You are not logged in.
- Topics: Active | Unanswered
#1 2010-08-31 00:44:25
- markg85
- Member
- Registered: 2009-06-27
- Posts: 149
[Solved] How can i get SSH public key authentication working?
Hi,
Before i get a dozen links to different howto tutorials; i've tried most of them already. Somehow it's simply not working.
This is my situations.
A client machine (running archlinux)
A server machine (running archlinux)
The client and server ssh configuration the one that is default with archlinux.
I made a few keys on the client, imported them in the ".ssh/authorized_keys" file and then tested to login with password from the key. This sadly (after hours of trying) failed.
I did chmod the .ssh/authorized_keys file to 600 (among dozens of tries) but nothing helped. I also restarted the ssh server every time after edits where made to the sshd_config file but i ended up reverting back to the default archlinux one.
Some help with this would be awesome.
Note: I want to try this in combination with git (gitweb to be specific) which is also why i wrote: http://wiki.archlinux.org/index.php/Gitweb ...
If someone can help me out with this ssh issue then i can finish that howto with ssh connection.
Regards,
Mark
Last edited by markg85 (2010-08-31 19:23:53)
Offline
#2 2010-08-31 00:48:15
- jasonwryan
- Anarchist
- From: .nz
- Registered: 2009-05-09
- Posts: 30,424
- Website
Re: [Solved] How can i get SSH public key authentication working?
Did you copy the public key from the client to the server?
Also, run ssh with the -v flag to generate some meaningful errors - just telling us it failed is not that helpful...
Pastebinning your conf files would also cut down on the amount of to-ing and fro-ing.
Offline
#3 2010-08-31 14:04:13
- markg85
- Member
- Registered: 2009-06-27
- Posts: 149
Re: [Solved] How can i get SSH public key authentication working?
Did you copy the public key from the client to the server?
Also, run ssh with the -v flag to generate some meaningful errors - just telling us it failed is not that helpful...
Pastebinning your conf files would also cut down on the amount of to-ing and fro-ing.
Oke, here we go.
I didn't copy them and put them in the .ssh folder. I did add them in the "authorized_keys" file (and "authorized_keys2" to be sure).
(server and client) sshd_config : http://pastebin.com/6JrJFA9q -- is just the default..
(server and client) ssh_config : http://pastebin.com/t6YvQSBB -- is just the default..
As for the log (-vvv)
└─▶ ssh git@192.168.1.99 -vvv
OpenSSH_5.5p1, OpenSSL 1.0.0a 1 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.99 [192.168.1.99] port 22.
debug1: Connection established.
debug3: Not a RSA1 key file /home/mark/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/mark/.ssh/id_rsa type 1
debug1: identity file /home/mark/.ssh/id_rsa-cert type -1
debug1: identity file /home/mark/.ssh/id_dsa type -1
debug1: identity file /home/mark/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5
debug1: match: OpenSSH_5.5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 125/256
debug2: bits set: 507/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: host 192.168.1.99 filename /home/mark/.ssh/known_hosts
debug3: check_host_in_hostfile: host 192.168.1.99 filename /home/mark/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 4
debug1: Host '192.168.1.99' is known and matches the RSA host key.
debug1: Found key in /home/mark/.ssh/known_hosts:4
debug2: bits set: 526/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/mark/.ssh/id_rsa (0x817c90)
debug2: key: /home/mark/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/mark/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/mark/.ssh/id_dsa
debug3: no such identity: /home/mark/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
git@192.168.1.99's password:
And when typing in the password this gets added:
debug3: packet_send2: adding 64 (len 54 padlen 10 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
The directory structure on the git user (which is on the server i connect to) is:
.
./.bash_history
./.ssh
./.ssh/id_rsa.pub
./.ssh/authorized_keys
./.ssh/authorized_keys2
./.ssh/filename.pub
As you can see. 2 pub keys are in the .ssh folder and both are also in authorized_keys and authorized_keys2 which was done with:
cat *.pub >> authorized_keys
cat *.pub >> authorized_keys2
And the pub + private keys are on the client in "/home/mark/ssh".
I think you have about all information that i can possibly give now ^_^
Last edited by markg85 (2010-08-31 14:15:32)
Offline
#4 2010-08-31 14:33:54
- markg85
- Member
- Registered: 2009-06-27
- Posts: 149
Re: [Solved] How can i get SSH public key authentication working?
Resolved it!
The permissions where wrong.
So, in case you or anyone else reading this thread later on gets similar issues then please look at:
cat /var/log/auth.log
If it contains lines like this at the end:
Aug 31 16:19:45 localhost sshd[4545]: Authentication refused: bad ownership or modes for directory _YOUR_FOLDER_
Then you obviously have permission issues.
The user where you login to needs to have the following permissions:
chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Updating that fixed it for me.
Offline
#5 2010-08-31 18:33:25
- jasonwryan
- Anarchist
- From: .nz
- Registered: 2009-05-09
- Posts: 30,424
- Website
Re: [Solved] How can i get SSH public key authentication working?
That's great. Please prepend [Solved] to the first post title.
Offline