Howto Linux / UNIX setup SSH with DSA public key authentication (password less login)

by on May 22, 2007 · 72 comments· LAST UPDATED May 22, 2007

in , ,

Q. How do you set-up SSH with DSA public key authentication? I have Linux laptop called tom and remote Linux server called jerry. How do I setup DSA based authentication so I don’t have to type password?

A. DSA public key authentication can only be established on a per system / user basis only i.e. it is not system wide. You will be setting up ssh with DSA public key authentication for SSH version 2 on two machines:

#1 machine : your laptop called tom
#2 machine : your remote server called jerry

Command to type on your laptop/desktop (local computer)

First login to local computer called tom and type the following command.

Step #1: Generate DSA Key Pair

Use ssh-keygen command as follows:
$ ssh-keygen -t dsa
Output:

Enter file in which to save the key (/home/vivek/.ssh/id_dsa):  Press [Enter] key
Enter passphrase (empty for no passphrase): myPassword
Enter same passphrase again: myPassword
Your identification has been saved in /home/vivek/.ssh/id_dsa.
Your public key has been saved in /home/vivek/.ssh/id_dsa.pub.
The key fingerprint is:
04:be:15:ca:1d:0a:1e:e2:a7:e5:de:98:4f:b1:a6:01 vivek@vivek-desktop

Caution: a) Please enter a passphrase different from your account password and confirm the same.
b) The public key is written to /home/you/.ssh/id_dsa.pub.
c) The private key is written to /home/you/.ssh/id_dsa.
d) It is important you never-ever give out your private key.

Step #2: Set directory permission

Next make sure you have correct permission on .ssh directory:
$ cd
$ chmod 755 .ssh

Step #3: Copy public key

Now copy file ~/.ssh/id_dsa.pub on Machine #1 (tom) to remote server jerry as ~/.ssh/authorized_keys:
$ scp ~/.ssh/id_dsa.pub user@jerry:.ssh/authorized_keys

Command to type on your remote server called jerry

Login to your remote server and make sure permissions are set correct:
$ chmod 600 ~/.ssh/authorized_keys

Task: How do I login from client to server with DSA key?

Use scp or ssh as follows from your local computer:
$ ssh user@jerry
$ ssh user@remote-server.com
$ scp file user@jerry:/tmp

You will still be asked for the passphrase for the DSA key file each time you connect to remote server called jerry, unless you either did not enter a passphrase when generating the DSA key pair.

Task: How do I login from client to server with DSA key but without typing a passhrase i.e. password-less login?

Type the following command at shell prompt:
$ exec /usr/bin/ssh-agent $SHELL
$ ssh-add

Output:

Enter passphrase for /home/vivek/.ssh/id_dsa: myPassword
Identity added: /home/vivek/.ssh/id_dsa (/home/vivek/.ssh/id_dsa)

Type your passhrase once. Now, you should not be prompted for a password whenever you use ssh, scp, or sftp command.

If you are using GUI such as Gnome use the command:
$ ssh-askpass
OR
$ /usr/lib/openssh/gnome-ssh-askpass

To save your passphrase during your GNOME session under Debian / Ubuntu, do as follows:
a) Click on System
b) Select Preferences
c) Select Session
d) Click on New
e) Enter "OpenSSH Password Management" in the Name text area
f) Enter /usr/lib/openssh/gnome-ssh-askpass in the command text area.
Howto Linux / UNIX setup SSH with DSA public key authentication
g) Click on close to save the changes
h) Log out and then log back into GNOME. After GNOME is started, a dialog box will appear prompting you for your passphrase. Enter the passphrase requested. From this point on, you should not be prompted for a password by ssh, scp, or sftp.

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 72 comments… read them below or add one }

1 Kiran May 23, 2007 at 6:14 am

Try ssh-copy-id to copy your keys ,,,

Reply

2 sudhanshu July 28, 2010 at 6:56 pm

#ssh-copy-id -i //to copy your keys
Insted of DSA key RSA is very strong so always prefer RSA key

Reply

3 ricc May 31, 2007 at 7:03 am

Vivek,

A small suggestion. Instead of

scp ~/.ssh/id_dsa.pub user@jerry:.ssh/authorized_keys

It is better to copy it in some other name and append the contents of the authorized_keys file with the contents of the id_dsa.pub file.

