Question

Unix - sftp without being prompted for password

Asked by: jnilsson919a

I am trying to set up an SFTP to a server without being prompted for a password.  This SFTP will run in a batch C-shell script.  The server I am SFTPing to is using Open SSH.  I did the following steps: 1) generated a public key using ssh-keygen -t dsa  2) copied the public key to the remote host under the ./ssh directory  3) copied the id_dsa.pub to authorized_keys file.  I then ran the C-shell script (listed below in the Code section) but I am prompted for the password.  How can I get this script to run without being prompted for a password?  Thanks in advance for your help.

#!/bin/csh
# SFTPs  eService Daily Extract File
#
sftp ent_ahd@pub01.rsc.raytheon.com
bye
ENDFtp

                                  
1:
2:
3:
4:
5:
6:

Select allOpen in new window

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-08-21 at 14:59:30ID24672805
Tags

Unix - sftp without being prompted for password

Topic

SSH / Telnet Software

Participating Experts
2
Points
500
Comments
26

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. sftp in Batchmode
    I am running sftp in Unix in batchmode. Has anyone found a way to set the password in the ksh script itself other than using Expect?
  2. SFTP password issue
    Hi All, We are in the process of changing our File transfers to Secure mode using SecureShell. We already have scripts to Do File transfer using FTP client (i.e, non secure mode) and iam giving one example, which explains how we automate regular FTP. Now we are changing a...
  3. SFTP and FTP
    Greetings, (i) What is the differnece between an FTP and SFTP? (Can u make the explanation bit simpler since i am not that technically sound in Unix) (ii) What are the process and modifications to be done while converting from the FTP to SFTP?? Thanks in Advance.
  4. SFTP BETWEEN UNIX/WINDOWS USING KEY AUTHENTICA…
    I HAVE A NEED TO COPY FILES FROM A PRODUCTION SERVER TO A WINDOWS SERVER IN BATCH MODE. I HAVE USED SFTP AND CREATED AUTHENTICATION KEYS BETWEEN UNIX SERVERS IN THE PAST. IS THIS POSSIBLE BETWEEN UNIX AND WINDOWS USING SSH? I AM RELUCTANT TO ALLOW .NETRC ENTRIES ON THIS SERV...
  5. sFTP on Unix
    I may just be confused so I will ramble for a second and all you can fix my errors: I want to run sftp server on a Unix box (mainly AIX, but lets make this as vendor nuetral as possible). I understand that sFTP is SSH2 specific FTP protocal, hence I believe I need a new ft...
  6. sftp to solaris from windows
    Hi, I have got a ssh-rsa key from my unix admin for a soloaris host. I need to connect to this host using sftp. I have downloaded sftp from open ssl website. what do i do with the key file i got.

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: KeremEPosted on 2009-08-21 at 15:13:42ID: 25156350

Hi,

File permissions are very critical for SSH.  So your $HOME/.ssh directory shouls exactly 700 for file permissions. your authorized.keys should be have 600 as file permissions. You don't need the private key there. Remaove all files there but authorized_skes which includeds your id_dsa.pub. You need id_dsa at the sending end. This dile should have 600 file permissions and your .ssh directory should have 700 file permissions too. Otherwise your keys will be rejected during the initial contact and you'll left-off with password authentications.

Cheers,
K.

 

by: KeremEPosted on 2009-08-21 at 15:15:28ID: 25156360

sorry for my typos. Your public key file should be authorized_keys. But unfortunately I was not able to write it correctly anywhere :(

 

by: jnilsson919aPosted on 2009-08-21 at 15:42:23ID: 25156510


Hi. I'm not sure I understood your message completely.
This is from the receiving side:
st93% pwd
/apps/websvcs/docs/helpdesk/extract/.ssh
st93% ls -l
total 24
-rw------- 1 ent_ahd hdext 607 Aug 21 16:24 authorized_keys
-rw------- 1 ent_ahd hdext 668 Aug 21 16:20 id_dsa
-rw------- 1 ent_ahd hdext 607 Aug 21 16:20 id_dsa.pub
st93%

This is from the sending side:
CSCESERV6-NEW:ahduser /home/ahduser/.ssh% ls -l
total 5
-rw------- 1 ahduser dba 668 Aug 21 11:08 id_dsa
-rw------- 1 ahduser dba 607 Aug 21 11:08 id_dsa.pub
-rw-r--r-- 1 ahduser dba 419 Aug 20 11:09 known_hosts
And here is my attempt at SFTP, which once again results in my being prompted for a password:
CSCESERV6-NEW:ahduser /home/ahduser/.ssh% sftp ent_ahd@pub01.rsc.raytheon.com
Connecting to pub01.rsc.raytheon.com...
Password:

 

by: jnilsson919aPosted on 2009-08-21 at 15:49:16ID: 25156556

I also wanted to add another attempt.

