Hosts:
A) Solaris 8 using:
SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090600f).
B) RedHat Linux 7.2 using:
OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
Can ssh from [A] to [B] requiring password and vice-versa, using either
root or a non-root user.
1) --------------------------------
Now trying to do ssh from [A] to [B] as root with a command passed-in to
ssh to rsync, like this, in a single line:
/usr/bin/ssh host-linux /usr/local/bin/rsync -avp --delete -e
usr/bin/ssh --rsync-path=/usr/local/bin/rsync host-solaris:/export/app1
/export
However, when I do the above command from [A], and then entering the
password root [B], I get:
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
unexpected EOF in read_timeout
Adding -v -v to the above shows:
SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090600f).
debug: Reading configuration data /opt/openssh/etc/ssh_config
debug: Command 'last' timed out
debug: Command 'ipcs -a' exit status was 255
debug: Seeded RNG with 41 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to host-linux [10.0.21.31] port 22.
debug: Command 'last' disabled (badness 2)
debug: Command 'ipcs -a' disabled (badness 128)
debug: Seeded RNG with 38 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Allocated local port 824.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_3.1p1
debug: no match: OpenSSH_3.1p1
debug: Local version string SSH-1.5-OpenSSH_2.3.0p1
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host 'mig-linux' is known and matches the RSA host key.
debug: Command 'last' disabled (badness 1)
debug: Command 'ipcs -a' disabled (badness 127)
debug: Seeded RNG with 38 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Trying RSA authentication with key 'root@sydwb621'
..... The above line sounds suspicious. Why would openssh trying the
key for another host when I told it to login to host-linux ?
Anyway, running the same command above but directed to other hosts works
without problems.
debug: Server refused our key.
debug: Doing password authentication.
root@host-linux's password:
debug: Sending command: /usr/local/bin/rsync -avp --delete -e
/usr/bin/ssh -v -v --rsync-path=/usr/local/bin/rsync
app1:/export/softgame /export
debug: Entering interactive session.
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
unexpected EOF in read_timeout
debug: Transferred: stdin 0, stdout 148, stderr 0 bytes in 0.5 seconds
debug: Bytes per second: stdin 0.0, stdout 306.2, stderr 0.0
debug: Exit status 12
debug: writing PRNG seed to file //.ssh/prng_seed
The above shows that the password is correct ( Otherwise, the debug
output would not show "Sending command..." )
Furthermore, I can run rsync from [B] without problems, as long as I
type the password, like this:
/usr/local/bin/rsync -avp --delete -e /usr/bin/ssh
--rsync-path=/usr/local/bin/rsync host-solaris:/export/softgame /export
2) --------------------------------
So I suspect that the problem has to do with having to specify a
no-passphrase authentication using private/public key pairs.
Correct ?
Anyway, I ran the following from [B]:
ssh-keygen -t rsa1
Reason I used RSA1 is that the format of the authorized keys in [A]
looks like from RSA1. The .pub keys from -t rsa or -t dsa does not look
the same as that of the authorized_keys in [A].
So I then copied the .pub to [A], cat >> authorized_keys on [A].
( Do I need to restart ssh for that to take effect ? )
However, when I then try to ssh from [B] to [A], I still get prompted
for a password.
Here is the output from [B] ( linux ) when I type 'ssh -v -v
root@host-solaris':
[root@mig-linux /]# ssh -v -v root@app1
OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 0 geteuid 0 anon 1
debug1: Connecting to app1 [10.0.21.17] port 22.
debug1: temporarily_use_uid: 0/0 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 0/0 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /root/.ssh/identity type 0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_2.3.0p1
debug1: match: OpenSSH_2.3.0p1 pat OpenSSH_2.3.0*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.1p1
debug2: Original cipher proposal:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: Compat cipher proposal: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour
debug2: Original cipher proposal:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: Compat cipher proposal: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour
debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-(E-Mail Removed),hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-(E-Mail Removed),hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss
debug2: kex_parse_kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijnda
el256-cbc,rijndael-(E-Mail Removed)
debug2: kex_parse_kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijnda
el256-cbc,rijndael-(E-Mail Removed)
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5,hmac-(E-Mail Removed)
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5,hmac-(E-Mail Removed)
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client 3des-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server 3des-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 181/384
debug1: bits set: 531/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'host-solaris' is known and matches the DSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: bits set: 529/1024
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password
debug1: next auth method to try is publickey
debug1: try privkey: /root/.ssh/id_rsa
debug1: try privkey: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: next auth method to try is password
root@host-solaris's password:
If I try to force it to version 1 ( ssh -v -v -1 root@host-solaris ),
here is what I get:
OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 0 geteuid 0 anon 1
debug1: Connecting to app1 [10.0.21.17] port 22.
debug1: temporarily_use_uid: 0/0 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 0/0 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /root/.ssh/identity type 0
debug1: Remote protocol version 1.99, remote software version
OpenSSH_2.3.0p1
debug1: match: OpenSSH_2.3.0p1 pat OpenSSH_2.3.0*
debug1: Local version string SSH-1.5-OpenSSH_3.1p1
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'app1' is known and matches the RSA1 host key.
debug1: Found key in /root/.ssh/known_hosts:3
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: cipher_init: set keylen (16 -> 32)
debug1: cipher_init: set keylen (16 -> 32)
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying RSA authentication with key '/root/.ssh/identity'
debug1: Received RSA challenge from server.
Enter passphrase for RSA key '/root/.ssh/identity':
In any case ... both are requiring me to put a password.
Help!
Similar Threads
Linear Mode
