Hosting Provided By

[beginner] Cannot get RSA authentication to work

From: <fmarchioni(at)libero.it>
Date: Fri Apr 04 2003 - 02:13:29 EST

Hi all,
I have installed OpenSSH version 3.4 on my Linux box (This version is included with Mandrake 9 disttribution). I'd like to do RSA authentication
without password. It's many days I try (I tried also with DSA) but nope... I can see that with...."PasswordAuthentication no" in sshd_config I get "Permission denied (publickey,keyboard-interactive)"

Somewhere in the newsgroup I have read to make the remote dir not world/group
writable...but also this doesn't help.

I include all the information I have hoping somebody will give me a help. Thanks a lot in advance
Linda

---------------------------ssd_config---------------------------------------

#Port 22

Protocol 2,1
#ListenAddress 0.0.0.0

# HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key

# Logging

# Authentication:

#LoginGraceTime 600

Do you need help?

RSAAuthentication yes
#PubkeyAuthentication yes

AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used

PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable s/key passwords

X11Forwarding yes
#X11DisplayOffset 10

X11DisplayOffset 10
#X11UseLocalhost yes
axStartups 10
# no default banner path

# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server

--
And this is the debug I get when I try to "scp" the public key in the remote dir
(remote pc is called "acer").

-
$ scp -v .ssh/identity.pub acer:/home/mike/.ssh

Executing: program /usr/bin/ssh host acer, user (unspecified), command scp -v -t /home/mike/.ssh
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f

debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be

trusted.

debug1: ssh_connect: needpriv 0
debug1: Connecting to acer [10.12.59.60] port 22.
debug1: Connection established.
debug1: identity file /home/linda/.ssh/identity type 0
debug1: identity file /home/linda/.ssh/id_rsa type -1
debug1: identity file /home/linda/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat OpenSSH*

Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_3.4p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 147/256
debug1: bits set: 1619/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'acer' is known and matches the RSA host key.
debug1: Found key in /home/linda/.ssh/known_hosts:1
debug1: bits set: 1552/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_

ebug1: newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /home/linda/.ssh/id_rsa
debug1: try pubkey: /home/linda/.ssh/id_dsa
Can we help you? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
debug1: authentications that can continue: publickey,keyboard-interactive
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue: publickey,keyboard-interactive
debug1: no more auth methods to try

Permission denied (publickey,keyboard-interactive). debug1: Calling cleanup 0x8068fc0(0x0)
lost connection Received on Fri Apr 4 12:37:21 2003

Do you need more help?

This message: [ Message body ]
Next message: Jeffery S. Malloch: "Password ssh between NT/win2k machines"
Previous message: Rahul Shinde: "Problem setting ssh session timeout"
In reply to Philip Le Riche: "Re: Cygwin and SSH"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:56 EDT