This way if there are any existing keys in the file, it will not get overwritten.

ricc

Reply

4 nixCraft May 31, 2007 at 9:04 am

Kiran and ricc.

Good suggestions.

Appreciate your posts!

Reply

5 Edmund June 14, 2007 at 3:02 pm

Hi,
I am trying to connect from a UNIX machine to a Windows SSH server without a password entry.
I tried the steps above but I have no luck in doing it.
Any suggestions?

Reply

6 Pat September 26, 2007 at 7:54 pm

It works as fine as clear it is…..

Thanks

Reply

7 vishwa December 10, 2007 at 6:41 pm

I have tried this several times. Doesent seem to work. What am I missing. Can some one try it out on the same m/c with two different a/cs and confirm it again.

Reply

8 BlackNight December 21, 2007 at 8:58 pm

Thanks. Useful.

Reply

9 Ali Saeed January 20, 2008 at 4:59 pm

Hi Experts,

password less login information is really helpful however it does not fullfil my requirement.

I have more than 200 machines in my network running linux and I want to be able to ssh to each one of them using thier IP address from a file and then run some commands inside each and then log out.

Now, using key-gen is not practical for me and I do not want to install the “expect” utility due to some reason.

Please tell me if there is any way to supply ssh password using bash scripting? I know supplying the password in script might not be very secure, but still I want to do it this way. I shall be greatful to any help.

Regards, R.

Reply

10 Rami D May 2, 2013 at 4:23 am

yes , you can create ONE public rsa key , they a bash script to copy that key to your 200 servers . thats all !

Reply

11 rohit July 28, 2014 at 11:36 am

If you want it to use in script you can use sshpass command-
E.g
#sshpass -p ssh -p root@i.p > login.sh
#chmod +x login.sh
#put login.sh under any folder showing in $PATH varibale
#try running login.sh it will work as a command for you.

Reply

12 rohit July 28, 2014 at 11:37 am

*sshpass -p paswd

Reply

13 Amit September 19, 2008 at 10:28 pm

well there is no such need of doing login and executing commands u can just send the commands to the other machines
eg

ssh -i publicKeyFile 192.168.XXX.XXX “poweroff”

just put this in loop and put some variable for XXX values which has to be modified in each iteration based on your network IP addresses.

Reply

14 John October 24, 2008 at 4:52 pm

This command needs to be executed on Tom. It think that’s where some might have gotten confused when trying to do no password.

$ exec /usr/bin/ssh-agent $SHELL
$ ssh-add

Reply

15 Balakumar January 16, 2009 at 7:24 am

Thank U so Much for nice Post

Reply

16 Gautham February 13, 2009 at 11:59 pm

Really very useful & Cristal clear explanation…!

Thanks for sharing your knowledge…!

Reply

17 Merhan March 26, 2009 at 7:29 pm

In the 3rd step, before you execute the following command:
scp ~/.ssh/id_dsa.pub user@jerry:.ssh/authorized_keys
you need to make sure that the home dir in jerry (remote computer) has a .ssh folder. Other wise, you need to create this folder in the remote computer before executing the above command.

