pamboo
asked on
ssh-keygen[Creating trusted root]
I tried to login in root thru <ssh locahost>...
But i am getting this error
Permission denied(public authentication,keyboard interactive)
I had given ssh-keygen and got indentity.pub in my /root/.ssh/ ...I had taken a copy of indentity.pub as authorized_keys and given chmod 600 authoriszed keys...
I have restarted /etc/rc.d/init/sshd
Now when i try ssh localhost or ssh <hostname>
i get the ERROR:
"Permission denied(public authentication,keyboard interactive)"
If u need more clarification i can post my /etc/ssh/sshd_config and /etc/ssh/ssh_config files info ...
NOTE:
I am using rh 7.2
I didnt try connecting any remote host...I am connecting or Loging to my localhost itself thru ssh...
Plz help us to overcome this and create a trusted root...
Thanking u...
I would even like to increase my points for quicker solution ...
But i am getting this error
Permission denied(public authentication,keyboard interactive)
I had given ssh-keygen and got indentity.pub in my /root/.ssh/ ...I had taken a copy of indentity.pub as authorized_keys and given chmod 600 authoriszed keys...
I have restarted /etc/rc.d/init/sshd
Now when i try ssh localhost or ssh <hostname>
i get the ERROR:
"Permission denied(public authentication,keyboard interactive)"
If u need more clarification i can post my /etc/ssh/sshd_config and /etc/ssh/ssh_config files info ...
NOTE:
I am using rh 7.2
I didnt try connecting any remote host...I am connecting or Loging to my localhost itself thru ssh...
Plz help us to overcome this and create a trusted root...
Thanking u...
I would even like to increase my points for quicker solution ...
ASKER
ASKER
>>>could you plese post /etc/ssh/sshd_config,
# $OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sb
# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.
Port 22
Protocol 2,1
ListenAddress 10.10.1.179
#ListenAddress ::
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin no
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd yes
#PrintLastLog no
KeepAlive yes
# Logging
SyslogFacility AUTHPRIV
LogLevel INFO
#obsoletes QuietMode and FascistLogging
RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
#
RSAAuthentication yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no
# Uncomment to disable s/key passwords
ChallengeResponseAuthentic
# Uncomment to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdIn
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
#CheckMail yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes
AllowUsers root naga
Subsystem sftp /usr/libexec/openssh/sftp-
# $OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sb
# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.
Port 22
Protocol 2,1
ListenAddress 10.10.1.179
#ListenAddress ::
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin no
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd yes
#PrintLastLog no
KeepAlive yes
# Logging
SyslogFacility AUTHPRIV
LogLevel INFO
#obsoletes QuietMode and FascistLogging
RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
#
RSAAuthentication yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no
# Uncomment to disable s/key passwords
ChallengeResponseAuthentic
# Uncomment to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdIn
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
#CheckMail yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes
AllowUsers root naga
Subsystem sftp /usr/libexec/openssh/sftp-
ASKER
>>ssh -v -i ~/.ssh/identity root@host
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 0 geteuid 0 anon 1
debug1: Connecting to vocal [10.10.1.179] port 22.
debug1: temporarily_use_uid: 0/0 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 0/0 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /root/.ssh/identity type 0
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUES
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 137/256
debug1: bits set: 1019/2049
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'vocal' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts2:1
debug1: bits set: 985/2049
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey
debug1: next auth method to try is publickey
debug1: no more auth methods to try
Permission denied (publickey).
debug1: Calling cleanup 0x8063570(0x0)
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 0 geteuid 0 anon 1
debug1: Connecting to vocal [10.10.1.179] port 22.
debug1: temporarily_use_uid: 0/0 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 0/0 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /root/.ssh/identity type 0
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUES
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 137/256
debug1: bits set: 1019/2049
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'vocal' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts2:1
debug1: bits set: 985/2049
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey
debug1: next auth method to try is publickey
debug1: no more auth methods to try
Permission denied (publickey).
