SSH asking for password when it shouldnt - SCO

This is a discussion on SSH asking for password when it shouldnt - SCO ; Here is the debug output that i get when i do ssh and try to login into a remote server: OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: SSH asking for password when it shouldnt

  1. SSH asking for password when it shouldnt

    Here is the debug output that i get when i do ssh and try to login into
    a remote server:

    OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to serv1.bahai.org [216.236.139.18] port 22.
    debug1: Connection established.
    debug3: Not a RSA1 key file /home/thecoolone/.ssh/id_rsa.
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug3: key_read: missing keytype
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug2: key_type_from_name: unknown key type '-----END'
    debug3: key_read: missing keytype
    debug1: identity file /home/thecoolone/.ssh/id_rsa type 1
    debug1: Remote protocol version 1.99, remote software version
    OpenSSH_3.1p1
    debug1: match: OpenSSH_3.1p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_3.9p1
    debug2: fd 3 setting O_NONBLOCK
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit:
    diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit:
    diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_init: found hmac-md5
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug2: mac_init: found hmac-md5
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug2: dh_gen_key: priv key bits set: 122/256
    debug2: bits set: 488/1024
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug3: check_host_in_hostfile: filename
    /home/thecoolone/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 1
    debug3: check_host_in_hostfile: filename
    /home/thecoolone/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 1
    debug1: Host 'serv1.bahai.org' is known and matches the RSA host key.
    debug1: Found key in /home/thecoolone/.ssh/known_hosts:1
    debug2: bits set: 511/1024
    debug1: ssh_rsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /home/thecoolone/.ssh/id_rsa (0x82c2ee8)
    debug1: Authentications that can continue:
    publickey,password,keyboard-interactive
    debug3: start over, passed a different list
    publickey,password,keyboard-interactive
    debug3: preferred
    gssapi-with-mic,publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Offering public key: /home/thecoolone/.ssh/id_rsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue:
    publickey,password,keyboard-interactive
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup keyboard-interactive
    debug3: remaining preferred: password
    debug3: authmethod_is_enabled keyboard-interactive
    debug1: Next authentication method: keyboard-interactive
    debug2: userauth_kbdint
    debug2: we sent a keyboard-interactive packet, wait for reply
    debug1: Authentications that can continue:
    publickey,password,keyboard-interactive
    debug3: userauth_kbdint: disable: no info_req_seen
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup password
    debug3: remaining preferred:
    debug3: authmethod_is_enabled password
    debug1: Next authentication method: password


    I have checked for the permissions of $HOME it is 755 and $HOME/.ssh is
    700
    drwxr-xr-x 4 thecoolone thecoolone 4096 Dec 1 03:53 thecoolone
    drwx------ 2 thecoolone thecoolone 4096 Dec 1 03:36 .ssh
    -rw-r--r-- 1 thecoolone thecoolone 232 Apr 9 2006 id_rsa.pub


    On debug3: is is saying "Not a RSA1 key file
    /home/thecoolone/.ssh/id_rsa."
    and then later "debug1: identity file /home/thecoolone/.ssh/id_rsa type
    1"

    I am not understanding that why are first it says not RSA and then
    recognises it as type 1?
    Does anyone have a clue on how to make ssh work with passphrase. I will
    be using it from a cron job later.


  2. Re: SSH asking for password when it shouldnt

    Here is the debug output that i get when i do ssh and try to login into
    a remote server:

    OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to serv1.bahai.org [216.236.139.18] port 22.
    debug1: Connection established.
    debug3: Not a RSA1 key file /home/thecoolone/.ssh/id_rsa.
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug3: key_read: missing keytype
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug2: key_type_from_name: unknown key type '-----END'
    debug3: key_read: missing keytype
    debug1: identity file /home/thecoolone/.ssh/id_rsa type 1
    debug1: Remote protocol version 1.99, remote software version
    OpenSSH_3.1p1
    debug1: match: OpenSSH_3.1p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_3.9p1
    debug2: fd 3 setting O_NONBLOCK
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit:
    diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-...@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-...@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit:
    diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_init: found hmac-md5
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug2: mac_init: found hmac-md5
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug2: dh_gen_key: priv key bits set: 122/256
    debug2: bits set: 488/1024
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug3: check_host_in_hostfile: filename
    /home/thecoolone/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 1
    debug3: check_host_in_hostfile: filename
    /home/thecoolone/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 1
    debug1: Host 'serv1.bahai.org' is known and matches the RSA host key.
    debug1: Found key in /home/thecoolone/.ssh/known_hosts:1
    debug2: bits set: 511/1024
    debug1: ssh_rsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /home/thecoolone/.ssh/id_rsa (0x82c2ee8)
    debug1: Authentications that can continue:
    publickey,password,keyboard-interactive
    debug3: start over, passed a different list
    publickey,password,keyboard-interactive
    debug3: preferred
    gssapi-with-mic,publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Offering public key: /home/thecoolone/.ssh/id_rsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue:
    publickey,password,keyboard-interactive
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup keyboard-interactive
    debug3: remaining preferred: password
    debug3: authmethod_is_enabled keyboard-interactive
    debug1: Next authentication method: keyboard-interactive
    debug2: userauth_kbdint
    debug2: we sent a keyboard-interactive packet, wait for reply
    debug1: Authentications that can continue:
    publickey,password,keyboard-interactive
    debug3: userauth_kbdint: disable: no info_req_seen
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup password
    debug3: remaining preferred:
    debug3: authmethod_is_enabled password
    debug1: Next authentication method: password