Reply

18 Nazooran March 28, 2009 at 2:10 pm

Dear Experts,

I have one HP and other Solaris, say hp1 and sol1
Created DSA key in hp1 populated public key to sol1 and appended in authorized_keys
But while I am doing ssh it is asking password.
During troubleshooting it was showing the following output:
bash$ sftp -v -v -v m1user@sol1
Connecting to sol1…
OpenSSH_4.3p2-hpn, OpenSSL 0.9.7i 14 Oct 2005
HP-UX Secure Shell-A.04.30.000, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug3: RNG is ready, skipping seeding
debug2: ssh_connect: needpriv 0
debug1: Connecting to sol1 [10.23.45.67] port 22.
debug1: Connection established.
debug1: identity file /batch/.ssh/id_rsa type -1
debug3: Not a RSA1 key file /batch/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type ‘—–BEGIN’
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type ‘—–END’
debug3: key_read: missing keytype
debug1: identity file /batch/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3p2-hpn
debug2: fd 5 setting O_NONBLOCK
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gro
up14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellm
an-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: i-default
debug2: kex_parse_kexinit: i-default
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 142/256
debug2: bits set: 506/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /batch/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename /batch/.ssh/known_hosts
_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host ‘sol1′ is known and matches the RSA host key.
debug1: Found key in /batch/.ssh/known_hosts:1
debug2: bits set: 514/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /batch/.ssh/known_hosts/id_rsa (0)
debug2: key: /batch/.ssh/known_hosts/id_dsa (4002ecf8)
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publicke
y,password,keyboard-interactive
debug3: start over, passed a different list gssapi-keyex,gssapi-with-mic,publick
ey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /batch/.ssh/known_hosts/id_rsa
debug3: no such identity: /batch/.ssh/known_hosts/id_rsa
debug1: Offering public key: /batch/.ssh/known_hosts/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publicke
y,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:

Please provide your feed back

Thanks in advance
Nazoor

Reply

19 Milan May 27, 2009 at 6:57 pm

I’ve set up ssh with DSA public key authentication to be able to scp without a password. I’ve got a script that I run from a Red Hat Linux box (v.4 64-bit) that uses scp to copy a couple of files to a Solaris box, which works fine without a password. (It also works copying to a Mac OSX box.) However, the exact same script doesn’t work when I try to call it from a cron job.

The relevant differences of the very verbose log files from (1.) the successful commmand-line scp and (2.) the failed cron job scp are below. Do you have any ideas of how to get my cron scp job to work? I notice that the unsuccessful script run from the cron job looks in .sssh/identity and .ssh/id_rsa first (for a private key?) before looking in .ssh/id_dsa. Though the script run from the cron job eventually accepts the public key, the PEM_read_PrivateKey fails immediately thereafter and the copy fails. Conversely, and successfully, the same script called from the command line checks in .ssh/id_dsa first and succeeds with the publickey authentication (without ever looking at .ssh/identity and .ssh/id_rsa twice!) I’d very much appreciate any help you may be able to lend. Thanks very much.

1. Successful scp called from command-line script

Executing: program /usr/bin/ssh host test.ucsd.edu, user Foobar, command scp -v -p -t /Users/Foobar/Documents
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
. . .
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/Foobar/.ssh/id_dsa (0x. . .)
debug2: key: /home/Foobar/.ssh/identity ((nil))
debug2: key: /home/Foobar/.ssh/id_rsa ((nil))
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: gssapi-with-mic
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Miscellaneous failure
Unknown code krb5 195
debug1: Trying to start again
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: publickey
debug1: Offering public key: /home/Foobar/.ssh/id_dsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-dss blen 433
debug2: input_userauth_pk_ok: fp 3f:4a:64: . . .
debug1: Authentication succeeded (publickey).
. . .
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0

2. Unsuccessful scp called from cron-job script

Executing: program /usr/bin/ssh host test.ucsd.edu, user Foobar, command scp -v -p -t /Users/Foobar/Documents
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
. . .
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/Foobar/.ssh/identity ((nil))
debug2: key: /home/Foobar/.ssh/id_rsa ((nil))
debug2: key: /home/Foobar/.ssh/id_dsa (0x. . .)
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: gssapi-with-mic
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Miscellaneous failure
Unknown code krb5 195
debug1: Trying to start again
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: publickey
debug1: Trying private key: /home/Foobar/.ssh/identity
debug1: Trying private key: /home/Foobar/.ssh/id_rsa
debug1: Offering public key: /home/Foobar/.ssh/id_dsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-dss blen 433
debug2: input_userauth_pk_ok: fp 3f:4a:64: . . .
debug1: PEM_read_PrivateKey failed
. . .
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive).
lost connection

Reply

20 Paul Beyer June 18, 2009 at 5:07 pm

@ Milan:

I had the same problem but was able to rectify it by adding option -i to my scp command and pointing it to my user’s identify file like so:

scp -B -i /home/my_user filename_to_transfer.txt my_user@remote.host:

I think that without specifying my_user’s identify file, it default’s to the cron user’s which would could an authentication failure.

