Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Public keys with ssh/sftp

Status
Not open for further replies.
kat000003

kat000003

Technical User
Jan 27, 2005
37
0
0
CH
Hi all.

I have looked for some answers on this subject, but it seems that I am missing something... NO, it's not brains...

I have implemented SSH on 5 servers running AIX 5.2 and sftp is also working with password authentication. I need to setup public key use, as our ftp's are run in batches.

I have created public and private keys with ssh-keygen -t rsa, I have copied the contents of the id_rsa.pub file to the authorized_keys file in /home/root/.ssh/ on the secondary server (perm set to 644 ).

I have compared these 2 files and they look exactly the same.

If I do sftp 'hostname', it returns:
Connecting to 'hostname'...
Connection closed by XX.XXX.X.XX
Connection closed

And that is all.

-v gives me the following:

home/root/.ssh # sftp -v 'hostname'
Connecting to 'hostname'...
OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.6l 04 Nov 2003
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Connecting to 'hostname' [XX.XXX.X.XX] port 22.
debug1: Connection established.
debug1: identity file /home/root/.ssh/id_rsa type 1
debug1: identity file /home/root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.8p1
debug1: match: OpenSSH_3.8p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'hostname' is known and matches the RSA host key.
debug1: Found key in /home/root/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/root/.ssh/id_rsa
Connection closed by XX.XXX.X.XX
Connection closed

Hoping for some expert help.

Thanks
Justus
 
Sort by date Sort by votes
One trap that held me back for ages was file/directory permissions.

Check that /home/root and /home/root/.ssh both have 750 or tighter permissions
Check that /home/root/.ssh/authorized_keys has 600 permissions.

I'm not saying they have to be that tight, I've never had time to find out where the line lies, but setting the permissions has fixed ssh connectivity difficulties time after time for me.

Ceci n'est pas une signature
Columb Healy
 
Upvote 0 Downvote
I ran into similar problems a while back. After much googling, I finally found this:


It gives all the info you need to set up ssh keys - open to open AND open to commercial.

Also, as columb pointed out, be sure the ssh files/directories have the correct permissions too - that is definately a gotcha.

scott
 
Upvote 0 Downvote
Cool, it is working now! One more thing - could I grant specific users access to use sftp without being prompoted for passwords?? This is now working with root, but I need to allow other users to do batch-ftp'ing without being prompted for passwords..... Any ideas??

Thanks for the help guys!!!!!


FIX for first question - Created the keypair again, ftp'ed the file from server1 to server2, called it authorized_keys and then tried to sftp onto server2. Got a message that permissions of 644 is not tight enough, so I sorted that out.

 
Upvote 0 Downvote
Suppose you want user1 on host1 to have permissions to use ssh/sftp/scp without passwords as user2 on host2 then

[ol]
[li]on host1 as user1 use ssh-keygen to generate a key[/li]
[li]append the contents of id_rsa.pub from ~user1/.ssh on host1 to ~user2/.ssh/authorized_keys on host2[/li]
[/ol]
When you've finished authorized_keys should be a list of keys with
[ol]
[li]The key type - typically ssh-rsa[/li]
[li]The key - a long string of 'random' characters[/li]
[li]The key owner - in the example this will be user1@host1[/li]
[/ol]
Anyone with a key in authorized_keys can connect without using a password. Note that this includes root.

Ceci n'est pas une signature
Columb Healy
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mohamedazrin
  • Locked
  • Question
Need some help with extend the PP
Replies
1
Views
125
Andjey
Andjey
Loic SARRAZIN
  • Locked
  • Question
Authentication order with NIS / ypbind
Replies
0
Views
52
Loic SARRAZIN
Loic SARRAZIN
Luqy
  • Locked
  • Question
SEA re-create with single VSwitch
Replies
0
Views
48
Luqy
Luqy
amandeepgautam
  • Locked
  • Question
Create shared libs on AIX (with certain libs which are statically linked)
Replies
0
Views
51
amandeepgautam
amandeepgautam
amandeepgautam
  • Locked
  • Question
AIX problem creating package with mkinstallp
Replies
0
Views
46
amandeepgautam
amandeepgautam

Part and Inventory Search

Sponsor

Back
Top