OpenSSH passwordless scp not working - SSH

This is a discussion on OpenSSH passwordless scp not working - SSH ; Hi, I am trying to implement passwordless scp between two Solaris 8 servers. Strangely enough, I can get it to work from serverA to serverB but it does not work in the other direction (from serverB to serverA I get ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: OpenSSH passwordless scp not working

  1. OpenSSH passwordless scp not working

    Hi,
    I am trying to implement passwordless scp between two Solaris 8
    servers. Strangely enough, I can get it to work from serverA to serverB
    but it does not work in the other direction (from serverB to serverA I
    get a password prompt ) despite the fact that I follow the same steps
    to create the public key on both servers.
    Below is what I did to create the public keys.

    Server A
    mkdir .ssh
    chmod 700 .ssh
    cd .ssh
    ssh-keygen -t rsa
    scp id_rsa.pub joe@serverB:rsa_pubkey_a.tmp

    Server B
    mkdir .ssh
    chmod 700 .ssh
    cd .ssh
    cat ~/rsa_pubkey_a.tmp > authorized_keys
    chmod 600 authorized_keys
    ssh-keygen -t rsa
    scp id_rsa.pub joe@serverA:rsa_pubkey_b.tmp

    Server A
    cd .ssh
    cat ~/rsa_pubkey_b.tmp > authorized_keys
    chmod 600 authorized_keys

    Please help! I have been trying to figure this out for a couple of
    days. I have also attached part of the debug messages.

    debug1: Host 'serverA' is known and matches the RSA host key.
    debug1: Found key in /usr/joe/.ssh/known_hosts:1
    debug2: bits set: 528/1024
    debug1: ssh_rsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /usr/joe/.ssh/id_rsa (6e678)
    debug2: key: /usr/joe/.ssh/id_dsa (0)
    debug1: Authentications that can continue:
    publickey,password,keyboard-interactive
    debug1: Next authentication method: publickey
    debug1: Offering public key: /usr/joe/.ssh/id_rsa
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue:
    publickey,password,keyboard-interactive
    debug1: Trying private key: /usr/joe/.ssh/id_dsa
    debug2: we did not send a packet, disable method
    debug1: Next authentication method: keyboard-interactive
    debug2: userauth_kbdint
    debug2: we sent a keyboard-interactive packet, wait for reply
    debug1: Authentications that can continue:
    publickey,password,keyboard-interactive
    debug2: we did not send a packet, disable method
    debug1: Next authentication method: password


    Thank you in advance!
    Jorge


  2. Re: OpenSSH passwordless scp not working

    Jorge D. sez:
    > Hi,
    > I am trying to implement passwordless scp between two Solaris 8
    > servers. Strangely enough, I can get it to work from serverA to serverB
    > but it does not work in the other direction (from serverB to serverA I
    > get a password prompt ) despite the fact that I follow the same steps
    > to create the public key on both servers.


    Running sshd with debugging on usually helps with this kind of problems.

    Dima
    --
    All whitespace is equivalent except in certain situations
    -- ANSI C standard committee

  3. Re: OpenSSH passwordless scp not working

    Jorge D. wrote:
    > Hi,
    > I am trying to implement passwordless scp between two Solaris 8
    > servers. Strangely enough, I can get it to work from serverA to serverB
    > but it does not work in the other direction (from serverB to serverA I
    > get a password prompt ) despite the fact that I follow the same steps
    > to create the public key on both servers.
    > Below is what I did to create the public keys.
    >
    > Server A
    > mkdir .ssh
    > chmod 700 .ssh
    > cd .ssh
    > ssh-keygen -t rsa
    > scp id_rsa.pub joe@serverB:rsa_pubkey_a.tmp
    >
    > Server B
    > mkdir .ssh
    > chmod 700 .ssh
    > cd .ssh
    > cat ~/rsa_pubkey_a.tmp > authorized_keys
    > chmod 600 authorized_keys
    > ssh-keygen -t rsa
    > scp id_rsa.pub joe@serverA:rsa_pubkey_b.tmp
    >
    > Server A
    > cd .ssh
    > cat ~/rsa_pubkey_b.tmp > authorized_keys
    > chmod 600 authorized_keys
    >
    > Please help! I have been trying to figure this out for a couple of
    > days. I have also attached part of the debug messages.
    >
    > debug1: Host 'serverA' is known and matches the RSA host key.
    > debug1: Found key in /usr/joe/.ssh/known_hosts:1
    > debug2: bits set: 528/1024
    > debug1: ssh_rsa_verify: signature correct
    > debug2: kex_derive_keys
    > debug2: set_newkeys: mode 1
    > debug1: SSH2_MSG_NEWKEYS sent
    > debug1: expecting SSH2_MSG_NEWKEYS
    > debug2: set_newkeys: mode 0
    > debug1: SSH2_MSG_NEWKEYS received
    > debug1: SSH2_MSG_SERVICE_REQUEST sent
    > debug2: service_accept: ssh-userauth
    > debug1: SSH2_MSG_SERVICE_ACCEPT received
    > debug2: key: /usr/joe/.ssh/id_rsa (6e678)
    > debug2: key: /usr/joe/.ssh/id_dsa (0)
    > debug1: Authentications that can continue:
    > publickey,password,keyboard-interactive
    > debug1: Next authentication method: publickey
    > debug1: Offering public key: /usr/joe/.ssh/id_rsa
    > debug2: we sent a publickey packet, wait for reply
    > debug1: Authentications that can continue:
    > publickey,password,keyboard-interactive
    > debug1: Trying private key: /usr/joe/.ssh/id_dsa
    > debug2: we did not send a packet, disable method
    > debug1: Next authentication method: keyboard-interactive
    > debug2: userauth_kbdint
    > debug2: we sent a keyboard-interactive packet, wait for reply
    > debug1: Authentications that can continue:
    > publickey,password,keyboard-interactive
    > debug2: we did not send a packet, disable method
    > debug1: Next authentication method: password
    >
    >
    > Thank you in advance!
    > Jorge
    >