Hope this helps.

Reply

21 Milan June 18, 2009 at 6:27 pm

Paul,

Thanks for the suggestion, which I’m guessing just might do the trick. I think I tried using -B without luck but I didn’t try -i. Coincidentally, I finally resolved the impasse just yesterday by giving up on DSA and switching to RSA authentication! Thanks again for the very relevant help.

Reply

22 Brian A July 16, 2009 at 8:17 pm

I have followed these steps to the letter, and I am still getting these errors:

satwasdev01[/home/mvnuser/.ssh]$ ssh -vvv -i /home/mvnuser/.ssh/id_dsa.pub ic>
OpenSSH_4.6p1 (CentrifyDC build 3.0.7-745), OpenSSL 0.9.8e (CentrifyDC build 3.0.7-745) 23 Feb 2007
debug1: Reading configuration data /etc/centrifydc/ssh/ssh_config
debug1: Applying options for *
debug3: RNG is ready, skipping seeding
debug2: ssh_connect: needpriv 0
debug1: Connecting to icosqas2 [10.9.245.67] port 22.
debug1: Connection established.
debug3: Not a RSA1 key file /home/mvnuser/.ssh/id_dsa.pub.
debug1: identity file /home/mvnuser/.ssh/id_dsa.pub type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.6
debug1: match: OpenSSH_4.6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6
debug2: fd 3 setting O_NONBLOCK
debug1: Miscellaneous failure
No credentials cache found
debug1: Miscellaneous failure
No credentials cache found
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 138/256
debug2: bits set: 492/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/mvnuser/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename /home/mvnuser/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'icosqas2' is known and matches the RSA host key.
debug1: Found key in /home/mvnuser/.ssh/known_hosts:1
debug2: bits set: 482/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/mvnuser/.ssh/id_dsa.pub (2005c358)
debug3: input_userauth_banner
This is a protected computer system. Unauthorized access is prohibited. This computer system including all related equipment, networks, and network devices is provide only for authorized Harland Clarke use.  Harland Clarke computer systems may be monitored for lawfull purposes, including approved Harland Clarke security testing.  Use of this Harland Clarke computer system authorized or unauthorized constitutes consent to monitoring of this system. Unauthorized use may subject you to criminal prosecution.
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Miscellaneous failure
No credentials cache found
debug1: Miscellaneous failure
No credentials cache found
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/mvnuser/.ssh/id_dsa.pub
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
mvnuser@icosqas2's password:

Please help!!

Reply

23 arun July 22, 2009 at 5:24 pm

I installed OpenSSH on my windows PC (jerry here).
I have a unix box (tom here).
I’ve done all the steps mentioned here.
But when i’m trying to sftp from the unix box to the Windows PC, it is again asking for password.
Is this because the remote server is a windows pc with openSSH installed on it?
Kindly help.

Reply

24 biswa July 29, 2009 at 11:44 am

I trying to login from a solaris box(local machine : daytona) to solaris box(remote machine : voltest).
my username in daytona : bpadhy
i tried to login to the voltest using the below command
sftp beaadm@10.188.45.136
but it still asks for password.

Can anyone help me in this regard.

Reply

25 Neetu August 17, 2009 at 12:40 pm

Hi, I followed the exact steps and in the same session I was able to do a password less login. But when I opened a new session, I couldnt do it until I again typed:
$ exec /usr/bin/ssh-agent $SHELL
$ ssh-add

Do I need to type this in every new session? If yes, then it doesnt serve the purpose.

Reply

26 nixCraft August 17, 2009 at 2:26 pm

@Neetu, use keycahin.

Reply

27 German M September 3, 2009 at 7:53 pm

Excelent tip, thanks!

Reply

28 Bubnoff September 24, 2009 at 7:37 pm

It should be pointed out that the tutorial, as is, will NOT work with backup scripts which
is probably the primary reason many of us came to this link. This will allow you to log in
during a session without a password.

There needs to be clear instructions on scripting and backups using keys for this tutorial
to ROCK. Great information and I don’t mean to be course or an ungrateful bastard, this is a great site …however. Do we need keychain for this functionality? I hope the answer is no because keychain is a PITA.

