SFTP file upload issue - SSH

This is a discussion on SFTP file upload issue - SSH ; Hi, Here is what i have done so far, 'ssh-keygen -t dsa' on host 1 copied over the "id_dsa.pub" as "authorized_keys" at host2 trying to login using ssh/sftp from host1 to host2 without password, but the remote host2 asks for ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: SFTP file upload issue

  1. SFTP file upload issue

    Hi,
    Here is what i have done so far,

    'ssh-keygen -t dsa' on host 1


    copied over the "id_dsa.pub" as "authorized_keys" at host2


    trying to login using ssh/sftp from host1 to host2 without password,
    but the remote host2 asks for the password.
    Foll. is the log generated : (apparantly there is nothing relevant that

    tells why it has failed!)

    ================================================
    Connecting to host2...
    OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004
    debug1: Connecting to hos2 [123.45.67.89] port 22.
    debug1: Connection established.
    debug1: identity file $home/.ssh/id_rsa type -1
    debug1: identity file $home/.ssh/id_dsa type 2
    debug1: Remote protocol version 2.0, remote software version
    OpenSSH_3.9p1
    debug1: match: OpenSSH_3.9p1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_3.9p1
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'drpriskweb03' is known and matches the RSA host key.
    debug1: Found key in $home/.ssh/known_hosts:1
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue:
    publickey,password,keyboard-interacti
    debug1: Next authentication method: publickey
    debug1: Trying private key: $home/.ssh/id_rsa
    debug1: Offering public key: $home/.ssh/id_dsa
    debug1: Authentications that can continue:
    publickey,password,keyboard-interacti
    debug1: Next authentication method: keyboard-interactive
    debug1: Authentications that can continue:
    publickey,password,keyboard-interacti
    debug1: Next authentication method: password
    user1@host2's password:


  2. Re: SFTP file upload issue

    "umesh" writes:
    > Hi,
    > Here is what i have done so far,
    >
    > 'ssh-keygen -t dsa' on host 1
    >
    >
    > copied over the "id_dsa.pub" as "authorized_keys" at host2
    >
    >
    > trying to login using ssh/sftp from host1 to host2 without password,
    > but the remote host2 asks for the password.
    > Foll. is the log generated : (apparantly there is nothing relevant that
    >
    > tells why it has failed!)
    >
    > ================================================
    > Connecting to host2...
    > OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004
    > debug1: Connecting to hos2 [123.45.67.89] port 22.
    > debug1: Connection established.
    > debug1: identity file $home/.ssh/id_rsa type -1
    > debug1: identity file $home/.ssh/id_dsa type 2
    > debug1: Remote protocol version 2.0, remote software version
    > OpenSSH_3.9p1
    > debug1: match: OpenSSH_3.9p1 pat OpenSSH*
    > debug1: Enabling compatibility mode for protocol 2.0
    > debug1: Local version string SSH-2.0-OpenSSH_3.9p1
    > debug1: SSH2_MSG_KEXINIT sent
    > debug1: SSH2_MSG_KEXINIT received
    > debug1: kex: server->client aes128-cbc hmac-md5 none
    > debug1: kex: client->server aes128-cbc hmac-md5 none
    > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    > debug1: Host 'drpriskweb03' is known and matches the RSA host key.
    > debug1: Found key in $home/.ssh/known_hosts:1
    > debug1: ssh_rsa_verify: signature correct
    > debug1: SSH2_MSG_NEWKEYS sent
    > debug1: expecting SSH2_MSG_NEWKEYS
    > debug1: SSH2_MSG_NEWKEYS received
    > debug1: SSH2_MSG_SERVICE_REQUEST sent
    > debug1: SSH2_MSG_SERVICE_ACCEPT received
    > debug1: Authentications that can continue:
    > publickey,password,keyboard-interacti
    > debug1: Next authentication method: publickey
    > debug1: Trying private key: $home/.ssh/id_rsa
    > debug1: Offering public key: $home/.ssh/id_dsa


    Dunno if this is normal or not, but the two lines above are handy.

    What you haven't posted is what sshd on the remote server is pushing
    to its logs. That'll probably give you more clues. Perhaps the
    remote server isn't configured to accept publickey(?), or you have
    borked the file permissions on the key files. SSH won't use em if
    the file permissions aren't right. I think you'll find details in
    the man pages.