CSCESERV6-NEW:ahduser /home/ahduser/.ssh% sftp -o "batchmode yes" ent_ahd@pub01.
rsc.raytheon.com
Connecting to pub01.rsc.raytheon.com...
Permission denied (publickey,password,keyboard-interactive).
Connection closed
CSCESERV6-NEW:ahduser /home/ahduser/.ssh%

 

by: KeremEPosted on 2009-08-21 at 16:34:11ID: 25156740

Hi,

What I wanted to say is your home directory .ssh permisison should be 700 so that :

cd
ls -ald .ssh

will produce:
drwx------ 1 ahduser dba 668 Aug 21 11:08 .ssh

id_dsa is for the sending side. All you need is id_dsa.pub attaced to authorized_keys at the receiving end. So delete id_dsa.* from receiving end.



 

by: KeremEPosted on 2009-08-21 at 16:39:39ID: 25156759

BTW you should make sure that /apps/websvcs/docs/helpdesk/extract is the home ddirectory of the ent_ahd user.

I've retried it over my system:

[root@host1 .ssh]# ls -al
total 40
drwx------  2 root root 4096 Aug 17 21:28 .
drwxr-x--- 27 root root 4096 Aug 21 19:08 ..
-rw-------  1 root root  392 Jul 19 00:08 authorized_keys
-rw-------  1 root root 2443 Aug 22 02:35 known_hosts

[root@host1 .ssh]# sftp root@host2
Connecting to host2...
sftp>

 

by: KeremEPosted on 2009-08-21 at 16:41:02ID: 25156765

If you can't change home directory of ent_ahd to /apps/websvcs/docs/helpdesk/extract just make sure that .ssh directory is under the user's home.
 

 

by: arober11Posted on 2009-08-24 at 16:01:28ID: 25173324

If you have access check the  /etc/ssh/sshd_config  file on the remote machine and check it has the following entry / value, if it's no you can't use key's, till it's tweaked:

PubkeyAuthentication yes

also on the remote server do a:

chmod go-w $HOME

As a group or other body could rename the .ssh directory to say .wibble and create a new.ssh with there own keys in, if the HOME directory has write permissions. So ssh won't play if it's tweakable.

 

by: jnilsson919aPosted on 2009-08-25 at 11:03:10ID: 25180353

Thanks for the answers.  We're still trying to get SFTP to work without prompting for a password.  I use the same technique on other servers and SFTP works fine without prompting for a password.  On the server I'm going to now,  I see no /etc/ssh/sshd_config   file which may be causing the problem.  The server admin is looking into it.

 

by: KeremEPosted on 2009-08-25 at 11:14:10ID: 25180460

Hi,

Your home directory of : /apps/websvcs/docs/helpdesk/extract seemed very odd to me. will you double check as

finger sftp_user

and the home directory indicated is /apps/websvcs/docs/helpdesk/extract? Otherwise the ssh will look for $HOME/.ssh directory for that user. So may be the source of your problem is because you have not placed the ssh key files under the user home.

Cheers,
K.

 

by: jnilsson919aPosted on 2009-08-25 at 13:46:13ID: 25182070

Here's the home directory and variables:

st93% finger ent_ahd
Login name: ent_ahd                     In real life: Thinh Chu
Directory: /apps/websvcs/docs/helpdesk/extract  Shell: /bin/csh
On since Aug 25 15:39:11 on pts/2 from zlbac846920.dhcp.ess.us.ray.com
15 seconds Idle Time
No unread mail
No Plan.
st93%
st93% pwd
/apps/websvcs/docs/helpdesk/extract/.ssh
st93% ls -l
total 24
-rwx------   1 ent_ahd  hdext       2424 Aug 25 15:42 authorized_keys
-rw-------   1 ent_ahd  hdext        607 Aug 25 11:25 id_dsa.pub
-rw-r--r--   1 ent_ahd  hdext        635 Aug 25 15:40 known_hosts
st93%

