Solved

ssh localhost keeps asking for password

Posted on 2004-09-02
3
2,732 Views
Last Modified: 2013-12-04
Hello,

I've created ssh keys (both rsa and dsa), saved them to authorized_keys and authorized_keys2 files, ran ssh-agent and ssh-add, but when I try to ssh to localhost, I'm still being asked my password.  Here's what I get:

ssh -v -l wtcorrea localhost
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/wtcorrea/.ssh/identity type -1
debug1: identity file /home/wtcorrea/.ssh/id_rsa type 1
debug1: identity file /home/wtcorrea/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /home/wtcorrea/.ssh/known_hosts:8
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering agent key: /home/wtcorrea/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering agent key: /home/wtcorrea/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/wtcorrea/.ssh/identity
debug1: Offering public key: /home/wtcorrea/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering public key: /home/wtcorrea/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
wtcorrea@localhost's password:

I'm running Fedora Core 2, and my .ssh directory looks like this:

drwx------   2 wtcorrea wtcorrea 4096 Sep  2 17:09 ./
drwxrwxr-x  52 wtcorrea wtcorrea 4096 Sep  2 17:09 ../
-rw-------   1 wtcorrea wtcorrea  224 Sep  2 16:55 authorized_keys
-rw-------   1 wtcorrea wtcorrea  604 Sep  2 16:13 authorized_keys2
-rw-------   1 wtcorrea wtcorrea  736 May 25 15:18 id_dsa
-rw-r--r--   1 wtcorrea wtcorrea  604 May 25 15:18 id_dsa.pub
-rw-------   1 wtcorrea wtcorrea  951 Sep  2 16:54 id_rsa
-rw-r--r--   1 wtcorrea wtcorrea  224 Sep  2 16:54 id_rsa.pub
-rw-------   1 wtcorrea wtcorrea 3382 Sep  2 16:20 known_hosts

Any ideas on how to fix this?

Thanks,

Wagner
0
Comment
Question by:wtcorrea
3 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 11970190
When you created the public/private keys did you supply a passphrase at the prompt? If you did you'll always have to enter that passphrase to use the key.
0
 
LVL 23

Accepted Solution

by:
Mysidia earned 75 total points
ID: 11970601
How'd you save them?

the keys need to appear one per line in authorized_keys
if you pasted them into an editor and it wrapped a key over several lines it won't work

also check the permissions of your home directory
  ls -ld /home/user

If anything in the path to /home/user/.ssh/* is group writable (for example) the ssh server may be ignoring the
.ssh directory entirely
0
 
LVL 14

Assisted Solution

by:chris_calabrese
chris_calabrese earned 50 total points
ID: 11972012
As shown in
> drwxrwxr-x  52 wtcorrea wtcorrea 4096 Sep  2 17:09 ../

Your home directory is group writable. Since Mysidia mentioned this issue in general, but not specifically, you should give Mysidia half the points.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now