    --
    Todd H.
    http://www.toddh.net/

  3. Re: SFTP file upload issue

    Hello,

    file permission for $home\.ssh\authorized_keys is 644
    and direcotry permission for $home\.ssh is 777

    Here is my log after
    ssh -v -v user1@host2

    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: $home/.ssh/identity (0)
    debug2: key: $home/.ssh/id_rsa (0)
    debug2: key: $home/.ssh/id_dsa (82fd8)
    debug1: Authentications that can continue: publickey,password,keyboard-
    debug1: Next authentication method: publickey
    debug1: Trying private key: $home/.ssh/identity
    debug1: Trying private key: $home/.ssh/id_rsa
    debug1: Offering public key: $home/.ssh/id_dsa
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue: publickey,password,keyboard-
    debug2: we did not send a packet, disable method
    debug1: Next authentication method: keyboard-interactive
    debug2: userauth_kbdint
    debug2: we sent a keyboard-interactive packet, wait for reply
    debug1: Authentications that can continue: publickey,password,keyboard-
    debug2: we did not send a packet, disable method
    debug1: Next authentication method: password
    user1@host2's password:


    Umesh

    Todd H. wrote:
    > "umesh" writes:
    > > Hi,
    > > Here is what i have done so far,
    > >
    > > 'ssh-keygen -t dsa' on host 1
    > >
    > >
    > > copied over the "id_dsa.pub" as "authorized_keys" at host2
    > >
    > >
    > > trying to login using ssh/sftp from host1 to host2 without password,
    > > but the remote host2 asks for the password.
    > > Foll. is the log generated : (apparantly there is nothing relevant that
    > >
    > > tells why it has failed!)
    > >
    > > ================================================
    > > Connecting to host2...
    > > OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004
    > > debug1: Connecting to hos2 [123.45.67.89] port 22.
    > > debug1: Connection established.
    > > debug1: identity file $home/.ssh/id_rsa type -1
    > > debug1: identity file $home/.ssh/id_dsa type 2
    > > debug1: Remote protocol version 2.0, remote software version
    > > OpenSSH_3.9p1
    > > debug1: match: OpenSSH_3.9p1 pat OpenSSH*
    > > debug1: Enabling compatibility mode for protocol 2.0
    > > debug1: Local version string SSH-2.0-OpenSSH_3.9p1
    > > debug1: SSH2_MSG_KEXINIT sent
    > > debug1: SSH2_MSG_KEXINIT received
    > > debug1: kex: server->client aes128-cbc hmac-md5 none
    > > debug1: kex: client->server aes128-cbc hmac-md5 none
    > > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    > > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    > > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    > > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    > > debug1: Host 'drpriskweb03' is known and matches the RSA host key.
    > > debug1: Found key in $home/.ssh/known_hosts:1
    > > debug1: ssh_rsa_verify: signature correct
    > > debug1: SSH2_MSG_NEWKEYS sent
    > > debug1: expecting SSH2_MSG_NEWKEYS
    > > debug1: SSH2_MSG_NEWKEYS received
    > > debug1: SSH2_MSG_SERVICE_REQUEST sent
    > > debug1: SSH2_MSG_SERVICE_ACCEPT received
    > > debug1: Authentications that can continue:
    > > publickey,password,keyboard-interacti
    > > debug1: Next authentication method: publickey
    > > debug1: Trying private key: $home/.ssh/id_rsa
    > > debug1: Offering public key: $home/.ssh/id_dsa

    >
    > Dunno if this is normal or not, but the two lines above are handy.
    >
    > What you haven't posted is what sshd on the remote server is pushing
    > to its logs. That'll probably give you more clues. Perhaps the
    > remote server isn't configured to accept publickey(?), or you have
    > borked the file permissions on the key files. SSH won't use em if
    > the file permissions aren't right. I think you'll find details in
    > the man pages.
    >
    >
    > --
    > Todd H.
    > http://www.toddh.net/



  4. Re: SFTP file upload issue

    "umesh" writes:

    > Hello,
    >
    > file permission for $home\.ssh\authorized_keys is 644
    > and direcotry permission for $home\.ssh is 777


    And there's possibly one of your (or the) problem.