st93% cat authorized_keys
ssh-dss AAAAB3NzaC1kc3MAAACBAOx7o505HXcOqso4OhJ/LsWeWfINhclCT5eNaYwIee5XypaeUBu3
Uiz5BB9FXi+7+VE3CbUqZsv/e/lCF3sXwdvhncKcdJM1XMHfrgGUP/6wFOTY/vB+DvJOa1AzttEeg8FY
/mUNYLrM/bZEFOI2gUN5zyawqT3nuLT5J4SOR2PVAAAAFQCqAvQbpaLdHU3o2mDmpz5wtBxNuQAAAIEA
s1HzuWBTgWMhr8kaCrs8hTLL5KPxVc2OMJqi28B7gRGNnNVc46mLYzf0J51M3tsMIsPWmGRoYJruBTEy
MBwh2RFtql0NXQS8eQpFogKlv3AFiybjZMdvurq3mvR35xm7P5Ripxq+VO6BVKNU1caZpEVjdSMoYV/p
3WLAVfPhS+8AAACBALaMl+4ElheNoU0q2K4cxLlBCtLyPnHGr6oflhunJ47Vwu17/wMQENykETtGigC3
J2R2YCtbR5YQDpGsoGXjQCod86uHdr7zunrWCwEzzmgxJkhPH6Gd6MtlomW4+U1YWh0JNf6NRml7uMXX
ibejWOJ0uxgx3hrFbyvAYl4Bwsa1 ahduser@csceserv6
ssh-dss AAAAB3NzaC1kc3MAAACBAOx7o505HXcOqso4OhJ/LsWeWfINhclCT5eNaYwIee5XypaeUBu3
Uiz5BB9FXi+7+VE3CbUqZsv/e/lCF3sXwdvhncKcdJM1XMHfrgGUP/6wFOTY/vB+DvJOa1AzttEeg8FY
/mUNYLrM/bZEFOI2gUN5zyawqT3nuLT5J4SOR2PVAAAAFQCqAvQbpaLdHU3o2mDmpz5wtBxNuQAAAIEA
s1HzuWBTgWMhr8kaCrs8hTLL5KPxVc2OMJqi28B7gRGNnNVc46mLYzf0J51M3tsMIsPWmGRoYJruBTEy
MBwh2RFtql0NXQS8eQpFogKlv3AFiybjZMdvurq3mvR35xm7P5Ripxq+VO6BVKNU1caZpEVjdSMoYV/p
3WLAVfPhS+8AAACBALaMl+4ElheNoU0q2K4cxLlBCtLyPnHGr6oflhunJ47Vwu17/wMQENykETtGigC3
J2R2YCtbR5YQDpGsoGXjQCod86uHdr7zunrWCwEzzmgxJkhPH6Gd6MtlomW4+U1YWh0JNf6NRml7uMXX
ibejWOJ0uxgx3hrFbyvAYl4Bwsa1 ahduser@csceserv6
ssh-dss AAAAB3NzaC1kc3MAAACBAKBbH+n6+daZXv2vQ5DDzYX0VNdhxWiK+ysA+MU3cfEVQSgzPN/A
layYlXgFqeANND2fxyy135VA63HCm95BqLYbcuZvjm67u89L5IZfp8VCaY7GQMf8fWhR82XC2QhuX2/W
vckutXadWOxQOqy4etgOWzBv+2Hi0qf00G8wVzYRAAAAFQCevH0pqK4KQbRv4y0noSFUeqZMVQAAAIBg
WSS/Kt/1F8CB1iIJCBIVj0L/WStF0xtzY6QsSnK1HuDocj94P8Whxe3qYu+ovwCDo/5n7+8lL9XBjsbR
6piZLUhZVn4jprmcBFQuV393+9+c9TNcHIbCbYh5aneIi1hNdKpxF1eEl+18Ef7YnXvOAN+WgJw0zPVv
6Csw0sPE1AAAAIB1j5+XBsr4GK/aGTgEjFThIxNUOsd2t1uy3U4ub7Z4WKkeAKe3Ux9MqNyXmCEXlhlT
Yepaf0vBM+xl7sECEX1pud9mBftPkI6IOTDtpLZ9NDkRZivIwQIGFaVP21MVUjt3fMS9PSqflEbtxkuo
fqgRbcbVWEfz2CTRK2BVBrgwuA== ent_ahd@csceserv6

st93% env
HOME=/apps/websvcs/docs/helpdesk/extract
PATH=/usr/bin:



 

by: KeremEPosted on 2009-08-25 at 14:15:12ID: 25182344

Check your directory permission for the .ssh directory is :700 (drwx------) ?

ls -ald .ssh

should do


 

by: arober11Posted on 2009-08-25 at 15:04:58ID: 25182767

Als oneed to do the same for:  /apps/websvcs/docs/helpdesk

the Home directory should be owned and only writable by the user e.g.

