Problem Setting Up Ssh Keys.

[niels]

Hey everybody,

I'm having some trouble setting up some key authentication with ssh between a macbook and a linux server.

I first tried generating a key pair on my linux pc and then copied them over to my macbook using scp.

I could login from my linux server to my macbook.

But I was looking to setup this configuration the other way around.

I tried the same steps on my macbook to generate the keys and transfer the public key to the server.

But when I try to login the linux server still asks the user password like before, and that is just something I don't want.

I find a strange that I can do it one way but not the other way around.

I tried the same process several times making sure I didn't make any mistakes but still the same result.

Is their a configuration I must enable in the ssh_config file or anybody an idea what could be the problem ?

Thanks in advance.

[Jason Cooper]

Common things to check for keys issues in SSH is the actual key in the authorized_keys file and the permissions around the files. Make sure the key is valid in the authorized_keys file and that it hasn't been truncated (sometimes a slightly truncated key can be hard to spot).

Check the permissions on the .ssh directory (it should be 700) and that it is owned by the user. The authorized_keys file under the .ssh directory should have permissions of 600 and also be owned by the user.

If those checks don't resolve anything then check the configuration file for the ssh server and make sure that it has the right settings in it for allowing keys to be used.

Finally if all those seem fine then try checking both the ssh log on the server and setting the ssh client to verbose mode (-v) and look at why the say the key authorization failed.

[niels]

- Check the permissions

-check the sshd_config file

this is the output I got on the server:

sshd[557]: debug3: mm_answer_keyallowed entering
sshd[557]: debug3: mm_answer_keyallowed: key_from_blob: 0x7fb0e3547150
sshd[557]: debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
sshd[557]: debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
sshd[557]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
sshd[557]: debug1: trying public key file /home/niels/.ssh/authorized_keys
sshd[557]: debug1: restore_uid: 0/0
sshd[557]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
sshd[557]: debug1: trying public key file /home/niels/.ssh/authorized_keys2
sshd[557]: debug1: fd 4 clearing O_NONBLOCK
sshd[557]: debug3: secure_filename: checking '/home/niels/.ssh'
sshd[557]: debug3: secure_filename: checking '/home/niels'
sshd[557]: debug3: secure_filename: terminating check at '/home/niels'
sshd[557]: debug3: key_read: type mismatch
sshd[557]: debug2: user_key_allowed: check options: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5lhFkGALO0bJWbuO3fcTjLPSd+1I1LvTgPvVK9Tesrwj6jvPELWMFbqn2cxIYdWaIt3z4H+m9VdmmJgJMS02EeH5/WtjGtxTKFJqTBFbQuKWhZSnmPZrgoGrjnTNb3Cyr57qD+DPMKAJzCX1ZXFutY4QhvH5elDWsDkp6p7gF2iumFwuayVZe/Nhf3V/39x/ZmaRbs6x8lW6jxQl7U2RE3venid1zfjIwOZunkF7ZuxgcqkPRtcAi+3VLL6WaLcl3lKcJHW+6LZASlYWzdGaW06momZZHcdaa5JngUwTldgxWmgcpt4r3CCa1JXk9sPYJiSVB3X3GESMRSnkD6WSdw== xxxx@xxxxxxx\n'
sshd[557]: debug2: key_type_from_name: unknown key type 'AAAAB3NzaC1yc2EAAAABIwAAAQEA5lhFkGALO0bJWbuO3fcTjLPSd+1I1LvTgPvVK9Tesrwj6jvPELWMFbqn2cxIYdWaIt3z4H+m9VdmmJgJMS02EeH5/WtjGtxTKFJqTBFbQuKWhZSnmPZrgoGrjnTNb3Cyr57qD+DPMKAJzCX1ZXFutY4QhvH5elDWsDkp6p7gF2iumFwuayVZe/Nhf3V/39x/ZmaRbs6x8lW6jxQl7U2RE3venid1zfjIwOZunkF7ZuxgcqkPRtcAi+3VLL6WaLcl3lKcJHW+6LZASlYWzdGaW06momZZHcdaa5JngUwTldgxWmgcpt4r3CCa1JXk9sPYJiSVB3X3GESMRSnkD6WSdw=='
sshd[557]: debug3: key_read: missing keytype
sshd[557]: debug2: user_key_allowed: advance: 'AAAAB3NzaC1yc2EAAAABIwAAAQEA5lhFkGALO0bJWbuO3fcTjLPSd+1I1LvTgPvVK9Tesrwj6jvPELWMFbqn2cxIYdWaIt3z4H+m9VdmmJgJMS02EeH5/WtjGtxTKFJqTBFbQuKWhZSnmPZrgoGrjnTNb3Cyr57qD+DPMKAJzCX1ZXFutY4QhvH5elDWsDkp6p7gF2iumFwuayVZe/Nhf3V/39x/ZmaRbs6x8lW6jxQl7U2RE3venid1zfjIwOZunkF7ZuxgcqkPRtcAi+3VLL6WaLcl3lKcJHW+6LZASlYWzdGaW06momZZHcdaa5JngUwTldgxWmgcpt4r3CCa1JXk9sPYJiSVB3X3GESMRSnkD6WSdw== xxxx@xxxxxxx\n'
sshd[557]: debug1: restore_uid: 0/0
sshd[557]: debug2: key not found
sshd[557]: Failed publickey for niels from 94.226.16.213 port 59809 ssh2
sshd[557]: debug3: mm_answer_keyallowed: key 0x7fb0e3547150 is not allowed
sshd[557]: debug3: mm_request_send entering: type 22
sshd[557]: debug3: mm_request_receive entering
sshd[557]: debug3: monitor_read: checking request 11
sshd[557]: debug3: auth_shadow_pwexpired: today 14970 sp_lstchg 14891 sp_max 99999
sshd[557]: debug3: mm_answer_authpassword: sending result 0
sshd[557]: debug3: mm_request_send entering: type 12
sshd[557]: Failed password for niels from 94.226.16.213 port 59809 ssh2
sshd[557]: debug3: mm_request_receive entering
sshd[557]: debug3: monitor_read: checking request 11
sshd[557]: debug3: mm_answer_authpassword: sending result 0
sshd[557]: debug3: mm_request_send entering: type 12
sshd[557]: Failed password for niels from 94.226.16.213 port 59809 ssh2
sshd[557]: debug3: mm_request_receive entering
sshd[557]: debug3: monitor_read: checking request 11
sshd[557]: debug3: mm_answer_authpassword: sending result 1
sshd[557]: debug3: mm_request_send entering: type 12
sshd[557]: Accepted password for niels from 94.226.16.213 port 59809 ssh2
sshd[557]: debug1: monitor_child_preauth: niels has been authenticated by privileged process
sshd[557]: debug3: mm_get_keystate: Waiting for new keys
sshd[557]: debug3: mm_request_receive_expect entering: type 25
sshd[557]: debug3: mm_request_receive entering
sshd[557]: debug3: mm_newkeys_from_blob: 0x7fb0e35480e0(122)
sshd[557]: debug2: mac_setup: found hmac-md5
sshd[557]: debug3: mm_get_keystate: Waiting for second key
sshd[557]: debug3: mm_newkeys_from_blob: 0x7fb0e35480e0(122)
sshd[557]: debug2: mac_setup: found hmac-md5
sshd[557]: debug3: mm_get_keystate: Getting compression state
sshd[557]: debug3: mm_get_keystate: Getting Network I/O buffers
sshd[557]: debug3: mm_share_sync: Share sync
sshd[557]: debug3: mm_share_sync: Share sync end
sshd[557]: User child is on pid 571

Any body who can produce some useful information from this output ?

Thx

[niels]

Hey everybody,

I almost fixed the problem with my public key setup, but I'm using a password protected private key for some extra security.

Now I'm 100% sure I use the right password but still he is complaining that the password of the private key doesn't match.

@edit :

I tried to use a private-public pair without a password but still the server is complaining the password doesn't match.

I also tried using a simple password 'test' to see if that would work and that doesn't work either !

Does anyone else came a cross the same problem before or somebody knows some solution to solve this issue ?

Thx

Edited December 29, 2010 by niels

[Jason Cooper]

One thing you could try is to only use one private/public key pair. Just copy the private key that you have that works from your Linux server to your macbook, and copy the authorized_keys file from your macbook to your .ssh directory on the Linux server. As this is a known working configuration then it should work and if it doesn't then you can compare sshd configurations between the two machines to find the problem.

The advantage of this type of set up is that you will only need to put one public key in the authorized_key files to identify you. If you have multiple private/public key pairs then things will get more complex as the number of machines involved increases.

The disadvantage is that if you loose your macbook you would need to generate a new private/public key pair and update the authorized_keys file on all your machines. This would just to be on the safe side though as you are using a long pass phrase to protect your private key.

[niels]

Thanks a lot for you're help.

But I solved the problem, I rebooted my mac and it worked.

Apparently the ssh-agent was catching the password I used.

That explains why I could never type in the right password.

So this question is solved.