Thanks ~

Bub

Reply

29 Dhananjay October 6, 2009 at 12:35 pm

Hi I have two machine from machine 1 Ima trying to do password less ssh to machine 2, generated a dsa key on machine 1 user/.ssh folder. I got private and publick dsa keys there. copied the content of pub key file and paste it to machine2 user/.ssh folder authorized_key file in the end.
but now when trying to login from machine 1 to machine 2 it asks for password, verbose mode gives below in short.

debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /var/smarthkp/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Offering public key: /var/smarthkp/.ssh/id_dsa_s3c
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Trying private key: /var/smarthkp/.ssh/identity
debug3: no such identity: /var/smarthkp/.ssh/identity
debug1: Trying private key: /var/smarthkp/.ssh/id_rsa
debug3: no such identity: /var/smarthkp/.ssh/id_rsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:

Please help….

Reply

30 Zack January 20, 2010 at 7:50 am

I followed the procedure and its perfect.
I have another question.
Requirements: I want to assign my root account with a DSA key so that only with that specific DSA
can use the root account
How can I achieve this?

Thanks

Reply

31 Ashok March 3, 2010 at 7:48 am

Thank you very much for the post.
I have followed the same steps above given but still client is prompting for the password.

Pls help

Thanks in advance.

Reply

32 Umesh March 8, 2010 at 7:04 am

Hi ,

Even i followed same step but it worked from for first time but 1 week that my backup was not happening ,,then when i checked i was not able to login to remote system without password …

And regenerated the key also but still not working .. But from the remote system to local machine its working ,, wat may be the fundAA!!!!!!!!!!!..

Reply

33 Ashok April 13, 2010 at 3:55 am

While generating the key donot put any passphrase, just press ENTER.
then does not prompt for password.
it worked for me.

Reply

34 Asher April 16, 2010 at 12:23 pm

Hi it works fine for me ,but everytime i close the putty and try to do scp again it asks for the passphrase again .so each time i login afresh i have to start the ssh-agent and the ssh-add
….like i m wondering if there is a better way to do it?

Reply

35 Sajid May 17, 2010 at 12:01 pm

Excellent article, Vivek, many thanks.

Reply

36 Jinyou Liang June 26, 2010 at 12:52 am

I tested if computer A64 [intel(R) Xeon(R) dual quadcore, RedHat Enterprise Linux v5.4, 64-bit] and B32 [Intel(R) Core(TM)2 Duo CPU, Oracle-VitualBox-enabled-linux-Fedora-13 in MS Windows XP Professional V2002, 32-bit] can communicate with each other via ssh without password.

Here is what I did:
(1) Used either rsa or dsa, connection from B32 to A64 is ok via ssh without password.

(2) Neither rsa nor the dsa instruction on the top of this page enabled me to make a passwordless connection from A64 to B32. The error message was similar to (a) Dhananjay October 6, 2009 and (b) Brian A July 16, 2009;

ssh -vvv 146.114.64.235 -p 22
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 146.114.64.235 [146.114.64.235] port 22.
debug1: Connection established.
debug1: identity file /home/plivings/.ssh/identity type -1
debug3: Not a RSA1 key file /home/plivings/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type ‘—–BEGIN’
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type ‘—–END’
debug3: key_read: missing keytype
debug1: identity file /home/plivings/.ssh/id_rsa type 1
debug3: Not a RSA1 key file /home/plivings/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type ‘—–BEGIN’
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type ‘—–END’
debug3: key_read: missing keytype
debug1: identity file /home/plivings/.ssh/id_dsa type 2
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.4
debug1: match: OpenSSH_5.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 122/256
debug2: bits set: 505/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/plivings/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host '146.114.64.235' is known and matches the RSA host key.
debug1: Found key in /home/plivings/.ssh/known_hosts:1
debug2: bits set: 495/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/plivings/.ssh/identity ((nil))
debug2: key: /home/plivings/.ssh/id_rsa (0x2b860e4783f0)
debug2: key: /home/plivings/.ssh/id_dsa (0x2b860e47dfd0)
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 146.114.64.235.
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195

debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195

debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195

debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/plivings/.ssh/identity
debug3: no such identity: /home/plivings/.ssh/identity
debug1: Offering public key: /home/plivings/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering public key: /home/plivings/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
"

