Hello,
i configured ssh on two nodes for oracle rac installation. i can ssh from node1 to node2 without password. but i when i ssh from node2 to node1 password is required. i followed same procedure in both nodes to configure ssh. can someone help me out in this issue.
thanks a lot
Topic
-
Re: SSH Without Password
2008-12-15T12:29:09ZThis is the accepted answer. This is the accepted answer.
Hi Saleem,
I hope the following steps will be helpful to you --
1. Create a public ssh key, if you haven’t one already.
Look at ~/.ssh. If you see a file named id_dsa.pub then you obviously already have a public key. If not, simply create one. ssh-keygen -t dsa should do the trick.
Please note that there are other types of keys, e.g. RSA instead of DSA. I simply recomend DSA, but keep that in mind if you run into errors.
2. Make sure your .ssh dir is 700:
chmod 700 ~/.ssh
3. Get your public ssh key on the server you want to login automatically.
A simple scp ~/.ssh/id_dsa.pub remoteuser@remoteserver.com: is ok.
4. Append the contents of your public key to the ~/.ssh/authorized_keys and remove it.
Important: This must be done on the server you just copied your public key to. Otherwise you wouldn’t have had to copy it on your server.
Simply issue something like ---
cat id_dsa.pub >> .ssh/authorized_keys while at your home directory.
5. Instead of steps 3 and 4, you can issue something like this:
cat ~/.ssh/id_dsa.pub | ssh -l remoteuser remoteserver.com 'cat >> ~/.ssh/authorized_keys'
6. Remove your public key from the home directory on the server.
7. Done!
You can now login:
ssh -l remoteuser remoteserver.com or ssh remoteuser@remoteserver.com
without getting asked for a password.
That’s all you need to do. -
Re: SSH Without Password
2008-12-15T12:32:36ZThis is the accepted answer. This is the accepted answer.
- SystemAdmin
- 2008-12-15T12:29:09Z
Hi Saleem,
I hope the following steps will be helpful to you --
1. Create a public ssh key, if you haven’t one already.
Look at ~/.ssh. If you see a file named id_dsa.pub then you obviously already have a public key. If not, simply create one. ssh-keygen -t dsa should do the trick.
Please note that there are other types of keys, e.g. RSA instead of DSA. I simply recomend DSA, but keep that in mind if you run into errors.
2. Make sure your .ssh dir is 700:
chmod 700 ~/.ssh
3. Get your public ssh key on the server you want to login automatically.
A simple scp ~/.ssh/id_dsa.pub remoteuser@remoteserver.com: is ok.
4. Append the contents of your public key to the ~/.ssh/authorized_keys and remove it.
Important: This must be done on the server you just copied your public key to. Otherwise you wouldn’t have had to copy it on your server.
Simply issue something like ---
cat id_dsa.pub >> .ssh/authorized_keys while at your home directory.
5. Instead of steps 3 and 4, you can issue something like this:
cat ~/.ssh/id_dsa.pub | ssh -l remoteuser remoteserver.com 'cat >> ~/.ssh/authorized_keys'
6. Remove your public key from the home directory on the server.
7. Done!
You can now login:
ssh -l remoteuser remoteserver.com or ssh remoteuser@remoteserver.com
without getting asked for a password.
That’s all you need to do. -
Re: SSH Without Password
2009-02-23T15:46:08ZThis is the accepted answer. This is the accepted answer.
- SystemAdmin
- 2008-12-15T12:29:09Z
Hi Saleem,
I hope the following steps will be helpful to you --
1. Create a public ssh key, if you haven’t one already.
Look at ~/.ssh. If you see a file named id_dsa.pub then you obviously already have a public key. If not, simply create one. ssh-keygen -t dsa should do the trick.
Please note that there are other types of keys, e.g. RSA instead of DSA. I simply recomend DSA, but keep that in mind if you run into errors.
2. Make sure your .ssh dir is 700:
chmod 700 ~/.ssh
3. Get your public ssh key on the server you want to login automatically.
A simple scp ~/.ssh/id_dsa.pub remoteuser@remoteserver.com: is ok.
4. Append the contents of your public key to the ~/.ssh/authorized_keys and remove it.
Important: This must be done on the server you just copied your public key to. Otherwise you wouldn’t have had to copy it on your server.
Simply issue something like ---
cat id_dsa.pub >> .ssh/authorized_keys while at your home directory.
5. Instead of steps 3 and 4, you can issue something like this:
cat ~/.ssh/id_dsa.pub | ssh -l remoteuser remoteserver.com 'cat >> ~/.ssh/authorized_keys'
6. Remove your public key from the home directory on the server.
7. Done!
You can now login:
ssh -l remoteuser remoteserver.com or ssh remoteuser@remoteserver.com
without getting asked for a password.
That’s all you need to do. -
Re: SSH Without Password
2009-02-23T15:52:09ZThis is the accepted answer. This is the accepted answer.
- SystemAdmin
- 2009-02-23T15:46:08Z
I have the same problem. From Server 1 to Server 2 the ssh access is obtained without password but not viceversa. I did the same steps in both servers. Can you help me?
on the client
and
sshd -D -p 10000
that will give you more information
probably there is a problem with file/directory permissions regarding $HOME/.ssh or $HOME/.ssh/authorized_keys -
Re: SSH Without Password
2009-02-23T16:23:36ZThis is the accepted answer. This is the accepted answer.
- Holgervk
- 2009-02-23T15:52:09Z
use ssh -vvv -p 10000
on the client
and
sshd -D -p 10000
that will give you more information
probably there is a problem with file/directory permissions regarding $HOME/.ssh or $HOME/.ssh/authorized_keys
Orphy -
Re: SSH Without Password
2009-02-25T15:54:39ZThis is the accepted answer. This is the accepted answer.
- orphy
- 2009-02-23T16:23:36Z
One of my DBAs ran into the same problem recently and I ended up tracing it to be the permissions of .ssh. As soon as I fixed it to 700, it worked so you should probably compare permissions first. It should be a quick check since you are already working one way.
Orphy -
Re: SSH Without Password
2009-02-25T16:01:17ZThis is the accepted answer. This is the accepted answer.
- SystemAdmin
- 2009-02-25T15:54:39Z
Unfortunately that is not the problem. $HOME/.ssh is fixed to 700 in both lpars and $HOME/.ssh/authorized_keys is fixed to 600 in both lpars. -
Re: SSH Without Password
2009-02-25T16:10:21ZThis is the accepted answer. This is the accepted answer.
- SystemAdmin
- 2009-02-25T16:01:17Z
I meant to say that $HOME/.ssh/authorized_keys are fixed to 644 in both lpars.
chmod 600 $HOME/.ssh/authorized_keys
chmod 600 $HOME/
ls -ld $HOME $HOME/.ssh #to check if everything is owned by the user
I dont think 644 is enough -
Re: SSH Without Password
2009-02-25T19:13:39ZThis is the accepted answer. This is the accepted answer.
- shargus
- 2009-02-25T18:04:25Z
If you haven't done so already, turn on syslog.
sshd will report to syslog if there are problems such as incorrect permissions/ownerships, etc. -
Re: SSH Without Password
2009-02-26T11:57:46ZThis is the accepted answer. This is the accepted answer.
- SystemAdmin
- 2009-02-25T19:13:39Z
Also keep in mind that you can configure SSH to allow/deny various authentication methods: hostbased,publickeys,password. So you might need to check your sshd_config files. Also, a good troubleshooting tool is to use the verbose '-v' flag to troubleshoot these issues. That will show you precisely where the problem lies...sometimes. ;) I hope this is helpful. Good luck. -
Re: SSH Without Password
2009-02-26T15:49:03ZThis is the accepted answer. This is the accepted answer.
the "identity" file is used with ssh protocol 1, id_rsa is used with protocol 2.
It sounds like one of your systems is defaulting to Protocol 1 which is older.
Look in your sshd_config file for "Protocol". Mine says 2,1 which means it will use
protocol 2 primarily.
You can also try your ssh command with "-1" or "-2" to force it to use either protocol.
All of this information can be found at openssh.org. -
Re: SSH Without Password
2009-02-27T08:55:14ZThis is the accepted answer. This is the accepted answer.
- unixgrl
- 2009-02-26T15:49:03Z
the "identity" file is used with ssh protocol 1, id_rsa is used with protocol 2.
It sounds like one of your systems is defaulting to Protocol 1 which is older.
Look in your sshd_config file for "Protocol". Mine says 2,1 which means it will use
protocol 2 primarily.
You can also try your ssh command with "-1" or "-2" to force it to use either protocol.
All of this information can be found at openssh.org.
- Disable legacy (protocol version 1) support in the server for new
- installations. In future the default will change to require explicit
- activation of protocol 1
I have configured the ssh passwordless following the "Implementing High Availability Cluster Multi-Processsing (HACMP) Cookbook.pdf" redbook, and this is what the redbook tells us about that:
1. Login with the required user identity.
2. Generate your authentication key pair:
ssh-keygen -t rsa -f ~/.ssh/node1
Press Enter for the passphrase (no password).
This command generates two files:
– ~/.ssh/node1: this is your secret key
– ~/.ssh/node1.pub: this is your public key
3. Rename your secret key to identity:
mv ~/.ssh/node1 ~/.ssh/identity
4. Add the public key to your authorized_keys file on the local node, so the SSH
will work for the localhost:
cat ~/.ssh/node1.pub >> ~/.ssh/authorized_keys
5. Copy your public key to all other hosts:
scp ~/.ssh/node1.pub nodeX:~/.ssh/node1.pub
Repeat this command for each node in the cluster.
6. Add node1’s public key to the authorized_keys file on the remote hosts:
ssh nodeX “cat ~/.ssh/node1.pub >> ~/.ssh/authorized_keys”
Repeat this command for each node in the cluster.
7. Repeat steps 1 to 6 on all hosts.
Identity is the name I gave to the id_rsa file in both nodes -
Re: SSH Without Password
2009-03-02T15:02:21ZThis is the accepted answer. This is the accepted answer.
That step that says to change your key file to "identity" doesn't make any sense unless HACMP is trying to use protocol 1. It sounds like the Redbook needs updating. No app should be using protocol 1 anymore. I wouldn't change the names of the key files. Just copy the .pub keys into authorized_keys on the other systems. -
Re: SSH Without Password
2009-03-04T12:23:32ZThis is the accepted answer. This is the accepted answer.
- unixgrl
- 2009-03-02T15:02:21Z
That step that says to change your key file to "identity" doesn't make any sense unless HACMP is trying to use protocol 1. It sounds like the Redbook needs updating. No app should be using protocol 1 anymore. I wouldn't change the names of the key files. Just copy the .pub keys into authorized_keys on the other systems.
Thank you so much. -
Re: SSH Without Password
2009-03-23T11:55:46ZThis is the accepted answer. This is the accepted answer.
- unixgrl
- 2009-03-02T15:02:21Z
That step that says to change your key file to "identity" doesn't make any sense unless HACMP is trying to use protocol 1. It sounds like the Redbook needs updating. No app should be using protocol 1 anymore. I wouldn't change the names of the key files. Just copy the .pub keys into authorized_keys on the other systems.
From node "proeccdiag" to node "proecc01" (works ok):
proadm> ssh -v proecc01
OpenSSH_4.7p1, OpenSSL 0.9.8f 11 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
0509-026 System error: A file or directory in the path name does not exist.
debug1: Error loading Kerberos, disabling Kerberos auth.
debug1: Connecting to proecc01 http://172.16.60.107 port 22.
debug1: Connection established.
debug1: identity file /home/proadm/.ssh/identity type -1
debug1: identity file /home/proadm/.ssh/id_rsa type 1
debug1: identity file /home/proadm/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7
debug1: match: OpenSSH_4.7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'proecc01' is known and matches the RSA host key.
debug1: Found key in /home/proadm/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/proadm/.ssh/identity
debug1: Offering public key: /home/proadm/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new client-session
debug1: Entering interactive session.
Last unsuccessful login: Wed Mar 4 11:33:38 CUT 2009 on ssh from proecc02
Last login: Wed Mar 11 12:16:57 CUT 2009 on /dev/pts/2 from proeccdiag
### #
##### ##### #### ###### #### #### # # ##
# # # # # # # # # # # # # # #
# # # # # # ##### # # # # #
##### ##### # # # # # # # #
# # # # # # # # # # # # #
# # # #### ###### #### #### ### #####
YOU HAVE NEW MAIL
From node "proecc01" to node "proeccdiag" (doesn't work):
proadm> ssh -v proeccdiag
OpenSSH_4.7p1, OpenSSL 0.9.8f 11 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
0509-026 System error: A file or directory in the path name does not exist.
debug1: Error loading Kerberos, disabling Kerberos auth.
debug1: Connecting to proeccdiag http://172.16.60.108 port 22.
debug1: Connection established.
debug1: identity file /home/proadm/.ssh/identity type -1
debug1: identity file /home/proadm/.ssh/id_rsa type 1
debug1: identity file /home/proadm/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7
debug1: match: OpenSSH_4.7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'proeccdiag' is known and matches the RSA host key.
debug1: Found key in /home/proadm/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/proadm/.ssh/identity
debug1: Offering public key: /home/proadm/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/proadm/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
proadm@proeccdiag's password: -
Re: SSH Without Password
2009-03-23T13:17:20ZThis is the accepted answer. This is the accepted answer.
- SystemAdmin
- 2009-03-23T11:55:46Z
Unfortunately I have not enterely solved the problem. I am trying ssh passwordless between three nodes. It is working in two of them but not with the third. This one is able to do ssh passwordless against the others but it is not possible for the others do it against this one. I attach the logs. Please help me.
From node "proeccdiag" to node "proecc01" (works ok):
proadm> ssh -v proecc01
OpenSSH_4.7p1, OpenSSL 0.9.8f 11 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
0509-026 System error: A file or directory in the path name does not exist.
debug1: Error loading Kerberos, disabling Kerberos auth.
debug1: Connecting to proecc01 http://172.16.60.107 port 22.
debug1: Connection established.
debug1: identity file /home/proadm/.ssh/identity type -1
debug1: identity file /home/proadm/.ssh/id_rsa type 1
debug1: identity file /home/proadm/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7
debug1: match: OpenSSH_4.7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'proecc01' is known and matches the RSA host key.
debug1: Found key in /home/proadm/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/proadm/.ssh/identity
debug1: Offering public key: /home/proadm/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new client-session
debug1: Entering interactive session.
Last unsuccessful login: Wed Mar 4 11:33:38 CUT 2009 on ssh from proecc02
Last login: Wed Mar 11 12:16:57 CUT 2009 on /dev/pts/2 from proeccdiag
### #
##### ##### #### ###### #### #### # # ##
# # # # # # # # # # # # # # #
# # # # # # ##### # # # # #
##### ##### # # # # # # # #
# # # # # # # # # # # # #
# # # #### ###### #### #### ### #####
YOU HAVE NEW MAIL
From node "proecc01" to node "proeccdiag" (doesn't work):
proadm> ssh -v proeccdiag
OpenSSH_4.7p1, OpenSSL 0.9.8f 11 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
0509-026 System error: A file or directory in the path name does not exist.
debug1: Error loading Kerberos, disabling Kerberos auth.
debug1: Connecting to proeccdiag http://172.16.60.108 port 22.
debug1: Connection established.
debug1: identity file /home/proadm/.ssh/identity type -1
debug1: identity file /home/proadm/.ssh/id_rsa type 1
debug1: identity file /home/proadm/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7
debug1: match: OpenSSH_4.7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'proeccdiag' is known and matches the RSA host key.
debug1: Found key in /home/proadm/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/proadm/.ssh/identity
debug1: Offering public key: /home/proadm/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/proadm/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
proadm@proeccdiag's password:
If you generate the keys with no passphrase then these can be used for SSH without password (a quick google should show some guides for this such as http://oreilly.com/pub/h/66 ).
To setup ssh you basically need to copy the id_rsa.pub into the authorized_keys2 file on the remote server.
It looks like you have done this from diag to c01, but not vice versa.
Check that the id_rsa.pub from c01 is in the authorized_keys2 file on diag, make sure the file has permissions of 600 and check the formatting of the file, extra spaces and other bad formatting can sometimes stop SSH from working.
regards
Chris -
Re: SSH Without Password
2009-03-24T11:16:19ZThis is the accepted answer. This is the accepted answer.
- CRM
- 2009-03-23T13:17:20Z
When you generate keys on each server (hopefully using ssh-keygen) you will get a public key (id_rsa.pub) and a private key (id.rsa) if you are using rsa keys.
If you generate the keys with no passphrase then these can be used for SSH without password (a quick google should show some guides for this such as http://oreilly.com/pub/h/66 ).
To setup ssh you basically need to copy the id_rsa.pub into the authorized_keys2 file on the remote server.
It looks like you have done this from diag to c01, but not vice versa.
Check that the id_rsa.pub from c01 is in the authorized_keys2 file on diag, make sure the file has permissions of 600 and check the formatting of the file, extra spaces and other bad formatting can sometimes stop SSH from working.
regards
Chris -
Re: SSH Without Password
2010-11-01T13:56:20ZThis is the accepted answer. This is the accepted answer.
Hello,
i have the same issue.
The log shows follows:
********************************************************
nim2:/.ssh>ssh -v kwt
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
0509-026 System error: A file or directory in the path name does not exist.
debug1: Error loading Kerberos, disabling Kerberos auth.
debug1: Connecting to kwt http://172.16.130.208 port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /.ssh/identity type -1
debug1: identity file /.ssh/id_rsa type 1
debug1: identity file /.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.1
debug1: match: OpenSSH_4.1 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: Entering the function :kex_choose_conf
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'kwt' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:237
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: The Key: 0
debug1: Trying private key: /.ssh/identity
debug1: After function load_identity_file
debug1: The Key: 1
debug1: Offering public key: /.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: The Key: 2
debug1: Offering public key: /.ssh/id_dsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
root@kwt's password:
********************************************************
The ~/.ssh directory has chmod 700
The ~/.ssh/authorized_keys has chmod 644
Both keys (dsa & rsa) are added to authorized_keys.
But a ssh to localhost are with passwort logon, too.
********************************************************
p51a003p:/>ssh -v localhost
OpenSSH_4.1p1, OpenSSL 0.9.7g 11 Apr 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
0509-026 System error: A file or directory in the path name does not exist.
debug1: Error loading Kerberos, disabling Kerberos auth.
debug1: Connecting to localhost http://127.0.0.1 port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /.ssh/identity type -1
debug1: identity file /.ssh/id_rsa type 1
debug1: identity file /.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.1
debug1: match: OpenSSH_4.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:18
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /.ssh/identity
debug1: Offering public key: /.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering public key: /.ssh/id_dsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
root@localhost's password:
********************************************************
has anyone a suggestion?
regards
chris -
Re: SSH Without Password
2013-05-09T10:54:52ZThis is the accepted answer. This is the accepted answer.
- SystemAdmin
- 2008-12-15T12:29:09Z
Hi Saleem,
I hope the following steps will be helpful to you --
1. Create a public ssh key, if you haven’t one already.
Look at ~/.ssh. If you see a file named id_dsa.pub then you obviously already have a public key. If not, simply create one. ssh-keygen -t dsa should do the trick.
Please note that there are other types of keys, e.g. RSA instead of DSA. I simply recomend DSA, but keep that in mind if you run into errors.
2. Make sure your .ssh dir is 700:
chmod 700 ~/.ssh
3. Get your public ssh key on the server you want to login automatically.
A simple scp ~/.ssh/id_dsa.pub remoteuser@remoteserver.com: is ok.
4. Append the contents of your public key to the ~/.ssh/authorized_keys and remove it.
Important: This must be done on the server you just copied your public key to. Otherwise you wouldn’t have had to copy it on your server.
Simply issue something like ---
cat id_dsa.pub >> .ssh/authorized_keys while at your home directory.
5. Instead of steps 3 and 4, you can issue something like this:
cat ~/.ssh/id_dsa.pub | ssh -l remoteuser remoteserver.com 'cat >> ~/.ssh/authorized_keys'
6. Remove your public key from the home directory on the server.
7. Done!
You can now login:
ssh -l remoteuser remoteserver.com or ssh remoteuser@remoteserver.com
without getting asked for a password.
That’s all you need to do.I tried the above said. but still system asking for the password.