I'm trying to set up an ssh connection to a remote system where I have a shell login account and I can't get it to do RSA (or DSA) authentication and not askk me for a password.
I have a number of other logins where the passwordless login works fine.
If I turn debugging on (with -vvv) the sequence up to where it demands a password is:-
debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/chris/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password debug1: Offering public key: /home/chris/.ssh/id_dsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password
On a very similar system where the passwordless login works I get:-
debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/chris/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 149
So, why doesn't the first one work? I think I've set everything up but I may have missed something obvious. Any ideas anyone?
No help to you Chris, but I've also tried to set up the same type of system. Can we keep the replies posted to this list please...
Regards, Paul.
On Sunday 22 February 2004 6:43 pm, Chris Green wrote:
I'm trying to set up an ssh connection to a remote system where I have a shell login account and I can't get it to do RSA (or DSA) authentication and not askk me for a password.
On Sun, Feb 22, 2004 at 06:54:41PM +0000, Paul wrote:
On Sunday 22 February 2004 6:43 pm, Chris Green wrote:
I'm trying to set up an ssh connection to a remote system where I have a shell login account and I can't get it to do RSA (or DSA) authentication and not askk me for a password.
No help to you Chris, but I've also tried to set up the same type of system. Can we keep the replies posted to this list please...
Certainly, no problem. I have the passwordless login working on several systems so I may be able to help a bit anyway.
Basically you run ssh-keygen on the 'client' system and put the public key generated by that into the ~/.ssh/authorized_keys file on the target system.
Thus in ~/.ssh on the client system you will have:- identity identity.pub
... and you append the whole of the above identity.pub file to the ~/.ssh/authorized_keys file in your login on the target system.
The above is for SSH version 1. For version 2 it's similar but the file names are id_dsa.pub or id_rsa.pub depending on which type of key you generated with ssh-keygen.
ssh-keygen generates the above named files and puts them in .ssh by default.
Chris Green chris@areti.co.uk writes:
So, why doesn't the first one work? I think I've set everything up but I may have missed something obvious. Any ideas anyone?
Check the permissions on the files under ~/.ssh (and on ~/.ssh itself). Check that the target's ~/.ssh/authorized_keys actually does have at least one of the source's public keys in it. Check that PubkeyAuthentication is enabled in the target's sshd_config. Check that you're actually connecting to the host you think you are.
On Mon, Feb 23, 2004 at 10:28:28AM +0000, Richard Kettlewell wrote:
Chris Green chris@areti.co.uk writes:
So, why doesn't the first one work? I think I've set everything up but I may have missed something obvious. Any ideas anyone?
Check the permissions on the files under ~/.ssh (and on ~/.ssh itself).
They're OK, I've just tightened them up a little but they were originally the same as a system where the passwordless login works.
Check that the target's ~/.ssh/authorized_keys actually doeshave at least one of the source's public keys in it.
Yes, it does.
Check thatPubkeyAuthentication is enabled in the target's sshd_config.
Now that is a possibility to look into, I'm not totally convinced I can 'see' the system ssh configuration files though, I'll take a look.
Checkthat you're actually connecting to the host you think you are.
When I get there (after entering the password) it seems to be what I'm expecting! :-)
-
Chris Green -
Paul -
Richard Kettlewell