From the above record, it is shown that
(a) A64 tried rsa before dsa.
(b) The OpenSSH version5.4 in Fedora13 was newer than the OpenSSH version4.3 in RHEL5.4.
(c) In the beginning of the passwordless ssh connection attempt, the authentication process checked among ( publickey, gssapi-keyex, gssapi-with-mic, password ).
(d) Error message with regard to the public key seems to be:
____________________________________________________________________
Next authentication method: publickey
debug1: Trying private key: /home/plivings/.ssh/identity
debug3: no such identity: /home/plivings/.ssh/identity
debug1: Offering public key: /home/plivings/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering public key: /home/plivings/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug2: we did not send a packet, disable method
____________________________________________________________________

(e) It is kind of confusing to read the last three lines of the error message in (d), isn't it?

Could any expert or seasoned ssh developer provide a tip for me to get through this barrier?

Thanks and have a nice weekend.

Reply

37 Yuan Sun July 28, 2010 at 8:55 am

I saw the program. Run the following commands to deal with it.

chmod 701 ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Reply

38 yoachan October 27, 2010 at 10:00 am

I feel like an idiot.
chmod 600 ~/.ssh/authorized_keys solved the problem, meanwhile I have 2 other machine that have no problem with 755 permission…

Thanks :)

Reply

39 Abhay Shah January 2, 2011 at 3:53 am

We wish to devlope the software with cd-lock protection.
– there is 90 days validity.
– Cd copy is not possible.
– Installation process
– Automatic System key generate.
– Provide registration key via Phone on basis of System key.

Reply

40 pieter February 2, 2011 at 11:17 am

And for those of you on hp-ux 11.31, (or other O/Ses) resist the tempation to add these lines into your .bashrc / ,bash_profile, because you will, like me, lock yourself out :-

exec /usr/bin/ssh-agent $SHELL
ssh-add

Shame :(

Reply

41 aks August 23, 2011 at 3:16 pm

But in this case it will prompt you for the passphrase while refreshing the .profile!!

Reply

42 shilpa February 14, 2011 at 4:57 pm

While transferring the files from one server to another, if the file contains a colon(:) then it is assuming the file name before colon as server name and giving the error “host nor service provided, or not known”

For ex: scp -pq copy:temp.txt user@server:/home/user/bin/.

If the file name is “s:temp.txt”, it is taking “copy” as server name… Any suggestions on how to resolve this issue?

Reply

43 nixCraft February 14, 2011 at 6:03 pm
scp -pq ./copy:temp.txt user@server:/home/user/bin/

Reply

44 ASAmauri June 5, 2011 at 10:23 pm

Hi all,

It was very usefull for me and should say: God Blesses you!

Thanks, many thanks!!!

Hug.

Reply

45 Niranjana June 9, 2011 at 2:26 pm

Hi,

I am connecting to a Linux machine using the sftp2 command to fetch a file.I have followed these steps but it still asks for a password.

Please reply to this query

Reply

46 Kundan July 30, 2011 at 12:01 pm

Thankx…
Realy it helps me alot while connecting remote user with no password…
now its working……. :)

Reply

47 Binoy July 15, 2011 at 4:23 am

Thanks for this post. Saved me!

Reply

48 Jass August 4, 2011 at 5:43 pm

In my case, even after removing all the files in ‘.ssh’ folder in both client and server, the ssh works perfectly. Can someone explain about this?

Reply

49 Pavan October 28, 2011 at 3:25 am

Hi,
I have setup the SSH keys for passwordless login as u mentioned above. But when I use the automated sftp script in crontab it fails when executed manually it executes.

Please let me know what might be the issue.

Reply

50 Shivani February 13, 2012 at 7:38 am

Hey all,
I am suffering with an error which says “debug3: key_read: missing keytype” and a list of lines which say “Missing key” — BEGIN and –END.
I am trying to connect to Ubuntu 11 Linux machine (Server) from a MAC OS X using remote login SSH.
I have understood the concept that after setting permissions and generating keys on both the machines, have to add the id_rsa.pub or id_dsa.pub contents of MAC to authorized_keys of Ubuntu (Server).
But it shows the above outcome. Please help!!!

