Solved

ssh localhost keeps asking for password

Posted on 2004-09-02
3
2,745 Views
Last Modified: 2013-12-04
Hello,

I've created ssh keys (both rsa and dsa), saved them to authorized_keys and authorized_keys2 files, ran ssh-agent and ssh-add, but when I try to ssh to localhost, I'm still being asked my password.  Here's what I get:

ssh -v -l wtcorrea localhost
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/wtcorrea/.ssh/identity type -1
debug1: identity file /home/wtcorrea/.ssh/id_rsa type 1
debug1: identity file /home/wtcorrea/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /home/wtcorrea/.ssh/known_hosts:8
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering agent key: /home/wtcorrea/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering agent key: /home/wtcorrea/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/wtcorrea/.ssh/identity
debug1: Offering public key: /home/wtcorrea/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering public key: /home/wtcorrea/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
wtcorrea@localhost's password:

I'm running Fedora Core 2, and my .ssh directory looks like this:

drwx------   2 wtcorrea wtcorrea 4096 Sep  2 17:09 ./
drwxrwxr-x  52 wtcorrea wtcorrea 4096 Sep  2 17:09 ../
-rw-------   1 wtcorrea wtcorrea  224 Sep  2 16:55 authorized_keys
-rw-------   1 wtcorrea wtcorrea  604 Sep  2 16:13 authorized_keys2
-rw-------   1 wtcorrea wtcorrea  736 May 25 15:18 id_dsa
-rw-r--r--   1 wtcorrea wtcorrea  604 May 25 15:18 id_dsa.pub
-rw-------   1 wtcorrea wtcorrea  951 Sep  2 16:54 id_rsa
-rw-r--r--   1 wtcorrea wtcorrea  224 Sep  2 16:54 id_rsa.pub
-rw-------   1 wtcorrea wtcorrea 3382 Sep  2 16:20 known_hosts

Any ideas on how to fix this?

Thanks,

Wagner
0
Comment
Question by:wtcorrea
3 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 11970190
When you created the public/private keys did you supply a passphrase at the prompt? If you did you'll always have to enter that passphrase to use the key.
0
 
LVL 23

Accepted Solution

by:
Mysidia earned 75 total points
ID: 11970601
How'd you save them?

the keys need to appear one per line in authorized_keys
if you pasted them into an editor and it wrapped a key over several lines it won't work

also check the permissions of your home directory
  ls -ld /home/user

If anything in the path to /home/user/.ssh/* is group writable (for example) the ssh server may be ignoring the
.ssh directory entirely
0
 
LVL 14

Assisted Solution

by:chris_calabrese
chris_calabrese earned 50 total points
ID: 11972012
As shown in
> drwxrwxr-x  52 wtcorrea wtcorrea 4096 Sep  2 17:09 ../

Your home directory is group writable. Since Mysidia mentioned this issue in general, but not specifically, you should give Mysidia half the points.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question