    I don't believe ssh or sshd will trust anything in a world writable
    ..ssh directory.

    Are these file perms on the client side or server side? Check both.


    --
    Todd H.
    http://www.toddh.net/

  5. Re: SFTP file upload issue

    Hello,

    On Server :
    file permission for $home\.ssh\authorized_keys is 644
    and direcotry permission for $home\.ssh is 777

    On client
    file permission for $home\.ssh\id_dsa is 600
    file permission for $home\.ssh\id_dsa.pub is 644
    and direcotry permission for $home\.ssh is 700


    Regards

    Umesh

    Todd H. wrote:
    > "umesh" writes:
    >
    > > Hello,
    > >
    > > file permission for $home\.ssh\authorized_keys is 644
    > > and direcotry permission for $home\.ssh is 777

    >
    > And there's possibly one of your (or the) problem.
    >
    > I don't believe ssh or sshd will trust anything in a world writable
    > .ssh directory.
    >
    > Are these file perms on the client side or server side? Check both.
    >
    >
    > --
    > Todd H.
    > http://www.toddh.net/



  6. Re: SFTP file upload issue

    Hello,

    On Server :
    file permission for $home\.ssh\authorized_keys is 644
    and direcotry permission for $home\.ssh is 777

    On client
    file permission for $home\.ssh\id_dsa is 600
    file permission for $home\.ssh\id_dsa.pub is 644
    and direcotry permission for $home\.ssh is 700


    Regards

    Umesh

    Todd H. wrote:
    > "umesh" writes:
    >
    > > Hello,
    > >
    > > file permission for $home\.ssh\authorized_keys is 644
    > > and direcotry permission for $home\.ssh is 777

    >
    > And there's possibly one of your (or the) problem.
    >
    > I don't believe ssh or sshd will trust anything in a world writable
    > .ssh directory.
    >
    > Are these file perms on the client side or server side? Check both.
    >
    >
    > --
    > Todd H.
    > http://www.toddh.net/



  7. Re: SFTP file upload issue

    "umesh" writes:

    > Hello,
    >
    > On Server :
    > file permission for $home\.ssh\authorized_keys is 644
    > and direcotry permission for $home\.ssh is 777


    On server, try:

    chmod 700 ~/.ssh
    chmod 600 ~/.ssh/authorized_keys

    And make sure you've added the the .pub version of your key copied
    over from your client into that authoirzed_keys file on the server.

    From the ssh man page:

    The contents of the $HOME/.ssh/id_dsa.pub and
    $HOME/.ssh/id_rsa.pub file should be added to
    $HOME/.ssh/authorized_keys on all machines where the user
    wishes to log in using protocol version 2 DSA/RSA
    authentication. These files are not sensitive and can
    (but need not) be readable by anyone. These files are
    never used automatically and are not necessary; they are
    only provided for the con- venience of the user.


    $HOME/.ssh/authorized_keys
    Lists the public keys (RSA/DSA) that can be used for
    logging in as this user. The format of this file is
    described in the sshd(8) manual page. In the simplest
    form the format is the same as the .pub identity files.
    This file is not highly sensitive, but the recommended
    permissions are read/write for the user, and not
    accessible by others.



    > On client
    > file permission for $home\.ssh\id_dsa is 600
    > file permission for $home\.ssh\id_dsa.pub is 644
    > and direcotry permission for $home\.ssh is 700
    >
    >
    > Regards
    >
    > Umesh
    >
    > Todd H. wrote:
    > > "umesh" writes:
    > >
    > > > Hello,
    > > >
    > > > file permission for $home\.ssh\authorized_keys is 644
    > > > and direcotry permission for $home\.ssh is 777

    > >
    > > And there's possibly one of your (or the) problem.
    > >
    > > I don't believe ssh or sshd will trust anything in a world writable
    > > .ssh directory.
    > >
    > > Are these file perms on the client side or server side? Check both.
    > >
    > >
    > > --
    > > Todd H.
    > > http://www.toddh.net/

    >


    --
    Todd H.
    http://www.toddh.net/

+ Reply to Thread