drwxr-xr-x 52 ent_ahd hdext       4096 2009-08-25 21:44 ent_ahd

If not, per my earlier post: chmod go-w $HOME

If stil having problems on the remote server type:  ssh -vvv localhost

In the output you should see the enables authentication methods, if you don't see publickey it's the ssd configuration e.g.

debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey

 

by: jnilsson919aPosted on 2009-08-25 at 15:09:05ID: 25182788

Yes, .ssh directory is 700.

st93% pwd
/apps/websvcs/docs/helpdesk/extract
st93% ls -ald .ssh
drwx------   2 ent_ahd  hdext       4096 Aug 25 16:35 .ssh
st93%

I still think the missing config file may be causing the problem.


 

by: KeremEPosted on 2009-08-25 at 15:19:57ID: 25182871

wghat is the missing config file ??

will you execute uname -a on both ends ?

 

by: arober11Posted on 2009-08-25 at 15:20:11ID: 25182875

Per my last post, have you typed: ssh -vvv localhost  

 

by: jnilsson919aPosted on 2009-08-26 at 15:18:04ID: 25192861

To arober11:
on the ssh -vw localhost, I received the following:
OpenSSH_4.5p1, OpenSSL 0.9.8d 28 Sep 2006

To KeremE:
Here are the uname -a from both sides:
(sending server)
CSCESERV6-NEW:% uname -a
AIX csceserv6 3 5 0002B14A4C00
CSCESERV6-NEW:%

(receiving server)
st93% uname -a
SunOS st93 5.8 Generic_117350-62 sun4u sparc SUNW,UltraAX-i2
st93%

 

by: arober11Posted on 2009-08-26 at 15:37:11ID: 25192972

Per my earlier posts can you do a:

ssh -vvv localhost    

Note : -vvv   (Thats: v * 3    NOT  "-vw ")  you'll see lots of debug output when you type it in.

 

by: jnilsson919aPosted on 2009-08-26 at 15:51:04ID: 25193073

to arober11:
(I'm not sure this is the correct ssh -vvv)
csceserv6-new:ssh -vvv 147.16.195.26
OpenSSH_4.5p1, OpenSSL 0.9.8d 28 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so):   0509-022 Cannot
load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
        0509-026 System error: A file or directory in the path name does not exi
st.
 
debug1: Error loading Kerberos, disabling Kerberos auth.
debug2: ssh_connect: needpriv 0
debug1: Connecting to 147.16.195.26 [147.16.195.26] port 22.
debug1: Connection established.
debug1: identity file /home/ent_ahd/.ssh/identity type -1
debug1: identity file /home/ent_ahd/.ssh/id_rsa type -1
debug3: Not a RSA1 key file /home/ent_ahd/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/ent_ahd/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.5
debug1: match: OpenSSH_4.5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5
debug2: fd 4 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-g
roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-g
roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 115/256
debug2: bits set: 506/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/ent_ahd/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /home/ent_ahd/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 0 for host 147.16.195.26
debug3: check_host_in_hostfile: filename /home/ent_ahd/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug3: check_host_in_hostfile: filename /home/ent_ahd/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 2 for host 147.16.195.26
The authenticity of host '147.16.195.26 (147.16.195.26)' can't be established.
 RSA key fingerprint is 06:54:77:03:8d:6e:be:6e:0d:d0:81:0e:e3:51:c7:cb.
 Are you sure you want to continue connecting (yes/no)?yes
Warning: Permanently added '147.16.195.26' (RSA) to the list of known hosts.
debug2: bits set: 516/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/ent_ahd/.ssh/identity (0)
debug2: key: /home/ent_ahd/.ssh/id_rsa (0)
debug2: key: /home/ent_ahd/.ssh/id_dsa (20070698)
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug3: start over, passed a different list publickey,password,keyboard-interact
ive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Hitting here in public key auth ssh clienti&&&&&&&&&&&&&&&
debug1: Trying private key: /home/ent_ahd/.ssh/identity
debug3: no such identity: /home/ent_ahd/.ssh/identity
debug1: Hitting here in public key auth ssh clienti&&&&&&&&&&&&&&&
debug1: Trying private key: /home/ent_ahd/.ssh/id_rsa
debug3: no such identity: /home/ent_ahd/.ssh/id_rsa
debug1: Offering public key: /home/ent_ahd/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
ent_ahd@147.16.195.26's password:
debug3: packet_send2: adding 64 (len 58 padlen 6 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 0
debug3: tty_make_modes: ospeed 9600
debug3: tty_make_modes: ispeed 0
debug3: tty_make_modes: 1 3
debug3: tty_make_modes: 2 28
debug3: tty_make_modes: 3 8
debug3: tty_make_modes: 4 21
debug3: tty_make_modes: 5 4
debug3: tty_make_modes: 6 0
debug3: tty_make_modes: 7 0
debug3: tty_make_modes: 8 17
debug3: tty_make_modes: 9 19
debug3: tty_make_modes: 10 26
debug3: tty_make_modes: 11 25
debug3: tty_make_modes: 12 18
debug3: tty_make_modes: 14 22
debug3: tty_make_modes: 30 1
debug3: tty_make_modes: 31 0
debug3: tty_make_modes: 32 0
debug3: tty_make_modes: 33 0
debug3: tty_make_modes: 34 0
debug3: tty_make_modes: 35 0
debug3: tty_make_modes: 36 1
debug3: tty_make_modes: 37 0
debug3: tty_make_modes: 38 0
debug3: tty_make_modes: 39 0
debug3: tty_make_modes: 40 0
debug3: tty_make_modes: 41 1
debug3: tty_make_modes: 50 1
debug3: tty_make_modes: 51 1
debug3: tty_make_modes: 52 0
debug3: tty_make_modes: 53 1
debug3: tty_make_modes: 54 1
debug3: tty_make_modes: 55 1
debug3: tty_make_modes: 56 0
debug3: tty_make_modes: 57 0
debug3: tty_make_modes: 58 0
debug3: tty_make_modes: 59 1
debug3: tty_make_modes: 60 1
debug3: tty_make_modes: 61 1
debug3: tty_make_modes: 62 0
debug3: tty_make_modes: 70 1
debug3: tty_make_modes: 71 0
debug3: tty_make_modes: 72 1
debug3: tty_make_modes: 73 0
debug3: tty_make_modes: 74 0
debug3: tty_make_modes: 75 0
debug3: tty_make_modes: 90 1
debug3: tty_make_modes: 91 1
debug3: tty_make_modes: 92 0
debug3: tty_make_modes: 93 0
debug2: channel 0: request shell confirm 0
debug2: fd 4 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 131072
3 unsuccessful login attempts since last login.

 

by: KeremEPosted on 2009-08-26 at 15:55:33ID: 25193106

Both solaris and  AIX uses OpenSSH implenetations and they both keep the files under /etc/ssh normally.

Will you run find to find sshd_config ?


find / -name sshd_config

 

by: KeremEPosted on 2009-08-26 at 15:58:49ID: 25193130

It seems that your key is havinga wrong format
it didn't like the key. This is not a public-key this is an SSL-Certificate !!!

Will you please generate new keys ??

Here's a link on how -to :http://www.experts-exchange.com/articles/OS/Linux/SSH-access-using-public-key.html

 

by: arober11Posted on 2009-08-26 at 17:29:56ID: 25193594

Thanks, on the csceserv6-new server can you please do a:

ls -ld /home/ent_ahd/
ls -la /home/ent_ahd/.ssh/

The home directory (ent_ahd) should have permissions:  drwxr-xr-x
The .ssh directory (.)  should have the following permissions: drwx------
And your id_dsa  should have permissions: -rw-------

Also on the csceserv6-new server can you do a:

cd /home/ent_ahd/.ssh/
cat  id_dsa.pub >> authorized_keys
ssh -vvv localhost

You should then be able to login back into that box without a password.

Repeat this exercise on the Solaris box, once you can "ssh -vvv localhost"  on the othee box try connection from csceserv6-new to the other server.

 

by: arober11Posted on 2009-08-26 at 17:34:53ID: 25193624

By the way it appears you do have "PubkeyAuthentication yes"  on csceserv6-new  as your debug output has:

debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey

 

by: KeremEPosted on 2009-08-26 at 17:55:46ID: 25193710

debug3: Not a RSA1 key file /home/ent_ahd/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/ent_ahd/.ssh/id_dsa type 2


This shows that you have an invalid privte key this is why you can not use it to match it with remote public key.

Cheers,

 

by: arober11Posted on 2009-08-27 at 19:30:31ID: 25204569

#25193073  is the problem, not the solution.

 

by: jnilsson919aPosted on 2009-08-27 at 21:37:45ID: 25204982

I did not mean to check #25193073, which indeed is my explanation of a problem, and is not a solution.
I would still like to divide the points equally between arober11 and KeremE, who both provided vital solutions to my problem.


20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...