debug1: Calling cleanup 0x8063570(0x0)
ASKER
I have posted my /etc/ssh/sshd_config file and
ssh -v output too
So plz help to solve this problem
We r badly in need of this
ssh -v output too
So plz help to solve this problem
We r badly in need of this
ASKER
Plz help u slove this....
think this setting prevents root to login in:
PermitRootLogin no
PermitRootLogin no
ahoffmann is right!
the setting "PermitRootLogin" has to be set to "yes"
the setting "PermitRootLogin" has to be set to "yes"
ASKER
yeah i tried that too....Same error
I have set PermitRootLogin yes
Sorry to tell that first itself
Plz help to solve this
I have set PermitRootLogin yes
Sorry to tell that first itself
Plz help to solve this
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Have you been helped here so you can accept to grade and close, or is more needed?
For special handling help, please post zero point questions with question link (URL) here: https://www.experts-exchange.com/jsp/qList.jsp?ta=commspt
Expert recommendations always welcome, if no response from Asker.
Moondancer
EE Moderator
For special handling help, please post zero point questions with question link (URL) here: https://www.experts-exchange.com/jsp/qList.jsp?ta=commspt
Expert recommendations always welcome, if no response from Asker.
Moondancer
EE Moderator
SECOND REQUEST POSTED ON ALL OPEN ITEMS FOR YOU.
ADMINISTRATION WILL BE CONTACTING YOU SHORTLY. Moderators Computer101 or Netminder will return to finalize these if still open in seven days. Please post closing recommendations before that time.
Question(s) below appears to have been abandoned. Your options are:
1. Accept a Comment As Answer (use the button next to the Expert's name).
2. Close the question if the information was not useful to you, but may help others. You must tell the participants why you wish to do this, and allow for Expert response. This choice will include a refund to you, and will move this question to our PAQ (Previously Asked Question) database. If you found information outside this question thread, please add it.
3. Ask Community Support to help split points between participating experts, or just comment here with details and we'll respond with the process.
4. Delete the question (if it has no potential value for others).
--> Post comments for expert of your intention to delete and why
--> You cannot delete a question with comments, special handling by a Moderator is required.
For special handling needs, please post a zero point question in the link below and include the URL (question QID/link) that it regards with details.
https://www.experts-exchange.com/jsp/qList.jsp?ta=commspt
Please click the Help Desk link on the left for Member Guidelines, Member Agreement and the Question/Answer process for further information, if needed. https://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp
Click you Member Profile to view your question history and keep them all current with updates as the collaboration effort continues, to track all your open and locked questions at this site. If you are an EE Pro user, use the Power Search option to find them. Anytime you have questions which are LOCKED with a Proposed Answer but does not serve your needs, please reject it and add comments as to why. In addition, when you do grade the question, if the grade is less than an A, please add a comment as to why. This helps all involved, as well as future persons who may access this item in the future to seek help.
To view your open questions, please click the following link(s) and keep them all current with updates.
https://www.experts-exchange.com/questions/Q.11954279.html
https://www.experts-exchange.com/questions/Q.11954298.html
https://www.experts-exchange.com/questions/Q.20026648.html
https://www.experts-exchange.com/questions/Q.20064191.html
https://www.experts-exchange.com/questions/Q.20147623.html
https://www.experts-exchange.com/questions/Q.20195253.html
https://www.experts-exchange.com/questions/Q.20250954.html
https://www.experts-exchange.com/questions/Q.20250947.html
https://www.experts-exchange.com/questions/Q.20257026.html
https://www.experts-exchange.com/questions/Q.20258370.html
https://www.experts-exchange.com/questions/Q.20181559.html
To view your locked questions, please click the following link(s) and evaluate the proposed answer.
https://www.experts-exchange.com/questions/Q.20078287.html
PLEASE DO NOT AWARD THE POINTS TO ME.