Reply

51 Tingdzin February 15, 2012 at 8:58 pm
52 Rohit March 19, 2012 at 7:31 pm

Hello friends,
There is many question regarding ssh/etc command. but not able to find my answer.

I want a command like Unix ssh or … in such way
ssh @ -file

Problem is, I have to provide write permission to others (no count) to different file in different path in my home area (through script, so that I can control affected area).

Yes, I have option of public key generation and ask other to copy in their home .ssh area, so that they can have write access to my home area. But in this case they have permission all the time.

Is there are any way to doing so.
Please revert back to me, any confusion in this problem.

Regards
Rohit

Reply

53 Rohit March 19, 2012 at 7:36 pm

just me requirement, as it seems site have update message for special char.

I want a command like Unix ssh or … in such way
ssh @ -file

AS

I want a command like Unix ssh or … in such way that i can pass password or encrypted passwd file or command
ssh rohit@host -file encrypted_password_file

Reply

54 seema gupta March 20, 2012 at 1:01 pm

I have followed the same steps for password less connection. But when I am executing the script It prompts for password.

On local machine. it gives me the below error :–

debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering agent key: /home/app/users/srmwrk2/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 433 lastkey 75520 hint -1
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/app/users/srmwrk2/.ssh/id_rsa
debug1: Trying public key: /home/app/users/srmwrk2/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 433 lastkey 6f048 hint 1
debug1: read PEM private key done: type DSA
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password:

Reply

55 Nissar April 6, 2012 at 10:11 am

Issue : sftp utility fails when it gets executed from oracle user ( or when the script is being executed from Concurrent Program – oracle application) – whereas the same is working fine from unix box,i can able to transfer the file .can any one help me on this ?

Error : ssh_askpass: exec(/usr/lib/ssh/ssh-askpass): No such file or directory
Host key verification failed.
lost connection

Reply

56 ayazpathaan April 18, 2012 at 1:32 pm

Dear All
I am not able to get ssh of a remote server . How will i get the console of the server. ( ssh is not working and vnc is also not allowed .) . What is the otherway you can access the server

Reply

57 Deepa May 16, 2012 at 9:42 pm

Hi,

As per my requirement i need to run some shell scripts from Unix Box B and the scripts exist on Unix Box A, we were actually used rsh now we want to replace it with ssh.

I follwed the same steps like,

OnUnix Box B
1)ssh-keygen -t dsa –it generated 2 files called id_dsa.pub and id_dsa
2)Then i tried to copy id_dsa.pub to Unix Box B using below command,
scp -v ~/home/esbadmin/.ssh/id_dsa.pub esbadmin@isbfns06:home/esbadmin/.ssh/authorized_keys2

Now i get propmt for asking password ..i entered the password and it’s givving me like
lost connection..
isbfns05:esbadmin:/home/esbadmin> scp -v ~/home/esbadmin/.ssh/id_dsa.pub esbadmin@isbfns06:home/esbadmin/.ssh/authorized_keys2
Executing: program /usr//bin/ssh host isbfns06, user esbadmin, command scp -v -t — home/esbadmin/.ssh/authorized_keys2
OpenSSH_5.4p1, OpenSSL 0.9.8m 25 Feb 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
0509-026 System error: A file or directory in the path name does not exist.

debug1: Error loading Kerberos, disabling Kerberos auth.
debug1: Connecting to isbfns06 [205.145.78.171] port 22.
debug1: Connection established.
debug1: identity file /home/esbadmin/.ssh/id_rsa type -1
debug1: identity file /home/esbadmin/.ssh/id_rsa-cert type -1
debug1: identity file /home/esbadmin/.ssh/id_dsa type 2
debug1: identity file /home/esbadmin/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.4
debug1: match: OpenSSH_5.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024

i have tried copying .ssh forlder manuallu from Unix Box B to Unix Box A
and tried exexuting some scripts like below ,

ssh esbadmin@isbfns06 ../hyperion/scripts/maxl/Dep_Test/File_to.sh
it’s again asking me the password and i have given it and throwing error like”connection lost”
suggest me where am lagging..

