[SGVLUG] SSH Keys / Trusted Authentication

Sean O'Donnell sodonnell at childrensoncologygroup.org
Thu May 4 17:15:18 PDT 2006


 
PS: I do not receive an error when cvsserv:~/.ssh is set to chmod(0775),
but do when set to chmod(0700) or chmod(0755).

OpenSSH_4.3p1, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to cvsserv [10.10.15.51] port 22.
debug1: Connection established.
debug1: identity file /home/myid/.ssh/identity type 0
debug1: identity file /home/myid/.ssh/id_rsa type 1
debug1: identity file /home/myid/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'cvsserv' is known and matches the RSA host key.
debug1: Found key in /home/myid/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/myid/.ssh/id_rsa
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Offering public key: /home/myid/.ssh/id_dsa
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: password
myid at cvsserv's password: *prompt*
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.

In either of the cases, I still receive the password prompt. =/

Thanks,

Sean O'Donnell
Programmer Analyst (PHP)
Children's Oncology Group (COG) 
CureSearch Technology Group (CTG)

440 E. Huntinton Dr. 2nd Floor
Arcadia, CA 91066

[office] (626) 241-1752
[email] sodonnell at cogmembers.org

PGP Public Key: 0xE6A0E96C
PGP Public Key Server: http://pgp.mit.edu

----
-----Original Message-----
From: sgvlug-bounces at sgvlug.net [mailto:sgvlug-bounces at sgvlug.net] On
Behalf Of Sean O'Donnell
Sent: Thursday, May 04, 2006 4:40 PM
To: SGVLUG Discussion List.
Subject: RE: [SGVLUG] SSH Keys / Trusted Authentication


-- *SNIP* --
ssh cvsserver
scp mylocalhost:~/.ssh/*.pub .
mkdir -m 0700 .ssh
cd !$
cat ../*.pub >> authorized_keys
chmod 0600 !$

Technically, you should really only need id_rsa.pub *or* id_dsa.pub.  I
prefer the former.  SSHv1 should be shut off on all servers.

-- *SNIP* --

I don't have root access to the servers, and there is no longer an admin
available until they find a new one, which may not be for awhile. =/

Anyhow, I tried your suggestion Jeff, but still no luck. =/

I did notice a failure when logging in to ssh in verbose mode, that I
didn't receive (or perhaps notice) yesterday... 'debug1:
PEM_read_PrivateKey failed'

Here is the log, just in case...

OpenSSH_4.3p1, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to cvsserv [10.10.15.51] port 22.
debug1: Connection established.
debug1: identity file /home/myid/.ssh/identity type 0
debug1: identity file /home/myid/.ssh/id_rsa type 1
debug1: identity file /home/myid/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'cvsserv' is known and matches the RSA host key.
debug1: Found key in /home/myid/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/myid/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown> Enter passphrase for
key '/home/myid/.ssh/id_rsa':
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.


Thanks,

Sean O'Donnell
Programmer Analyst (PHP)
Children's Oncology Group (COG)
CureSearch Technology Group (CTG)

440 E. Huntinton Dr. 2nd Floor
Arcadia, CA 91066

[office] (626) 241-1752
[email] sodonnell at cogmembers.org

PGP Public Key: 0xE6A0E96C
PGP Public Key Server: http://pgp.mit.edu

----




More information about the SGVLUG mailing list