------------> EXPERTS: Please leave any comments regarding your closing recommendations if this item remains inactive another seven (7) days. Also, if you are interested in the cleanup effort, please click this link https://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=commspt&qid=20274643
Moderators will finalize this question if still open in 7 days, by either moving this to the PAQ (Previously Asked Questions) at zero points, deleting it or awarding expert(s) when recommendations are made, or an independent determination can be made. Expert input is always appreciated to determine the fair outcome.
Thank you everyone.
Moondancer
Moderator @ Experts Exchange
P.S. For any year 2000 questions, special attention is needed to ensure the first correct response is awarded, since they are not in the comment date order, but rather in Member ID order.
ADMINISTRATION WILL BE CONTACTING YOU SHORTLY. Moderators Computer101 or Netminder will return to finalize these if still open in seven days. Please post closing recommendations before that time.
Question(s) below appears to have been abandoned. Your options are:
1. Accept a Comment As Answer (use the button next to the Expert's name).
2. Close the question if the information was not useful to you, but may help others. You must tell the participants why you wish to do this, and allow for Expert response. This choice will include a refund to you, and will move this question to our PAQ (Previously Asked Question) database. If you found information outside this question thread, please add it.
3. Ask Community Support to help split points between participating experts, or just comment here with details and we'll respond with the process.
4. Delete the question (if it has no potential value for others).
--> Post comments for expert of your intention to delete and why
--> You cannot delete a question with comments, special handling by a Moderator is required.
For special handling needs, please post a zero point question in the link below and include the URL (question QID/link) that it regards with details.
https://www.experts-exchange.com/jsp/qList.jsp?ta=commspt
Please click the Help Desk link on the left for Member Guidelines, Member Agreement and the Question/Answer process for further information, if needed. https://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp
Click you Member Profile to view your question history and keep them all current with updates as the collaboration effort continues, to track all your open and locked questions at this site. If you are an EE Pro user, use the Power Search option to find them. Anytime you have questions which are LOCKED with a Proposed Answer but does not serve your needs, please reject it and add comments as to why. In addition, when you do grade the question, if the grade is less than an A, please add a comment as to why. This helps all involved, as well as future persons who may access this item in the future to seek help.
To view your open questions, please click the following link(s) and keep them all current with updates.
https://www.experts-exchange.com/questions/Q.11954279.html
https://www.experts-exchange.com/questions/Q.11954298.html
https://www.experts-exchange.com/questions/Q.20026648.html
https://www.experts-exchange.com/questions/Q.20064191.html
https://www.experts-exchange.com/questions/Q.20147623.html
https://www.experts-exchange.com/questions/Q.20195253.html
https://www.experts-exchange.com/questions/Q.20250954.html
https://www.experts-exchange.com/questions/Q.20250947.html
https://www.experts-exchange.com/questions/Q.20257026.html
https://www.experts-exchange.com/questions/Q.20258370.html
https://www.experts-exchange.com/questions/Q.20181559.html
To view your locked questions, please click the following link(s) and evaluate the proposed answer.
https://www.experts-exchange.com/questions/Q.20078287.html
PLEASE DO NOT AWARD THE POINTS TO ME.
------------> EXPERTS: Please leave any comments regarding your closing recommendations if this item remains inactive another seven (7) days. Also, if you are interested in the cleanup effort, please click this link https://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=commspt&qid=20274643
Moderators will finalize this question if still open in 7 days, by either moving this to the PAQ (Previously Asked Questions) at zero points, deleting it or awarding expert(s) when recommendations are made, or an independent determination can be made. Expert input is always appreciated to determine the fair outcome.
Thank you everyone.
Moondancer
Moderator @ Experts Exchange
P.S. For any year 2000 questions, special attention is needed to ensure the first correct response is awarded, since they are not in the comment date order, but rather in Member ID order.
Admin notified of User neglect. Force-accepted by
Netminder
CS Moderator
Netminder
CS Moderator
Thanks Netminder.
egrep -i 'rsa|passw|root|login' /etc/ssh/sshd_config
Also try to use
ssh -v -i ~/.ssh/identity root@host