, the default value is ~/.ssh/authorized_keys.

    If that is the value you see there, then this is a very strange problem. What I would do in that case is:
    • Copy the .pub key to the remote .ssh directory again, giving it the appropriate name (assuming authorized_keys unless you find out otherwise). This time clobber the existing file with the > redirection operator (not >>) - unless you have a good reason not to.
    • Restart sshd on the remote machine - even if you think you don't need to.
    • Try again.
    I copied the public key file and added it to authorized keys, but it did not work. Restarting sshd is not possible since I don't have root access on that machine. I guess I have to talk to the system administrator. But thanks for your suggestions.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •