We help IT Professionals succeed at work.

ssh-keygen[Creating trusted root]

pamboo
pamboo asked
on
I tried to login in root thru <ssh locahost>...
But i am getting this error
Permission denied(public authentication,keyboard interactive)

I had given ssh-keygen and got indentity.pub in my /root/.ssh/ ...I had taken a copy of indentity.pub as authorized_keys and given chmod 600 authoriszed keys...

I have restarted /etc/rc.d/init/sshd

Now when i try ssh localhost or ssh <hostname>

i get the ERROR:
"Permission denied(public authentication,keyboard interactive)"

If u need more clarification i can post my /etc/ssh/sshd_config and /etc/ssh/ssh_config files info ...

NOTE:
I am using rh 7.2
I didnt try connecting any remote host...I am connecting or Loging to my localhost itself thru ssh...

Plz help us to overcome this and create a trusted root...

Thanking u...

I would even like to increase my points for quicker solution ...
Comment
Watch Question

CERTIFIED EXPERT

Commented:
could you plese post  /etc/ssh/sshd_config, or at least:
   egrep -i 'rsa|passw|root|login'  /etc/ssh/sshd_config

Also try to use
   ssh -v -i ~/.ssh/identity root@host

Author

Commented:

Author

Commented:
>>>could you plese post  /etc/ssh/sshd_config,

#     $OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# This is the sshd server system-wide configuration file.  See sshd(8)
# for more information.

Port 22
Protocol 2,1
ListenAddress 10.10.1.179
#ListenAddress ::
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin no
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd yes
#PrintLastLog no
KeepAlive yes

# Logging
SyslogFacility AUTHPRIV
LogLevel INFO
#obsoletes QuietMode and FascistLogging

RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
#
RSAAuthentication yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no

# Uncomment to disable s/key passwords
ChallengeResponseAuthentication no

# Uncomment to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

#CheckMail yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes

AllowUsers root naga
Subsystem     sftp     /usr/libexec/openssh/sftp-server

Author

Commented:
>>ssh -v -i ~/.ssh/identity root@host

OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 0 geteuid 0 anon 1
debug1: Connecting to vocal [10.10.1.179] port 22.
debug1: temporarily_use_uid: 0/0 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 0/0 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /root/.ssh/identity type 0
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 137/256
debug1: bits set: 1019/2049
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'vocal' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts2:1
debug1: bits set: 985/2049
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey
debug1: next auth method to try is publickey
debug1: no more auth methods to try
Permission denied (publickey).
debug1: Calling cleanup 0x8063570(0x0)

Author

Commented:
I have posted my /etc/ssh/sshd_config file and
ssh -v output too

So plz help to solve this problem
We r badly in need of this

Author

Commented:
Plz help u slove this....
CERTIFIED EXPERT

Commented:
think this setting prevents root to login in:

PermitRootLogin no

Commented:
ahoffmann is right!

the setting "PermitRootLogin" has to be set to "yes"

Author

Commented:
yeah i tried that too....Same error
I have set PermitRootLogin yes
Sorry to tell that first itself
Plz help to solve this
CERTIFIED EXPERT
Commented:
oops, missed that your sshd uses protocol version 2. AFAIK this does no longer support RSA authentification. Try to use
     ssh -1 -i ....
Have you been helped here so you can accept to grade and close, or is more needed?

For special handling help, please post zero point questions with question link (URL) here:   http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt                                                           
Expert recommendations always welcome, if no response from Asker.

Moondancer
EE Moderator
SECOND REQUEST POSTED ON ALL OPEN ITEMS FOR YOU.

ADMINISTRATION WILL BE CONTACTING YOU SHORTLY.  Moderators Computer101 or Netminder will return to finalize these if still open in seven days.  Please post closing recommendations before that time.

Question(s) below appears to have been abandoned. Your options are:
 
1. Accept a Comment As Answer (use the button next to the Expert's name).
2. Close the question if the information was not useful to you, but may help others. You must tell the participants why you wish to do this, and allow for Expert response.  This choice will include a refund to you, and will move this question to our PAQ (Previously Asked Question) database.  If you found information outside this question thread, please add it.
3. Ask Community Support to help split points between participating experts, or just comment here with details and we'll respond with the process.
4. Delete the question (if it has no potential value for others).
   --> Post comments for expert of your intention to delete and why
   --> You cannot delete a question with comments, special handling by a Moderator is required.

For special handling needs, please post a zero point question in the link below and include the URL (question QID/link) that it regards with details.
http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt
 
Please click the Help Desk link on the left for Member Guidelines, Member Agreement and the Question/Answer process for further information, if needed.  http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp

Click you Member Profile to view your question history and keep them all current with updates as the collaboration effort continues, to track all your open and locked questions at this site.  If you are an EE Pro user, use the Power Search option to find them.  Anytime you have questions which are LOCKED with a Proposed Answer but does not serve your needs, please reject it and add comments as to why.  In addition, when you do grade the question, if the grade is less than an A, please add a comment as to why.  This helps all involved, as well as future persons who may access this item in the future to seek help.

To view your open questions, please click the following link(s) and keep them all current with updates.
http://www.experts-exchange.com/questions/Q.11954279.html
http://www.experts-exchange.com/questions/Q.11954298.html
http://www.experts-exchange.com/questions/Q.20026648.html
http://www.experts-exchange.com/questions/Q.20064191.html
http://www.experts-exchange.com/questions/Q.20147623.html
http://www.experts-exchange.com/questions/Q.20195253.html
http://www.experts-exchange.com/questions/Q.20250954.html
http://www.experts-exchange.com/questions/Q.20250947.html
http://www.experts-exchange.com/questions/Q.20257026.html
http://www.experts-exchange.com/questions/Q.20258370.html
http://www.experts-exchange.com/questions/Q.20181559.html


To view your locked questions, please click the following link(s) and evaluate the proposed answer.
http://www.experts-exchange.com/questions/Q.20078287.html

PLEASE DO NOT AWARD THE POINTS TO ME.  
 
------------>  EXPERTS:  Please leave any comments regarding your closing recommendations if this item remains inactive another seven (7) days.  Also, if you are interested in the cleanup effort, please click this link http://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=commspt&qid=20274643

Moderators will finalize this question if still open in 7 days, by either moving this to the PAQ (Previously Asked Questions) at zero points, deleting it or awarding expert(s) when recommendations are made, or an independent determination can be made.  Expert input is always appreciated to determine the fair outcome.
 
Thank you everyone.
 
Moondancer
Moderator @ Experts Exchange

P.S.  For any year 2000 questions, special attention is needed to ensure the first correct response is awarded, since they are not in the comment date order, but rather in Member ID order.
Admin notified of User neglect. Force-accepted by
Netminder
CS Moderator
CERTIFIED EXPERT

Commented:
Thanks Netminder.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.