    You shouldn't need to generate two sets of keys for the same user. Just
    do it once and copy the files to both of the servers. Make sure both
    servers' authorized_keys files contain the user's public key. Also, I
    highly recommend passphrase protecting the private key and using
    ssh-agent to cache it.

    --
    To reply by email remove "_nospam"

  4. Re: OpenSSH passwordless scp not working

    Dear Jorge,

    Jorge D. wrote:
    > Hi,
    > I am trying to implement passwordless scp between two Solaris 8
    > servers. Strangely enough, I can get it to work from serverA to serverB
    > but it does not work in the other direction (from serverB to serverA I
    > get a password prompt ) despite the fact that I follow the same steps
    > to create the public key on both servers.
    > Below is what I did to create the public keys.
    >
    > Server A
    > mkdir .ssh
    > chmod 700 .ssh
    > cd .ssh
    > ssh-keygen -t rsa
    > scp id_rsa.pub joe@serverB:rsa_pubkey_a.tmp
    >
    > Server B
    > mkdir .ssh
    > chmod 700 .ssh
    > cd .ssh
    > cat ~/rsa_pubkey_a.tmp > authorized_keys
    > chmod 600 authorized_keys
    > ssh-keygen -t rsa
    > scp id_rsa.pub joe@serverA:rsa_pubkey_b.tmp
    >
    > Server A
    > cd .ssh
    > cat ~/rsa_pubkey_b.tmp > authorized_keys
    > chmod 600 authorized_keys
    >
    > Please help! I have been trying to figure this out for a couple of
    > days. I have also attached part of the debug messages.
    >
    > debug1: Host 'serverA' is known and matches the RSA host key.
    > debug1: Found key in /usr/joe/.ssh/known_hosts:1
    > debug2: bits set: 528/1024
    > debug1: ssh_rsa_verify: signature correct
    > debug2: kex_derive_keys
    > debug2: set_newkeys: mode 1
    > debug1: SSH2_MSG_NEWKEYS sent
    > debug1: expecting SSH2_MSG_NEWKEYS
    > debug2: set_newkeys: mode 0
    > debug1: SSH2_MSG_NEWKEYS received
    > debug1: SSH2_MSG_SERVICE_REQUEST sent
    > debug2: service_accept: ssh-userauth
    > debug1: SSH2_MSG_SERVICE_ACCEPT received
    > debug2: key: /usr/joe/.ssh/id_rsa (6e678)
    > debug2: key: /usr/joe/.ssh/id_dsa (0)
    > debug1: Authentications that can continue:
    > publickey,password,keyboard-interactive
    > debug1: Next authentication method: publickey
    > debug1: Offering public key: /usr/joe/.ssh/id_rsa
    > debug2: we sent a publickey packet, wait for reply
    > debug1: Authentications that can continue:
    > publickey,password,keyboard-interactive
    > debug1: Trying private key: /usr/joe/.ssh/id_dsa
    > debug2: we did not send a packet, disable method
    > debug1: Next authentication method: keyboard-interactive
    > debug2: userauth_kbdint
    > debug2: we sent a keyboard-interactive packet, wait for reply
    > debug1: Authentications that can continue:
    > publickey,password,keyboard-interactive
    > debug2: we did not send a packet, disable method
    > debug1: Next authentication method: password
    >
    >
    > Thank you in advance!
    > Jorge
    >


    on the server B run as root:
    /usr/sbin/sshd -p 20022 -D

    on the server A run as user "joe":
    ssh -i ~/.ssh/id_rsa -p 20022 -v -v -v joe@serverB


    Claudiu

+ Reply to Thread