| View previous topic :: View next topic |
| Author |
Message |
pazz
Apprentice
Joined: 01 Dec 2002
Posts: 283
|
 Posted: Wed Sep 22, 2004 5:26 pm Post subject: keychain & ssh setup |
 |
|
hi,
sorry for bugging with this topic, but it simply doesn't work for me here..
i installed keychain on both my laptop and my debian server.. together with openssh.
since i used ssh to remotely login i guess the keys are there and i also find some *pub files in the $HOME/.ssh*/ dirs.
first question:
what about these .ssh and .ssh2 dirs? what do i use ssh ssh2? ssh-agent[2] and so on?
what i did then was copying the id_rsh*pub file from the .ssh dir of my laptop to .ssh/authorized_keys on the server.. ran keychains on the lap and did a ssh servername.
passwd please.
same thing in the other direction.
ssh-add or ssh-add2 says there is no process running.. startiung keychain a second time returns the pid of the running process...
what did i miss?
help please! |
|
| Back to top |
|
 |
pazz
Apprentice
Joined: 01 Dec 2002
Posts: 283
|
| Posted: Wed Sep 22, 2004 9:47 pm Post subject: |
|
|
ok.. its getting strange.
i read this nice article and did exactly as the author tells:
http://www.puddingonline.com/~dave/publications/SSH-with-Keys-HOWTO/document/html-one-page/SSH-with-Keys-HOWTO.html
now i have 2 servers. both of them debian, freshly installed ssh of the same version
1. i created a keypair on my client :
without giving a passwd .. so no keychain shuld be necessary
2. i copyed the id_dsa.pub onto both servers
3. i did:
| Code: | [dave@julia dave]$ cd .ssh
[dave@julia .ssh]$ touch authorized_keys2
[dave@julia .ssh]$ chmod 600 authorized_keys2
[dave@julia .ssh]$ cat ../id_dsa.pub >> authorized_keys2
[dave@julia .ssh]$ rm ../id_dsa.pub
|
on both machines
4. logging in from my cliend on both mashines gives:
| Code: | ssh -2 -v root@athen
OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to athen [192.168.42.5] port 22.
debug1: Connection established.
debug1: identity file /home/pazz/.ssh/id_rsa type -1
debug1: identity file /home/pazz/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8.1p1 Debian 1:3.8.1p1-8
debug1: match: OpenSSH_3.8.1p1 Debian 1:3.8.1p1-8 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'athen' is known and matches the RSA host key.
debug1: Found key in /home/pazz/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/pazz/.ssh/id_rsa
debug1: Offering public key: /home/pazz/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 434
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
Last login: Wed Sep 22 23:44:53 2004 from rom
athen:~# |
and:
| Code: | ssh -2 -v root@babylon
OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to babylon [192.168.42.2] port 22.
debug1: Connection established.
debug1: identity file /home/pazz/.ssh/id_rsa type -1
debug1: identity file /home/pazz/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8.1p1 Debian 1:3.8.1p1-8
debug1: match: OpenSSH_3.8.1p1 Debian 1:3.8.1p1-8 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'babylon' is known and matches the RSA host key.
debug1: Found key in /home/pazz/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/pazz/.ssh/id_rsa
debug1: Offering public key: /home/pazz/.ssh/id_dsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password: |
as i mentioned: same package with the same config on the systems..
what the heck is this?!?
thx |
|
| Back to top |
|
|
Kryptik
n00b
Joined: 22 Oct 2003
Posts: 54
Location: 33
|
| Posted: Thu Sep 23, 2004 10:46 am Post subject: |
|
|
I read your post yesterday, could not think about anything that solves your problem.
Today I was playing around with my ssh keys and suddenly I had the same problem. 
For me, the solution was simple: I tried to reach the wrong host. Try to ping the host that made problems:
Is it the correct machine that responds? If not, try to ssh the machine by using its ip address. If you succeed, you will have to fix your /etc/hosts.
_________________
Non serviam. |
|
| Back to top |
|
|
pazz
Apprentice
Joined: 01 Dec 2002
Posts: 283
|
| Posted: Fri Sep 24, 2004 11:45 am Post subject: |
|
|
hi,
thanks for your respose.. it has been the correct host, but just today i startet the sshd in a nondeamon mode and it said something about permissions...
since i rechecked the permissions of the ~/.ssh dir twice it seemed strange to me.. until i realized that the permissions of the $HOME dirs itself where different.
thats it, now it works... thx anyhow,
pazz |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
