Frazzled on id_dsa.pub logins (long post with ssh -vvv)
Cameron Simpson
cs at zip.com.au
Fri Mar 31 04:09:49 UTC 2006
On 30Mar2006 17:36, Michael Johnson <mjohnson at coderyte.com> wrote:
| To be clear, I've done this stuff before, but I can't seem to figure
| out why it isn't working right now.
|
| My situation is this:
|
| I have a machine I want to use as an rsync backup master. That
| machine needs to use rsync through ssh to get to the remote
| machines. All the machines are on an internal network (10.x.x.x).
| I've created, as root, a dsa keypair using:
[...]
| Then I ssh to the remote machine as root and do:
| # cat /tmp/id_dsa.pub >> /root/.ssh/authorized_keys
|
| I checked the md5sum on the authorized_keys file on the remote
| machine (there's only this entry) and the id_dsa.pub on the first
| machine. They're identical files.
|
| Back on the first machine, I try to ssh -vvv as root (warning...long
| list of stuff coming):
|
| # ssh -vvv root at 10.100.244.32
[...]
| debug1: identity file /root/.ssh/id_rsa type -1
| debug3: Not a RSA1 key file /root/.ssh/id_dsa.
| debug2: key_type_from_name: unknown key type '-----BEGIN'
| debug3: key_read: missing keytype
[...]
This seems nasty. I would say your local /root/.ssh/id_dsa key is
busted. You did install it? Your ssh-keygen took place in /tmp,
so we should check.
| debug1: identity file /root/.ssh/id_dsa type 2
[...]
| debug1: Authentications that can continue:
| publickey,password,keyboard-interactive
| debug3: start over, passed a different list
| publickey,password,keyboard-interactive
| debug3: preferred publickey,keyboard-interactive,password
| debug3: authmethod_lookup publickey
| debug3: remaining preferred: keyboard-interactive,password
| debug3: authmethod_is_enabled publickey
| debug3: no such identity: /root/.ssh/id_rsa
| debug1: Offering public key: /root/.ssh/id_dsa
| debug3: send_pubkey_test
| debug2: we sent a publickey packet, wait for reply
| debug1: Authentications that can continue:
| publickey,password,keyboard-interactive
| debug2: we did not send a packet, disable method
| debug3: authmethod_lookup keyboard-interactive
| debug3: remaining preferred: password
[...]
| I can connect to other machines using the same id_dsa.pub file. I'm
| guessing there's something in my configuration on the other machine
| which is causing this to fail. Thoughts??
Well, check locally first (though if it's working for other remote
machines I doubt anything is wrong). It is possible that root has
more that one key (id_dsa and maybe another?) and the other key is
getting you into the other machines. Unlikely...
| OpenSSH 3.6.1p2 on RHEL AS3. On the remote machine I have this log
| entry:
| authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
| rhost=machine.domain.tld user=root
This is from /var/log/secure?
I'd check:
/root
No public or group write perms on /root, /root/.ssh or the
authorized_keys file.
/etc/ssh/sshd_config
PermitRootLogin Yes
and root in AllowUsers (if there is an AllowUsers line).
Run a "tail -f /var/log/secure" on the remote machine and watch it while
you do a fresh ssh from the local machine. It can be informative.
Cheers,
--
Cameron Simpson <cs at zip.com.au> DoD#743
http://www.cskk.ezoshosting.com/cs/
What's the best platform that Windows NT runs on?
A Kodak carosel slide projector. - Dvorak
More information about the redhat-list
mailing list