Jorge D. sez:
> Hi,
> I am trying to implement passwordless scp between two Solaris 8
> servers. Strangely enough, I can get it to work from serverA to serverB
> but it does not work in the other direction (from serverB to serverA I
> get a password prompt ) despite the fact that I follow the same steps
> to create the public key on both servers.

Running sshd with debugging on usually helps with this kind of problems.

Dima
--
All whitespace is equivalent except in certain situations
-- ANSI C standard committee

Jorge D. wrote:
> Hi,
> I am trying to implement passwordless scp between two Solaris 8
> servers. Strangely enough, I can get it to work from serverA to serverB
> but it does not work in the other direction (from serverB to serverA I
> get a password prompt ) despite the fact that I follow the same steps
> to create the public key on both servers.
> Below is what I did to create the public keys.
>
> Server A
> mkdir .ssh
> chmod 700 .ssh
> cd .ssh
> ssh-keygen -t rsa
> scp id_rsa.pub joe@serverB:rsa_pubkey_a.tmp
>
> Server B
> mkdir .ssh
> chmod 700 .ssh
> cd .ssh
> cat ~/rsa_pubkey_a.tmp > authorized_keys
> chmod 600 authorized_keys
> ssh-keygen -t rsa
> scp id_rsa.pub joe@serverA:rsa_pubkey_b.tmp
>
> Server A
> cd .ssh
> cat ~/rsa_pubkey_b.tmp > authorized_keys
> chmod 600 authorized_keys
>
> Please help! I have been trying to figure this out for a couple of
> days. I have also attached part of the debug messages.
>
> debug1: Host 'serverA' is known and matches the RSA host key.
> debug1: Found key in /usr/joe/.ssh/known_hosts:1
> debug2: bits set: 528/1024
> debug1: ssh_rsa_verify: signature correct
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug2: key: /usr/joe/.ssh/id_rsa (6e678)
> debug2: key: /usr/joe/.ssh/id_dsa (0)
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: Next authentication method: publickey
> debug1: Offering public key: /usr/joe/.ssh/id_rsa
> debug2: we sent a publickey packet, wait for reply
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: Trying private key: /usr/joe/.ssh/id_dsa
> debug2: we did not send a packet, disable method
> debug1: Next authentication method: keyboard-interactive
> debug2: userauth_kbdint
> debug2: we sent a keyboard-interactive packet, wait for reply
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug2: we did not send a packet, disable method
> debug1: Next authentication method: password
>
>
> Thank you in advance!
> Jorge
>

You shouldn't need to generate two sets of keys for the same user. Just
do it once and copy the files to both of the servers. Make sure both
servers' authorized_keys files contain the user's public key. Also, I
highly recommend passphrase protecting the private key and using
ssh-agent to cache it.

--
To reply by email remove "_nospam"

Dear Jorge,

Jorge D. wrote:
> Hi,
> I am trying to implement passwordless scp between two Solaris 8
> servers. Strangely enough, I can get it to work from serverA to serverB
> but it does not work in the other direction (from serverB to serverA I
> get a password prompt ) despite the fact that I follow the same steps
> to create the public key on both servers.
> Below is what I did to create the public keys.
>
> Server A
> mkdir .ssh
> chmod 700 .ssh
> cd .ssh
> ssh-keygen -t rsa
> scp id_rsa.pub joe@serverB:rsa_pubkey_a.tmp
>
> Server B
> mkdir .ssh
> chmod 700 .ssh
> cd .ssh
> cat ~/rsa_pubkey_a.tmp > authorized_keys
> chmod 600 authorized_keys
> ssh-keygen -t rsa
> scp id_rsa.pub joe@serverA:rsa_pubkey_b.tmp
>
> Server A
> cd .ssh
> cat ~/rsa_pubkey_b.tmp > authorized_keys
> chmod 600 authorized_keys
>
> Please help! I have been trying to figure this out for a couple of
> days. I have also attached part of the debug messages.
>
> debug1: Host 'serverA' is known and matches the RSA host key.
> debug1: Found key in /usr/joe/.ssh/known_hosts:1
> debug2: bits set: 528/1024
> debug1: ssh_rsa_verify: signature correct
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug2: key: /usr/joe/.ssh/id_rsa (6e678)
> debug2: key: /usr/joe/.ssh/id_dsa (0)
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: Next authentication method: publickey
> debug1: Offering public key: /usr/joe/.ssh/id_rsa
> debug2: we sent a publickey packet, wait for reply
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: Trying private key: /usr/joe/.ssh/id_dsa
> debug2: we did not send a packet, disable method
> debug1: Next authentication method: keyboard-interactive
> debug2: userauth_kbdint
> debug2: we sent a keyboard-interactive packet, wait for reply
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug2: we did not send a packet, disable method
> debug1: Next authentication method: password
>
>
> Thank you in advance!
> Jorge
>

on the server B run as root:
/usr/sbin/sshd -p 20022 -D

on the server A run as user "joe":
ssh -i ~/.ssh/id_rsa -p 20022 -v -v -v joe@serverB


Claudiu