Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SSH Keys

Status
Not open for further replies.

felix001

Technical User
Nov 15, 2008
102
GB
Im trying to use ssh keys to connect from RHEL5 to a Solaris 10 x86 box....

Ive created the keys but it doesnt seem to reconise them and i get a number of errors within the ssh -v output. Im wondering if this could be down to the difference in SSH versions... (open ssh and sun ssh)...

Heres the output when trying to connect to the Solaris Box...
Code:
OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.1.12 [192.168.1.12] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.1.12' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found

debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found

debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found

debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive

Has anyone any ideas.. ?

A+, N+, CCNA, CCSA, SNPA
- Keeping You in the Know
 
i dont have sshd on the solaris box.
But now im getting that it doesnt reconise my passhphrase.... ??

Code:
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/root/.ssh/id_rsa':



A+, N+, CCNA, CCSA, SNPA
- Keeping You in the Know
 
ive tried no passphrases but i still have issues.
There seems to be so many issues ....

with no passphrase it says that
Code:
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1

Can anyone help

A+, N+, CCNA, CCSA, SNPA
- Keeping You in the Know
 
You must have an sshd on the Solaris box... otherwise there would be nothing you could connect to. Often it is not in the usual path, perhaps in /usr/sbin? Try grep sshd /var/sadm/install/contents to locate it.

Annihilannic.
 
I tried to grep as you suggested but i couldnt find the wood from the tress... would the binary be named as sshd ??

Code:
# which sshd
no sshd in /usr/sbin /usr/bin

I have used a non root account to connect through to on the Solaris Box..

A+, N+, CCNA, CCSA, SNPA
- Keeping You in the Know
 
good stuff, but it doesnt seem to ive me any more info

Client
Code:
[Expert@FW2]# ssh -vvv -p 12342 rick@192.168.1.12
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.12 [192.168.1.12] port 12342.
debug1: connect to address 192.168.1.12 port 12342: Connection refused
ssh: connect to host 192.168.1.12 port 12342: Connection refused
[Expert@FW2]# ssh -vvv -p 12342 rick@192.168.1.12
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.12 [192.168.1.12] port 12342.
debug1: Connection established.
debug1: identity file /root/.ssh/identity type -1
debug3: Not a RSA1 key file /root/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: de-LU,en-GB,en-IE,fr,fr-BE,fr-FR,fr-LU,nl-BE,nl,nl-NL,i-default
debug2: kex_parse_kexinit: de-LU,en-GB,en-IE,fr,fr-BE,fr-FR,fr-LU,nl-BE,nl,nl-NL,i-default
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 127/256
debug2: bits set: 1649/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host '192.168.1.12' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug2: bits set: 1624/3191
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: start over, passed a different list gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug3: no such identity: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:



Server
Code:
# /usr/lib/ssh/sshd -p12342 -d
debug1: sshd version Sun_SSH_1.1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: Bind to port 12342 on ::.
Server listening on :: port 12342.
debug1: Server will not fork when running in debugging mode.
Connection from 192.168.1.107 port 39964
debug1: Client protocol version 2.0; client software version OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH_3.6*,OpenSSH_3.7*,OpenSSH_3.8*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: Peer sent proposed langtags, ctos:
debug1: Peer sent proposed langtags, stoc:
debug1: We proposed langtags, ctos: de-LU,en-GB,en-IE,fr,fr-BE,fr-FR,fr-LU,nl-BE,nl,nl-NL,i-default
debug1: We proposed langtags, stoc: de-LU,en-GB,en-IE,fr,fr-BE,fr-FR,fr-LU,nl-BE,nl,nl-NL,i-default
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 148/256
debug1: bits set: 1624/3191
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 1649/3191
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user rick service ssh-connection method none
debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
Failed none for rick from 192.168.1.107 port 39964 ssh2
debug1: userauth-request for user rick service ssh-connection method publickey
debug1: attempt 1 initial attempt 0 failures 1 initial failures 0
debug1: temporarily_use_uid: 100/1 (e=0/0)
debug1: trying public key file /export/home/rick/.ssh/authorized_keys
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 100/1 (e=0/0)
debug1: trying public key file /export/home/rick/.ssh/authorized_keys2
debug1: restore_uid: 0/0
Failed publickey for rick from 192.168.1.107 port 39964 ssh2
debug1: userauth-request for user rick service ssh-connection method keyboard-interactive
debug1: attempt 2 initial attempt 0 failures 2 initial failures 0
debug1: keyboard-interactive devs

A+, N+, CCNA, CCSA, SNPA
- Keeping You in the Know
 
If you compare it to a working system, you should see a difference:

Code:
...
debug1: trying public key file /home/username/.ssh/authorized_keys
debug1: matching key found: file /home/username/.ssh/authorized_keys, line 1
Found matching DSA key: ac:df:c3:91:03:3a:8a:5f:c7:5d:bc:a3:aa:9e:79:83
...

So it seems your authorized_keys file is either missing or does not contain the matching key.

Annihilannic.
 
strange I have created the public key (authorized_keys) file on the server under /export/home/[user]/.ssh/ with the permissions of 600.

On the end it has the user that I is on the client ... do i need this on the end ??

A+, N+, CCNA, CCSA, SNPA
- Keeping You in the Know
 
I don't know whether you definitely need that field, but you should leave it there so that the file contains the expected number of fields. This is just a record of who created the key and on what system. I believe I have modified it in the past without any ill effect.

The contents should be exactly those of the id_keytype.pub file that was created when you generated the key.

Where is the private key file on the client end? I notice you are doing it from root, should it not be "rick" at both ends? If the private key file belongs to "rick" then it won't be found when you run ssh as root.

Annihilannic.
 
im coming from root (admin) and going to either rick or test.
I put the private key in /root/.ssh/id_rsa as when i run through the ssh debug it said it was looking in that folder.

I was slightly confused with this as on my client admin is root you have ... /home/admin/ and /root/

Thanks for all your help..



A+, N+, CCNA, CCSA, SNPA
- Keeping You in the Know
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top