Possible Duplicate:
Problem with shared ssh keysI have set up pub key authentication between two servers. Everything should work, but I am still asked for the password.
Here’s parts of my sshd config file, which I didn’t alter after setting up the system.
RSAAuthentication yesPubkeyAuthentication yesAuthorizedKeysFile %h/.ssh/authorized_keys
The authorized key file exists and everything. I’ve been doing this procedure with public keys on many machines and never had that problem.What would you suggest doing?
Debug output gives me the following:
debug1: identity file /root/.ssh/identity type -1debug3: Not a RSA1 key file /root/.ssh/id_rsa.debug2: key_type_from_name: unknown key type '-----BEGIN'debug3: key_read: missing keytypedebug3: key_read: missing whitespacedebug3: key_read: missing whitespace...debug2: key_type_from_name: unknown key type '-----END'debug3: key_read: missing keytypedebug1: identity file /root/.ssh/id_rsa type 1debug1: identity file /root/.ssh/id_dsa type -1debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH*debug1: Enabling compatibility mode for protocol 2.0debug1: Local version string SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1.2debug2: fd 3 setting O_NONBLOCKdebug1: SSH2_MSG_KEXINIT sentdebug1: SSH2_MSG_KEXINIT receiveddebug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1debug2: kex_parse_kexinit: ssh-rsa,ssh-dssdebug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctrdebug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctrdebug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96debug2: kex_parse_kexinit: none,zlib@openssh.com,zlibdebug2: kex_parse_kexinit: none,zlib@openssh.com,zlibdebug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1debug2: kex_parse_kexinit: ssh-rsa,ssh-dssdebug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctrdebug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctrdebug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96debug2: kex_parse_kexinit: none,zlib@openssh.comdebug2: kex_parse_kexinit: none,zlib@openssh.comdebug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5debug1: kex: server->client aes128-cbc hmac-md5 nonedebug2: mac_setup: found hmac-md5debug1: kex: client->server aes128-cbc hmac-md5 nonedebug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sentdebug1: expecting SSH2_MSG_KEX_DH_GEX_GROUPdebug2: dh_gen_key: priv key bits set: 126/256debug2: bits set: 529/1024debug1: SSH2_MSG_KEX_DH_GEX_INIT sentdebug1: expecting SSH2_MSG_KEX_DH_GEX_REPLYdebug3: check_host_in_hostfile: filename /root/.ssh/known_hostsdebug3: check_host_in_hostfile: match line 4debug1: Host '...' is known and matches the RSA host key.debug1: Found key in /root/.ssh/known_hosts:4debug2: bits set: 481/1024debug1: ssh_rsa_verify: signature correctdebug2: kex_derive_keysdebug2: set_newkeys: mode 1debug1: SSH2_MSG_NEWKEYS sentdebug1: expecting SSH2_MSG_NEWKEYSdebug2: set_newkeys: mode 0debug1: SSH2_MSG_NEWKEYS receiveddebug1: SSH2_MSG_SERVICE_REQUEST sentdebug2: service_accept: ssh-userauthdebug1: SSH2_MSG_SERVICE_ACCEPT receiveddebug2: key: /root/.ssh/identity ((nil))debug2: key: /root/.ssh/id_rsa (0xb7fef588)debug2: key: /root/.ssh/id_dsa ((nil))debug1: Authentications that can continue: publickey,passworddebug3: start over, passed a different list publickey,passworddebug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,passworddebug3: authmethod_lookup publickeydebug3: remaining preferred: keyboard-interactive,passworddebug3: authmethod_is_enabled publickeydebug1: Next authentication method: publickeydebug1: Trying private key: /root/.ssh/identitydebug3: no such identity: /root/.ssh/identitydebug1: Offering public key: /root/.ssh/id_rsadebug3: send_pubkey_testdebug2: we sent a publickey packet, wait for replydebug1: Authentications that can continue: publickey,passworddebug1: Trying private key: /root/.ssh/id_dsadebug3: no such identity: /root/.ssh/id_dsadebug2: we did not send a packet, disable methoddebug3: authmethod_lookup passworddebug3: remaining preferred: ,passworddebug3: authmethod_is_enabled passworddebug1: Next authentication method: password
Edit: My private key file looks something like:
-----BEGIN RSA PRIVATE KEY-----key goes here-----END RSA PRIVATE KEY-----
I generated it using
ssh-keygen -t rsa
. My client and server versions are:OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007 (client)OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007 (server)
This is the directory structure on the client:
root@xxx:~/.ssh# ls -lhatotal 20Kdrwx------ 2 root root 4.0K 2010-10-19 18:00 .drwxr-xr-x 8 root root 4.0K 2010-10-17 00:01 ..-rw------- 1 root root 1.7K 2010-10-19 18:51 id_rsa-rw-r--r-- 1 root root 393 2010-10-19 18:51 id_rsa.pub-rw-r--r-- 1 root root 1.6K 2010-10-19 18:02 known_hosts
And this is on the server:
...:/home/xxx/.ssh# ls -lhatotal 12Kdrwx------ 2 dreisadmin dreisadmin 4.0K 2010-10-19 18:07 .drwxrwxr-x 5 dreisadmin dreisadmin 4.0K 2010-10-19 18:58 ..-rw------- 1 dreisadmin dreisadmin 393 2010-10-19 19:33 authorized_keys
Solution:
Make sure that ~/.ssh
is set 0700 and that ~/.ssh/authorized_keys
is set 0600.