Reply

58 Asher Wesley May 19, 2012 at 1:43 pm

Deepa ,

When you generate dsa key using “ssh-keygen -t dsa ” can you try pressing “enter” and try the same routine once without using a phassphrase . Moving the entire .ssh key would not be the best method cause you might expose the private key as well.

Reply

59 prashant May 25, 2012 at 3:53 am

is there any other way we can have password less login other than DSA.

Reply

60 shashi June 13, 2012 at 5:26 pm

I’ve tried above method for my fedora 17 box and it was working fine. Later today I was getting some error while doing ssh from my laptop putty and other unix box.

Error ” Permission denied (publickey,gssapi-keyex,gssapi-with-mic).”
and, from putty “Disconnected: No supported authentication method available (Server sent: publickey,gssapi-keyex,gssapi-with-mic)”

anyone please help me with this connection issue. Thanks for your time!

Reply

61 Raju June 27, 2012 at 9:18 am

how can we do that using SFTP instead of SCP command

Reply

62 Rakesh July 2, 2012 at 11:45 am

hi All,
Just a question: I have two server one is active and other is passive.I have created the auth keys in active server and i have shared the keys with other[external] systems.But on monthly basis I will fail-over the application from active to passive.Do i need to create the keys again in passive server and share it with external systems again during the failover ?if so is there any other way to overcome it? I am using SunOS5.10 and the disk is shared between active and passive servers.

Reply

63 Eric August 17, 2012 at 9:28 pm

sftp and scp work wonderfully when performed from the shell. However, in a shell script it still prompts “Enter passphrase for key…’ Any help would be appreciated.

Reply

64 praneeth September 11, 2012 at 4:31 am

I have configured SSH on both the Servers.
I am able to connect A server to B server, In the same process is it possible to connect B server to A server.
If It possible can u tell me the steps to config.

Reply

65 Daniel September 21, 2012 at 6:41 am

I have had this setup for years but I broke it this week with an rsync typo.
Thanks to Yuan Sun above I have it now fixed.
The issue was my home directory had gotten write permission to group on it.
This was forcing ssh to prompt for a password no matter what i had setup in the keys.
So.. if you are still having issues you may want to look to your home.
755 is a thing of beauty now!
;)

Reply

66 tiberius September 28, 2012 at 8:35 pm

I have one server where I have home directories with 777, this is required for report generation and file processing. Running SFTP using keys is not a problem in the server as long as the .ssh directory is 700 and the authorized_keys file is 600.

I have a second server with similar requirements requiring 777 on the home directory. I have .ssh at 700 and authorized keys set at 600, but this one doesn’t work. Is this a setting somewhere? Maybe in the sshd_config file. I’ve compared but I don’t see it. Is it somewhere else? maybe ssh_config?

Reply

67 Paul October 7, 2012 at 10:05 pm

Found the problem. I corrected the permissions on the .ssh directory using chmod 700. But when I did ls -ltra in the .ssh directory, the .. directory still had missions of 770. So I had to also change the permission to 700 for the .. directory . Then I was not prompted a password.

Reply

68 Trae Barlow October 14, 2012 at 6:06 am

Does not work.

Followed everything, and it did stop asking me for my password TWICE after adding exec /user/bin/ssh-agent $SHELL

But the command
ssh root@localhost
still asks for a password, then the keys get accepted.

Reply

69 Peter Steier January 21, 2013 at 12:24 pm

Sorry, but using Tom and Jerry as name for client and server is really a good way to confuse the reader…

Reply

70 Pubudu February 2, 2013 at 4:03 am

Thanks this helped me to automate SFTP between two servers.

Reply

71 Quark October 10, 2013 at 1:43 pm

Most common cause for the public key not working are the file and folder permissions. The connection was requesting password even after I had installed the public key on the server. Then I changed the .ssh and the home folder permission to 755 and authorized_keys permission to 644 and everything is now ok.

Reply

72 sekalska February 28, 2014 at 10:58 pm

Very useful! Thank you!

Reply

Leave a Comment

Tagged as:

Previous Faq:

Next Faq: