niels Posted December 26, 2010 Share Posted December 26, 2010 Hey everybody, I'm having some trouble setting up some key authentication with ssh between a macbook and a linux server. I first tried generating a key pair on my linux pc and then copied them over to my macbook using scp. I could login from my linux server to my macbook. But I was looking to setup this configuration the other way around. I tried the same steps on my macbook to generate the keys and transfer the public key to the server. But when I try to login the linux server still asks the user password like before, and that is just something I don't want. I find a strange that I can do it one way but not the other way around. I tried the same process several times making sure I didn't make any mistakes but still the same result. Is their a configuration I must enable in the ssh_config file or anybody an idea what could be the problem ? Thanks in advance. Quote Link to comment Share on other sites More sharing options...
Jason Cooper Posted December 27, 2010 Share Posted December 27, 2010 Common things to check for keys issues in SSH is the actual key in the authorized_keys file and the permissions around the files. Make sure the key is valid in the authorized_keys file and that it hasn't been truncated (sometimes a slightly truncated key can be hard to spot). Check the permissions on the .ssh directory (it should be 700) and that it is owned by the user. The authorized_keys file under the .ssh directory should have permissions of 600 and also be owned by the user. If those checks don't resolve anything then check the configuration file for the ssh server and make sure that it has the right settings in it for allowing keys to be used. Finally if all those seem fine then try checking both the ssh log on the server and setting the ssh client to verbose mode (-v) and look at why the say the key authorization failed. Quote Link to comment Share on other sites More sharing options...
niels Posted December 27, 2010 Author Share Posted December 27, 2010 - Check the permissions -check the sshd_config file this is the output I got on the server: sshd[557]: debug3: mm_answer_keyallowed entering sshd[557]: debug3: mm_answer_keyallowed: key_from_blob: 0x7fb0e3547150 sshd[557]: debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 sshd[557]: debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 sshd[557]: debug1: temporarily_use_uid: 1000/1000 (e=0/0) sshd[557]: debug1: trying public key file /home/niels/.ssh/authorized_keys sshd[557]: debug1: restore_uid: 0/0 sshd[557]: debug1: temporarily_use_uid: 1000/1000 (e=0/0) sshd[557]: debug1: trying public key file /home/niels/.ssh/authorized_keys2 sshd[557]: debug1: fd 4 clearing O_NONBLOCK sshd[557]: debug3: secure_filename: checking '/home/niels/.ssh' sshd[557]: debug3: secure_filename: checking '/home/niels' sshd[557]: debug3: secure_filename: terminating check at '/home/niels' sshd[557]: debug3: key_read: type mismatch sshd[557]: debug2: user_key_allowed: check options: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5lhFkGALO0bJWbuO3fcTjLPSd+1I1LvTgPvVK9Tesrwj6jvPELWMFbqn2cxIYdWaIt3z4H+m9VdmmJgJMS02EeH5/WtjGtxTKFJqTBFbQuKWhZSnmPZrgoGrjnTNb3Cyr57qD+DPMKAJzCX1ZXFutY4QhvH5elDWsDkp6p7gF2iumFwuayVZe/Nhf3V/39x/ZmaRbs6x8lW6jxQl7U2RE3venid1zfjIwOZunkF7ZuxgcqkPRtcAi+3VLL6WaLcl3lKcJHW+6LZASlYWzdGaW06momZZHcdaa5JngUwTldgxWmgcpt4r3CCa1JXk9sPYJiSVB3X3GESMRSnkD6WSdw== xxxx@xxxxxxx\n' sshd[557]: debug2: key_type_from_name: unknown key type 'AAAAB3NzaC1yc2EAAAABIwAAAQEA5lhFkGALO0bJWbuO3fcTjLPSd+1I1LvTgPvVK9Tesrwj6jvPELWMFbqn2cxIYdWaIt3z4H+m9VdmmJgJMS02EeH5/WtjGtxTKFJqTBFbQuKWhZSnmPZrgoGrjnTNb3Cyr57qD+DPMKAJzCX1ZXFutY4QhvH5elDWsDkp6p7gF2iumFwuayVZe/Nhf3V/39x/ZmaRbs6x8lW6jxQl7U2RE3venid1zfjIwOZunkF7ZuxgcqkPRtcAi+3VLL6WaLcl3lKcJHW+6LZASlYWzdGaW06momZZHcdaa5JngUwTldgxWmgcpt4r3CCa1JXk9sPYJiSVB3X3GESMRSnkD6WSdw==' sshd[557]: debug3: key_read: missing keytype sshd[557]: debug2: user_key_allowed: advance: 'AAAAB3NzaC1yc2EAAAABIwAAAQEA5lhFkGALO0bJWbuO3fcTjLPSd+1I1LvTgPvVK9Tesrwj6jvPELWMFbqn2cxIYdWaIt3z4H+m9VdmmJgJMS02EeH5/WtjGtxTKFJqTBFbQuKWhZSnmPZrgoGrjnTNb3Cyr57qD+DPMKAJzCX1ZXFutY4QhvH5elDWsDkp6p7gF2iumFwuayVZe/Nhf3V/39x/ZmaRbs6x8lW6jxQl7U2RE3venid1zfjIwOZunkF7ZuxgcqkPRtcAi+3VLL6WaLcl3lKcJHW+6LZASlYWzdGaW06momZZHcdaa5JngUwTldgxWmgcpt4r3CCa1JXk9sPYJiSVB3X3GESMRSnkD6WSdw== xxxx@xxxxxxx\n' sshd[557]: debug1: restore_uid: 0/0 sshd[557]: debug2: key not found sshd[557]: Failed publickey for niels from 94.226.16.213 port 59809 ssh2 sshd[557]: debug3: mm_answer_keyallowed: key 0x7fb0e3547150 is not allowed sshd[557]: debug3: mm_request_send entering: type 22 sshd[557]: debug3: mm_request_receive entering sshd[557]: debug3: monitor_read: checking request 11 sshd[557]: debug3: auth_shadow_pwexpired: today 14970 sp_lstchg 14891 sp_max 99999 sshd[557]: debug3: mm_answer_authpassword: sending result 0 sshd[557]: debug3: mm_request_send entering: type 12 sshd[557]: Failed password for niels from 94.226.16.213 port 59809 ssh2 sshd[557]: debug3: mm_request_receive entering sshd[557]: debug3: monitor_read: checking request 11 sshd[557]: debug3: mm_answer_authpassword: sending result 0 sshd[557]: debug3: mm_request_send entering: type 12 sshd[557]: Failed password for niels from 94.226.16.213 port 59809 ssh2 sshd[557]: debug3: mm_request_receive entering sshd[557]: debug3: monitor_read: checking request 11 sshd[557]: debug3: mm_answer_authpassword: sending result 1 sshd[557]: debug3: mm_request_send entering: type 12 sshd[557]: Accepted password for niels from 94.226.16.213 port 59809 ssh2 sshd[557]: debug1: monitor_child_preauth: niels has been authenticated by privileged process sshd[557]: debug3: mm_get_keystate: Waiting for new keys sshd[557]: debug3: mm_request_receive_expect entering: type 25 sshd[557]: debug3: mm_request_receive entering sshd[557]: debug3: mm_newkeys_from_blob: 0x7fb0e35480e0(122) sshd[557]: debug2: mac_setup: found hmac-md5 sshd[557]: debug3: mm_get_keystate: Waiting for second key sshd[557]: debug3: mm_newkeys_from_blob: 0x7fb0e35480e0(122) sshd[557]: debug2: mac_setup: found hmac-md5 sshd[557]: debug3: mm_get_keystate: Getting compression state sshd[557]: debug3: mm_get_keystate: Getting Network I/O buffers sshd[557]: debug3: mm_share_sync: Share sync sshd[557]: debug3: mm_share_sync: Share sync end sshd[557]: User child is on pid 571 Any body who can produce some useful information from this output ? Thx Quote Link to comment Share on other sites More sharing options...
niels Posted December 29, 2010 Author Share Posted December 29, 2010 (edited) Hey everybody, I almost fixed the problem with my public key setup, but I'm using a password protected private key for some extra security. Now I'm 100% sure I use the right password but still he is complaining that the password of the private key doesn't match. @edit : I tried to use a private-public pair without a password but still the server is complaining the password doesn't match. I also tried using a simple password 'test' to see if that would work and that doesn't work either ! Does anyone else came a cross the same problem before or somebody knows some solution to solve this issue ? Thx Edited December 29, 2010 by niels Quote Link to comment Share on other sites More sharing options...
Jason Cooper Posted December 30, 2010 Share Posted December 30, 2010 One thing you could try is to only use one private/public key pair. Just copy the private key that you have that works from your Linux server to your macbook, and copy the authorized_keys file from your macbook to your .ssh directory on the Linux server. As this is a known working configuration then it should work and if it doesn't then you can compare sshd configurations between the two machines to find the problem. The advantage of this type of set up is that you will only need to put one public key in the authorized_key files to identify you. If you have multiple private/public key pairs then things will get more complex as the number of machines involved increases. The disadvantage is that if you loose your macbook you would need to generate a new private/public key pair and update the authorized_keys file on all your machines. This would just to be on the safe side though as you are using a long pass phrase to protect your private key. Quote Link to comment Share on other sites More sharing options...
niels Posted December 30, 2010 Author Share Posted December 30, 2010 Thanks a lot for you're help. But I solved the problem, I rebooted my mac and it worked. Apparently the ssh-agent was catching the password I used. That explains why I could never type in the right password. So this question is solved. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.