    I have checked for the permissions of $HOME it is 755 and $HOME/.ssh is
    700
    drwxr-xr-x 4 thecoolone thecoolone 4096 Dec 1 03:53 thecoolone
    drwx------ 2 thecoolone thecoolone 4096 Dec 1 03:36 .ssh
    -rw-r--r-- 1 thecoolone thecoolone 232 Apr 9 2006 id_rsa.pub

    On debug3: is is saying "Not a RSA1 key file
    /home/thecoolone/.ssh/id_rsa."
    and then later "debug1: identity file /home/thecoolone/.ssh/id_rsa type
    1"

    I am not understanding that why at first it says not an RSA type and
    then
    recognises it as type 1?
    Does anyone have a clue on how to make ssh work with passphrase. It was
    working before i tried to make a new crontab for another account and
    now i am reverting back to the old crontab and ssh is asking password.

    Why is the old crontab not working any more?


  3. Re: SSH asking for password when it shouldnt

    thecoolone wrote:
    > Here is the debug output that i get when i do ssh and try to login into
    > a remote server:


    Ignore this bit:
    > debug3: Not a RSA1 key file /home/thecoolone/.ssh/id_rsa.
    > debug2: key_type_from_name: unknown key type '-----BEGIN'


    What the client can offer:
    > debug2: key: /home/thecoolone/.ssh/id_rsa (0x82c2ee8)
    > debug1: Authentications that can continue: publickey,password,keyboard-interactive


    What the server can accept:
    > debug3: start over, passed a different list
    > publickey,password,keyboard-interactive
    > debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password


    Resulting intersection of authentication methods:
    > debug3: authmethod_lookup publickey
    > debug3: remaining preferred: keyboard-interactive,password
    > debug3: authmethod_is_enabled publickey


    First possibility (from the ordered list):
    > debug1: Next authentication method: publickey
    > debug1: Offering public key: /home/thecoolone/.ssh/id_rsa
    > debug3: send_pubkey_test
    > debug2: we sent a publickey packet, wait for reply
    > debug1: Authentications that can continue: publickey,password,keyboard-interactive
    > debug2: we did not send a packet, disable method


    Didn't work, so strip it from the list and try the next option
    > debug3: authmethod_lookup keyboard-interactive
    > debug3: remaining preferred: password
    > debug3: authmethod_is_enabled keyboard-interactive


    Second possibility is keyboard-interactive, i.e. a password. So your
    public/private key authentication has failed


    > I have checked for the permissions of $HOME it is 755 and $HOME/.ssh is
    > 700
    > drwxr-xr-x 4 thecoolone thecoolone 4096 Dec 1 03:53 thecoolone
    > drwx------ 2 thecoolone thecoolone 4096 Dec 1 03:36 .ssh
    > -rw-r--r-- 1 thecoolone thecoolone 232 Apr 9 2006 id_rsa.pub


    1. You do have a "id_rsa" file corresponding to "id_rsa.pub" on the
    local client? Permissions 600 (or 400).

    2. You have copied your id_rsa.pub file to the remote host's .ssh
    directory haven't you? Permissions 644, 600, or 400.

    Chris

  4. Re: SSH asking for password when it shouldnt

    Followups changed to comp.security.ssh.

    In comp.security.ssh thecoolone wrote:
    > Here is the debug output that i get when i do ssh and try to login into
    > a remote server:


    The SSH (client) side debug is not always able to tell you much. The
    server isn't going to tell you why you can't log in.

    Running the server in dbeug mode is much more likely to give useful
    information.

    > On debug3: is is saying "Not a RSA1 key file
    > /home/thecoolone/.ssh/id_rsa."
    > and then later "debug1: identity file /home/thecoolone/.ssh/id_rsa type
    > 1"


    > I am not understanding that why at first it says not an RSA type and
    > then
    > recognises it as type 1?


    Because RSA1 is not the same as rsa type 1. This is just a debug
    statement and doesn't show anything useful for your situation.

    I'd recommend running the server in debug when you try to log in.
    That's the side that understands any issues.

    --
    Darren Dunham ddunham@taos.com
    Senior Technical Consultant TAOS http://www.taos.com/
    Got some Dr Pepper? San Francisco, CA bay area
    < This line left intentionally blank to confuse you. >

+ Reply to Thread