SSH authentication via public keys on RH 9.0 1

[asanchez4]

Has anyone been able to get SSH authentication via public key on RedHat 9.0?

I have the standard RH 9.0 installation.

I used SSH client version 3.2.9 from a Windows machine. I created the keys, uploaded the public key to the server, and then try to connect via public keys.

I've verified that they public key files exist in ~/.ssh/ directory and that the sshd_config file is configured properly.

Each time that I try to connect, I get the error message "Server responded No further authentication methods available"

I have googled the error messages but have had no success on fixing the problem. Has anyone been able to get this to work?

thanks

 

[rburke]

On the Linux machine you have to add the public key(s) to a file called "authorized_keys" the easiest way to do that is to run the command "cat *.pub >> /path/to/authorized_keys" then the key is to make sure that you change the permission of authorized_keys to RW for owner only! Without that it will not be read. Run "chmod 600 authorized_keys" then the next time you try to connect if should work!

Let me know if you need more info.

Burke

 

[asanchez4]

I tried the authorized_keys method but still no success. Where does the authorized_keys file go?

This is exactly what I did.
I went to the /home/jed/.ssh2 directory and there was a file called "authorization" with an entry that pointed to a .pub file named jed_key.pub

From the .ssh2 directory I entered
"cat *.pub > authorized_keys"
"chmod 600 authorized_keys"

Then I restarted the ssh service.

When I try to reconnect using "public key" from the sshd client, I get the same error message.

Thanks again.

 

[flugh]

Try running the ssh client with a '-v' to add verbosity to error messages. May point out something you aren't seening otherwise.

Also, check permissions on the ~/.ssh directory (I _think_ they need to be 700). If the directory is world-readable or writeable, ssh will refuse to use it for security reasons (will be made apparent with '-v' option).

I had a similar problem some years ago, and after pulling my hair out for a while before finding and fixing the problem. Have never forgotten that hard-learned lesson ;-)

----
JBR

 

[asanchez4]

Thanks for the reply. I turned on verbose logging and get the following. Any ideas why it says that "Ssh2AuthPubKeyClient: Agent is not running."?

Also, any idea why it fails parsing the key file? I generated the key file using SSH client. The key file exists.

thanks again



C:\Documents and Settings\Jed>ssh2 192.168.0.105 -l jed -i UserKeys/key.pub -v
debug: Connecting to 192.168.0.105, port 22... (SOCKS not used)
debug: Ssh2Transport: My version: SSH-1.99-3.2.9 SSH Secure Shell Windows Client

debug: client supports 2 auth methods: 'publickey,password'
debug: Ssh2Common: local ip = 192.168.0.100, local port = 1334
debug: Ssh2Common: remote ip = 192.168.0.105, remote port = 22
debug: SshConnection: Wrapping...
debug: Remote version: SSH-1.99-OpenSSH_3.5p1
debug: OpenSSH: Major: 3 Minor: 5 Revision: 0
debug: Ssh2Transport: All versions of OpenSSH handle kex guesses incorrectly.
debug: Ssh2Transport: lang s to c: `', lang c to s: `'
debug: Ssh2Transport: c_to_s: cipher aes128-cbc, mac hmac-sha1, compression none

debug: Ssh2Transport: s_to_c: cipher aes128-cbc, mac hmac-sha1, compression none

debug: Remote host key found from database.
debug: Ssh2Common: Received SSH_CROSS_STARTUP packet from connection protocol.
debug: Ssh2Common: Received SSH_CROSS_ALGORITHMS packet from connection protocol
.
debug: server offers auth methods 'publickey,password,keyboard-interactive'.
debug: Ssh2AuthPubKeyClient: Starting pubkey auth...
debug: Ssh2AuthPubKeyClient: Agent is not running.
debug: Ssh2AuthPubKeyClient: Got 0 keys from the agent.
warning: C:/Documents and Settings/Jed/Application Data/SSH/UserKeys/key.pub: 3:
parsing line failed.
warning: C:/Documents and Settings/Jed/Application Data/SSH/UserKeys/key.pub: 4:
parsing line failed.
warning: C:/Documents and Settings/Jed/Application Data/SSH/UserKeys/key.pub: 5:
parsing line failed.
warning: C:/Documents and Settings/Jed/Application Data/SSH/UserKeys/key.pub: 6:
parsing line failed.
warning: C:/Documents and Settings/Jed/Application Data/SSH/UserKeys/key.pub: 7:
parsing line failed.
warning: C:/Documents and Settings/Jed/Application Data/SSH/UserKeys/key.pub: 8:
parsing line failed.
warning: C:/Documents and Settings/Jed/Application Data/SSH/UserKeys/key.pub: 9:
parsing line failed.
warning: C:/Documents and Settings/Jed/Application Data/SSH/UserKeys/key.pub: 10
: parsing line failed.
warning: C:/Documents and Settings/Jed/Application Data/SSH/UserKeys/key.pub: 11
: parsing line failed.
warning: C:/Documents and Settings/Jed/Application Data/SSH/UserKeys/key.pub: 12
: parsing line failed.
warning: C:/Documents and Settings/Jed/Application Data/SSH/UserKeys/key.pub: 13
: parsing line failed.
warning: C:/Documents and Settings/Jed/Application Data/SSH/UserKeys/key.pub: 14
: parsing line failed.
warning: C:/Documents and Settings/Jed/Application Data/SSH/UserKeys/key.pub: 15
: parsing line failed.
warning: C:/Documents and Settings/Jed/Application Data/SSH/UserKeys/key.pub: 16
: parsing line failed.
warning: C:/Documents and Settings/Jed/Application Data/SSH/UserKeys/key.pub: 17
: parsing line failed.
warning: C:/Documents and Settings/Jed/Application Data/SSH/UserKeys/key.pub: 18
: parsing line failed.
debug: Ssh2AuthPubKeyClient: Trying 0 key candidates.
debug: Ssh2AuthPubKeyClient: All keys declined by server, disabling method.
debug: Ssh2AuthClient: Method 'publickey' disabled.
debug: server offers auth methods 'publickey,password,keyboard-interactive'.
debug: Ssh2AuthPasswdClient: Starting password auth...
jed's password:

 

[flugh]

You generated these keys on a Windows box, sent them to a *nix box via ftp or something? Not sure where the breakage occurs, but I bet the problem is the key files have DOS line endings instead of *nix ones. On the *nix/server box, try running your key file through 'dos2unix'.

----
JBR

 

[asanchez4]

I tried the dos2unix method -- no luck. Any other suggestions out there?

thanks

 

[ambrogio]

I had exactly the same problem (only difference I had Debian Linux as server)... I tried everything, including editing the public key to remove line breaks, nothing worked. Have you same other suggestion? many thanks

 

[asanchez4]

I ended up using ssh instead of ssh2 and had no problems.

 

[ambrogio]

Thanks for the answer. Are you talking about the server side or the client side? I do not know how to force the SSH client to use protocol version 1 instead than 2 (I have the non commercial version of SSH 3.2.9). On the server side, I think that I should change the parameter "Protocol" in the sshd-config file, but this is possible only if you have root permission...
Thanks again

 

[asanchez4]

I didn't make any changes on the server side -- it is the default setup on Redhat 9.0.

I just use the ssh protocol from the commandline. I primarily use sftp from the commandline. These two clients are from Cygwin.

I use this for automated secure ftp.