-----BEGIN PGP SIGNED MESSAGE-----
Hello SSH-readers,
I do have a problem with RSA-autorization.
For my company i need to setup an secure connection with SSH without the use of
.rhosts or .shosts, and without beeing prompted for a password.
I understood that this can be done with RSA-autorization. I put the pubkey from
the uid (~/.ssh/indentity.pub) in the file ~/.ssh/autorized_keys on the
remote site. This way it should be possible to login without a password.
Whatever i tried: nothing works.
The configuration is:
Local host : Alcatraz (ssh)
Remote host Alanis (sshd)
This is the output i get from "ssh -v alanis" on the local server (Alcatraz):
=========================<knip>=================================
SSH Version OpenSSH-1.2.2, protocol version 1.5. Compiled with SSL.
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for alcatraz
debug: Applying options for *
debug: ssh_connect: getuid 0 geteuid0 anon 0
debug: Connecting to alcatraz [10.0.0.1] port 22.
debug: Allocated local port 799.
debug: Connection established.
debug: Remote protocol version 1.5, remote software version OpenSSH-1.2.2
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host 'alcatraz' is known and matches the host key.
debug: Encryption type: blowfish debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Trying RSA authentication with key 'root@alanis'
debug: Server refused our key. Permission denied.
debug: Calling cleanup 0x8057320(0x0)
=========================<knip>=================================
This is the output from "sshd -d" at the remote site (alanis):
=========================<knip>=================================
debug: sshd version OpenSSH-1.2.2
debug: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug: Server will not fork when running in debugging mode.
Connection from 10.0.0.1 port 909
debug: Client protocol version 1.5; client software version OpenSSH-1.2.2
debug: Sent 768 bit public key and 1024 bit host key.
debug: Encryption type: 3des
debug: Received session key; encryption turned on.
debug: Installing crc compensation attack detector.
debug: Starting up PAM with username "root"
debug: Attempting authentication for root.
Failed rsa for ROOT from 10.0.0.1 port 909
Connection closed by 10.0.0.1
debug: Calling cleanup 0x804f730(0x0)
debug: Calling cleanup 0x80593d0(0x0)
=========================<knip>=================================
This is what the ssh_config look like:
=========================<knip>=================================
Host alcatraz
ForwardAgent yes
ForwardX11 yes
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
PasswordAuthentication no
FallBackToRsh no
UseRsh no
BatchMode no
CheckHostIP yes
StrictHostKeyChecking no
IdentityFile ~/.ssh/identity
Port 22
Cipher blowfish
EscapeChar ~
GatewayPorts yes
# Be paranoid
Host *
ForwardAgent no
ForwardX11 no
FallBackToRsh no
GatewayPorts no
=========================<knip>=================================
And this is what the sshd_config on the remote site looks like:
=========================<knip>=================================
Port 22
HostKey /etc/ssh/ssh_host_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
IgnoreRhosts no
StrictModes yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes
SyslogFacility AUTH
LogLevel INFO
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
CheckMail no
UseLogin no
=========================<knip>=================================
The ~/.ssh/autorized_keys file is only readable, writeable and executable by
the owner (in this case root).
Can anyone help me with this problem? I can't think of anything else anymore to
check/test.
Thanks in advance for any reply.
Greetings,
Johan Barelds
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQB1AwUBOdzKPoWXbzBwqmlVAQFG0gL/egTJdnFUgTijio/tdpvbypK/vYPieeVY
aZBGNRHi8Q+thbNVX9W6OL9ZFjzw46WmGntGuChkSDlCfzIFlcRSkT1R5hCtTdkq
T98/xGWSdTumfHvF7BnWDzqTYLUTx6kL
=Hqz3
-----END PGP SIGNATURE-----
