danieliturbe
asked on
password-less ssh from Redhat Linux to Solaris NIS server
I tried for hours to get password-less ssh working to a Solaris NIS server from a RedHat with no luck. Below is the verbose output from the ssh attempt last made. Can you see if you can figure it out, please? We need to keep it SSHv2 and leave v1 disabled.
[usew@w8654usew ~/.ssh]$ ssh -v s8654geo1
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: Connecting to s8654geo1 [10.20.5.5] port 22.
debug1: Connection established.
debug1: identity file /net/home/usew/.ssh/identi
debug1: identity file /net/home/usew/.ssh/id_rsa
debug1: identity file /net/home/usew/.ssh/id_dsa
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUES
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 's8654geo1' is known and matches the RSA host key.
debug1: Found key in /net/home/usew/.ssh/known_
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-m
debug1: Next authentication method: publickey
debug1: Trying private key: /net/home/usew/.ssh/identi
debug1: Offering public key: /net/home/usew/.ssh/id_rsa
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-m
debug1: Offering public key: /net/home/usew/.ssh/id_dsa
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-m
debug1: Next authentication method: keyboard-interactive
Password:
[usew@w8654usew ~/.ssh]$ ssh -v s8654geo1
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: Connecting to s8654geo1 [10.20.5.5] port 22.
debug1: Connection established.
debug1: identity file /net/home/usew/.ssh/identi
debug1: identity file /net/home/usew/.ssh/id_rsa
debug1: identity file /net/home/usew/.ssh/id_dsa
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUES
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 's8654geo1' is known and matches the RSA host key.
debug1: Found key in /net/home/usew/.ssh/known_
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-m
debug1: Next authentication method: publickey
debug1: Trying private key: /net/home/usew/.ssh/identi
debug1: Offering public key: /net/home/usew/.ssh/id_rsa
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-m
debug1: Offering public key: /net/home/usew/.ssh/id_dsa
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-m
debug1: Next authentication method: keyboard-interactive
Password:
Did you run ssh-keygen to generate a private key, and then copy the contents of .ssh/id_rsa (or dsa) to .ssh/authorized_keys on the remote machine? If you did and it still doesn't work, ssh can be VERY picky about the permissions on both sides, especially if it is told to be very strict in the config file. It need all of the files ALL of the way up to the home directory to be pretty much restricted to just the user account. Not just the .ssh directory, but the user's home directory and /home.
Let us know what you've done so far as far as key generator, and double-check permissions. Worst case, rather than just running debug on the client side, also run ssh in the foreground with debugging on on the server side too.
Let us know what you've done so far as far as key generator, and double-check permissions. Worst case, rather than just running debug on the client side, also run ssh in the foreground with debugging on on the server side too.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Please see the links below:
http://www.astro.caltech.edu/~mbonati/WIRC/manual/DATARED/setting_up_no-password_ssh.html
http://waelchatila.com/2005/06/06/1118124232757.html
http://www.cvrti.utah.edu/~dustman/no-more-pw-ssh/