Frazzled on id_dsa.pub logins (long post with ssh -vvv)

Ian Marks imarks at comcast.net
Thu Mar 30 23:27:23 UTC 2006 

Are the permissions for the authorized_keys file on the remote host set 
to 600?

~Ian


Michael Johnson wrote:
> Hi gang
>
> To be clear, I've done this stuff before, but I can't seem to figure 
> out why it isn't working right now.
>
> My situation is this:
>
> I have a machine I want to use as an rsync backup master.  That 
> machine needs to use rsync through ssh to get to the remote machines.  
> All the machines are on an internal network (10.x.x.x).  I've created, 
> as root, a dsa keypair using:
>
> # ssh-keygen -t dsa
>
> This resulted in id_dsa and id_dsa.pub
>
> # ls -l .ssh
> total 12
> -rw------- 1 root root 1192 2006-03-30 15:47 id_dsa
> -rw-r--r-- 1 root root 1112 2006-03-30 15:47 id_dsa.pub
> -rw-r--r-- 1 root root 1890 2006-03-28 14:23 known_hosts
>
>
> I used scp to copy the .pub over to /tmp on the remote machine:
>
> # scp .ssh/id_dsa.pub root at remote:/tmp
>
> Then I ssh to the remote machine as root and do:
>
> # cat /tmp/id_dsa.pub >> /root/.ssh/authorized_keys
>
> I checked the md5sum on the authorized_keys file on the remote machine 
> (there's only this entry) and the id_dsa.pub on the first machine.  
> They're identical files.
>
> Back on the first machine, I try to ssh -vvv as root (warning...long 
> list of stuff coming):
>
> # ssh -vvv root at 10.100.244.32
> OpenSSH_4.2p1 Debian-7ubuntu1, OpenSSL 0.9.8a 11 Oct 2005
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to 10.100.244.32 [10.100.244.32] port 22.
> debug1: Connection established.
> debug1: permanently_set_uid: 0/0
> debug1: identity file /root/.ssh/id_rsa type -1
> debug3: Not a RSA1 key file /root/.ssh/id_dsa.
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug3: key_read: missing keytype
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug2: key_type_from_name: unknown key type '-----END'
> debug3: key_read: missing keytype
> debug1: identity file /root/.ssh/id_dsa type 2
> debug1: Remote protocol version 2.0, remote software version 
> OpenSSH_3.6.1p2
> debug1: match: OpenSSH_3.6.1p2 pat OpenSSH_3.*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_4.2p1 Debian-7ubuntu1
> debug2: fd 3 setting O_NONBLOCK
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit: 
> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
>
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit: 
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr 
>
> debug2: kex_parse_kexinit: 
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr 
>
> debug2: kex_parse_kexinit: 
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 
>
> debug2: kex_parse_kexinit: 
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 
>
> debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
> debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit: 
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit: 
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se 
>
> debug2: kex_parse_kexinit: 
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se 
>
> debug2: kex_parse_kexinit: 
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 
>
> debug2: kex_parse_kexinit: 
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 
>
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug2: dh_gen_key: priv key bits set: 129/256
> debug2: bits set: 529/1024
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 2
> debug1: Host '10.100.244.32' is known and matches the RSA host key.
> debug1: Found key in /root/.ssh/known_hosts:2
> debug2: bits set: 471/1024
> debug1: ssh_rsa_verify: signature correct
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug2: key: /root/.ssh/id_rsa ((nil))
> debug2: key: /root/.ssh/id_dsa (0x55c070)
> debug3: input_userauth_banner
>
> Banner test...a real one is coming soon...
>
> debug1: Authentications that can continue: 
> publickey,password,keyboard-interactive
> debug3: start over, passed a different list 
> publickey,password,keyboard-interactive
> debug3: preferred publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /root/.ssh/id_rsa
> debug3: no such identity: /root/.ssh/id_rsa
> debug1: Offering public key: /root/.ssh/id_dsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug1: Authentications that can continue: 
> publickey,password,keyboard-interactive
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup keyboard-interactive
> debug3: remaining preferred: password
> debug3: authmethod_is_enabled keyboard-interactive
> debug1: Next authentication method: keyboard-interactive
> debug2: userauth_kbdint
> debug2: we sent a keyboard-interactive packet, wait for reply
> debug1: Authentications that can continue: 
> publickey,password,keyboard-interactive
> debug3: userauth_kbdint: disable: no info_req_seen
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup password
> debug3: remaining preferred:
> debug3: authmethod_is_enabled password
> debug1: Next authentication method: password
> root at 10.100.244.32's password:
>
> I also tried using the A name of the machine and had the same output.
>
> Strangely enough, I could at one time connect using the id_dsa.pub as 
> a "regular" user.  However, in my futzing about, I've killed that 
> possibility as well.
>
> I can connect to other machines using the same id_dsa.pub file.  I'm 
> guessing there's something in my configuration on the other machine 
> which is causing this to fail.  Thoughts??
>
> OpenSSH 3.6.1p2 on RHEL AS3.  On the remote machine I have this log 
> entry:
>
> authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= 
> rhost=machine.domain.tld  user=root
>
>
> -Michael
> -- 
> ----------------------------------------------------------
> |   Michael Johnson          |   Sr. Systems Engineer     |
> |   mjohnson at coderyte.com    |   CodeRyte                 |
> |   +1-301-951-5315          |   http://www.coderyte.com/ |
> ----------------------------------------------------------
>
>
> --redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

More information about the redhat-list mailing list