[PLUG] ssh passwordless login

wes plug at the-wes.com
Mon Oct 20 20:51:52 UTC 2014 

Try removing the id_rsa.pub file from the source machine.

Coincidentally, I ran into this just yesterday and banged my head on it for
over an hour before stumbling on this.

-wes

On Mon, Oct 20, 2014 at 1:45 PM, Daniel Herrington <herda05 at gmail.com>
wrote:

> All,
>
> I'm stuck with a ssh passwordless login problem. Source machine is a
> solaris 10 box behind a firewall and NAT. The remote machine is Mint 13
> behind firewall and NAT.
>
> Source:
> debug1: using hostkeyalias: XXXXX
> debug3: check_host_in_hostfile: filename /u/XXX/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 2
> debug3: check_host_in_hostfile: filename /u/XXX/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 1
> debug1: Host 'XXXXX' is known and matches the RSA host key.
> debug1: Found key in /u/XXXXXX/.ssh/known_hosts:2
> debug1: bits set: 1034/2048
> debug1: ssh_rsa_verify: signature correct
> debug2: kex_derive_keys
> debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
> debug1: newkeys: mode 1
> debug1: set_newkeys: setting new keys for 'out' mode
> debug3: aes-128-ctr NID found
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: newkeys: mode 0
> debug1: set_newkeys: setting new keys for 'in' mode
> debug3: aes-128-ctr NID found
> debug1: SSH2_MSG_NEWKEYS received
> debug1: done: ssh_kex2.
> debug1: send SSH2_MSG_SERVICE_REQUEST
> debug2: service_accept: ssh-userauth
> debug1: got SSH2_MSG_SERVICE_ACCEPT
> debug1: Authentications that can continue: publickey,password
> debug3: start over, passed a different list publickey,password
> debug3: preferred
> gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Trying public key: /u/XXXX/.ssh/id_rsa.pub
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug1: Authentications that can continue: publickey,password
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup password
> debug3: remaining preferred: ,password
> debug3: authmethod_is_enabled password
> debug1: Next authentication method: password
> XXXXX at XXXXXXX.com's password:
>
> Remote sshd log:
> Oct 20 13:36:56 XXXX sshd[31134]: Connection from ###.###.###.## port 12996
> Oct 20 13:36:58 XXXX sshd[31134]: Failed publickey for XXX from
> ###.###.###.## port 12996 ssh2
>
> This works from an internal Mac to the Mint machine with the same
> id_rsa.pub (I copied it over to the Solaris machine by using scp. Directory
> permissions:
>
> drwxr-xr-x   2 XX XXX    1024 Oct 20 16:34 .
> drwxr-xr-x   5 XX X        1024 Oct 20 14:21 ..
> -rw-r--r--   1 XX XXX     392 Oct 20 15:47 authorized_keys
> -rw-------   1 XX XXX     392 Oct 20 15:35 authorized_keys.old
> -rw-r--r--   1 XX XXX     246 Oct 20 16:35 config
> -rw-r--r--   1 XX XXX     392 Oct 20 15:21 id_rsa
> -rw-r--r--   1 XX XXX     392 Oct 20 16:34 id_rsa.pub
> -rw-r--r--   1 XX XXX     805 Oct 20 15:12 known_hosts
>
> At this point I don't know where to look further. Is there a higher level
> of debug on sshd other than VERBOSE?
>
> The fact that it works from the Mac to ubuntu but not from Saolris to
> ubuntu, it seems to be something on the solaris machine...
>
> --
> Daniel B. Herrington
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>

More information about the PLUG mailing list