Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
sftp password
- Thread starter biondo68
- Start date
1. on the source host do generate private/public key pair
for example:
ssh-keygen -t rsa
(press twice enter when it asks for:
(1) key location and
(2) password choosing
2. go to destination host/user - in your case: stg@10.90.1.42
create directory ~stg/.ssh with mode 700, then create file ~stg/.ssh/authorized_keys (mode 644) containing the line from the identity.pub (public key) got from source host/user
Next, test it running "ssh stg@10.90.1.42 date" on source host. In the result, you shouldn't be prompted for password.
r, m.
for example:
ssh-keygen -t rsa
(press twice enter when it asks for:
(1) key location and
(2) password choosing
2. go to destination host/user - in your case: stg@10.90.1.42
create directory ~stg/.ssh with mode 700, then create file ~stg/.ssh/authorized_keys (mode 644) containing the line from the identity.pub (public key) got from source host/user
Next, test it running "ssh stg@10.90.1.42 date" on source host. In the result, you shouldn't be prompted for password.
r, m.
I have done these procedure, but still it is prompting for passwd
I run this in source host
test:/# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
26:83:1e:b0:74:f8:02:30:cb:c6:6b:99:e1:87:8d:8f root@test.ask.com
ON Destination
test1:/#mkdir ~stg/.ssh
test1:/#chmod 700 ~stg
test1:/#touch ~stg/.ssh/authorized_keys
I have copied the containt of /root/.ssh/id_rsa.pub from source to destination /stg/.ssh/authorized_keys
In the source
test://root# sftp stg@10.90.1.42
Connecting to 10.90.1.42...
The authenticity of host '10.90.1.42 (10.90.1.42)' can't be established.
RSA key fingerprint is 58:47:72:ca:e1:e1:35:f1:a9:fd:ad:b2:dc:b5:f6:f2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.90.1.42' (RSA) to the list of known hosts.
Connection closed by 10.90.1.42
Connection closed
Hi!
Using RSA keys, in sshd_config file on destination you have to have enabled protocol 2.
Look also for something like "PermitRootLogin" in sshd_config - in your case should be set to "yes"
After you modify sshd_config you have to restart sshd daemon.
Probably having older ?OpenSSH/SSH version remote user have to set "rlogin=true" in his stanza in /etc/security/user.
It has to work.
Show me also output of the command run on source host:
ssh -v -v stg@10.90.1.42
regards,m.
Using RSA keys, in sshd_config file on destination you have to have enabled protocol 2.
Look also for something like "PermitRootLogin" in sshd_config - in your case should be set to "yes"
After you modify sshd_config you have to restart sshd daemon.
Probably having older ?OpenSSH/SSH version remote user have to set "rlogin=true" in his stanza in /etc/security/user.
It has to work.
Show me also output of the command run on source host:
ssh -v -v stg@10.90.1.42
regards,m.
test1:~/.ssh# sftp stg@10.90.1.42
Connecting to 10.90.1.42...
The authenticity of host '10.90.1.42 (10.90.1.42)' can't be established.
RSA key fingerprint is 58:47:72:ca:e1:e1:35:f1:a9:fd:ad:b2:dc:b5:f6:f2.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added '10.90.1.42' (RSA) to the list of known hosts.
stg@10.90.1.42's password:
Connecting to 10.90.1.42...
The authenticity of host '10.90.1.42 (10.90.1.42)' can't be established.
RSA key fingerprint is 58:47:72:ca:e1:e1:35:f1:a9:fd:ad:b2:dc:b5:f6:f2.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added '10.90.1.42' (RSA) to the list of known hosts.
stg@10.90.1.42's password:
test:/root/.ssh#ssh -v -v stg@10.10.100.135
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to 10.10.100.135 [10.10.100.135] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/identity type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.5p1
debug1: match: OpenSSH_3.5p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 119/256
debug1: bits set: 1600/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.10.100.135' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: bits set: 1556/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /root/.ssh/identity
debug1: try pubkey: /root/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
Connection closed by 10.10.100.135
debug1: Calling cleanup 0x80674b0(0x0)
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to 10.10.100.135 [10.10.100.135] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/identity type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.5p1
debug1: match: OpenSSH_3.5p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 119/256
debug1: bits set: 1600/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.10.100.135' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: bits set: 1556/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /root/.ssh/identity
debug1: try pubkey: /root/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
Connection closed by 10.10.100.135
debug1: Calling cleanup 0x80674b0(0x0)
I think that the only soultion is to recompile OpenSSH with new root directory defined (then separate /NEWROOT/etc/passwd, /NEWROOT/etc/group.
regards, m.
regards, m.
- Status
Similar threads
