SSH with RSA/DSA keys

[theYinYeti]

Hi,

 

I want to use SSH with keys, and without a passphrase for a start; when that will work, I'll consider using one along with ssh-agent. All instructions found on internet agree on the method, which is in short:

$ ssh-keygen -t dsa
$ cat ~/.ssh/id_dsa.pub | ssh me@remote "cat - >> ~/.ssh/authorized_keys"
$ ssh me@remote "chmod -R go= ~/.ssh"

Yet I'm still asked for a password when I try and login to the remote server.

 

Yves.

[paul]

this any use?

http://www.gentoo.org/proj/en/keychain/index.xml

[jboy]

$ cat ~/.ssh/id_dsa.pub | ssh me@remote "cat - >> ~/.ssh/authorized_keys"

$ ssh me@remote "chmod -R go= ~/.ssh"[/code]

Yet I'm still asked for a password when I try and login to the remote server.

This is a possiblity:

 

Check sshd_config on the server and remove the line "PubkeyAuthentication no" if it exists then restart sshd.

 

That tip is from http://www.linuxquestions.org/questions/answers/79

[theYinYeti]

I'll have to try. Thanks :)

[theYinYeti]

jboy, it seems I already have things as they should be... here is what I have:

sedentaire.local$ grep '^[^#]' /etc/ssh/sshd_config

Protocol 2,1

HostKey /etc/ssh/ssh_host_key

HostKey /etc/ssh/ssh_host_rsa_key

HostKey /etc/ssh/ssh_host_dsa_key

PermitRootLogin yes

RSAAuthentication yes

PubkeyAuthentication yes

AuthorizedKeysFile      ~/.ssh/authorized_keys

RhostsAuthentication no

IgnoreRhosts yes

IgnoreUserKnownHosts yes

X11Forwarding yes

UsePrivilegeSeparation yes

Compression yes

Subsystem      sftp    /usr/lib/ssh/sftp-server

sedentaire.local$ ls -la ~/.ssh

total 24

drwx------  2 yves root 4096 sep  3 15:07 ./

drwxrwx--x  83 yves root 4096 sep  3 15:06 ../

-rw-------  1 yves root  231 sep  3 15:09 authorized_keys

-rw-------  1 yves root  883 sep  3 15:07 id_rsa

-rw-r-----  1 yves root  231 sep  3 15:07 id_rsa.pub

-rw-------  1 yves root  681 sep  3 15:06 known_hosts

sedentaire.local$ ssh -v sedentaire.local

OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug1: Connecting to sedentaire.local [127.0.0.1] port 22.

debug1: Connection established.

debug1: identity file /local/home/yves/.ssh/identity type -1

debug1: identity file /local/home/yves/.ssh/id_rsa type 1

debug1: identity file /local/home/yves/.ssh/id_dsa type -1

debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1

debug1: match: OpenSSH_3.9p1 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_3.9p1

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-cbc hmac-md5 none

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Host 'sedentaire.local' is known and matches the RSA host key.

debug1: Found key in /local/home/yves/.ssh/known_hosts:3

debug1: ssh_rsa_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,password,keyboard-interactive

debug1: Next authentication method: publickey

debug1: Trying private key: /local/home/yves/.ssh/identity

debug1: Offering public key: /local/home/yves/.ssh/id_rsa

debug1: Authentications that can continue: publickey,password,keyboard-interactive

debug1: Trying private key: /local/home/yves/.ssh/id_dsa

debug1: Next authentication method: keyboard-interactive

debug1: Authentications that can continue: publickey,password,keyboard-interactive

debug1: Next authentication method: password

yves@sedentaire.local's password:

 

paul, I'm reading your URL :)

 

Yves.

[jboy]

My debug messages are similar to yours up through:

 

debug1: Offering public key: /local/home/yves/.ssh/id_rsa

But then, instead of getting this following line:

debug1: Authentications that can continue: publickey,password,keyboard-interactive

here's my output:

 

debug1: Offering public key: /home/jboy/.ssh/id_dsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-dss blen 433
debug2: input_userauth_pk_ok:
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 0
debug2: channel 0: request shell confirm 0
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 131072
<... received login prompt  ...>

So I don't know what could be wrong. I'm also not using ssh-agent so no passphrase is involved.

 

I used this reference to set up the ssh keys: http://www.linuxquestions.org/questions/an...ticle&artid=288

 

The procedures you used look functionally equivalent. I've used the same procedure on 4 different distros and can connect on all of them, so I'm stumped as to what could be the problem.

 

If I think of anything else that might be helpful, I'll post a new message.

[jboy]

I want to use SSH with keys, and without a passphrase for a start; when that will work, I'll consider using one along with ssh-agent. All instructions found on internet agree on the method, which is in short:

$ ssh-keygen -t dsa
$ cat ~/.ssh/id_dsa.pub | ssh me@remote "cat - >> ~/.ssh/authorized_keys"
$ ssh me@remote "chmod -R go= ~/.ssh"

Yet I'm still asked for a password when I try and login to the remote server.

Yves, I think I found the problem. Copy the id_dsa.pub key into the authorized_keys2 file on the remote server, NOT authorized_keys.

 

Thus the line in your original post above needs to be:

 

$ cat ~/.ssh/id_dsa.pub | ssh me@remote "cat - >> ~/.ssh/authorized_keys2"

 

I found this out when I tried to setup ssh using public key authentication into a new 2006 install. When I copied the id_dsa.pub key into authorized_keys it didn't work, but when I copied it into authorized_keys2, then it began working. I guess this has to do with SSH Protocol Version 2 being used.

 

I hope this works for you.

Edited September 19, 2005 by jboy

[theYinYeti]

Still no luck :(

 

I thank you very much jboy, for looking into this matter, and thinking about warning me.

It's too bad it does not work, but it was worth trying :)

 

I changed my Mdv2005 sshd_config and ssh_config files to reflect those of my Debian 3.1. I can ssh localhost on Debian without giving the password, yet I can't on Mdv2005 :o

 

I'll try again when I have upgraded to 2006...

 

Yves.