Howto Linux / UNIX setup SSH with DSA public key authentication (password less login)

Posted on in Categories , , , , , , , , , , , , last updated May 22, 2007

Q. How do you set-up SSH with DSA public key authentication? I have Linux laptop called tom and remote Linux server called jerry. How do I setup DSA based authentication so I don’t have to type password?

A. DSA public key authentication can only be established on a per system / user basis only i.e. it is not system wide. You will be setting up ssh with DSA public key authentication for SSH version 2 on two machines:

#1 machine : your laptop called tom
#2 machine : your remote server called jerry

Command to type on your laptop/desktop (local computer)

First login to local computer called tom and type the following command.

Step #1: Generate DSA Key Pair

Use ssh-keygen command as follows:
$ ssh-keygen -t dsa
Output:

Enter file in which to save the key (/home/vivek/.ssh/id_dsa):  Press [Enter] key
Enter passphrase (empty for no passphrase): myPassword
Enter same passphrase again: myPassword
Your identification has been saved in /home/vivek/.ssh/id_dsa.
Your public key has been saved in /home/vivek/.ssh/id_dsa.pub.
The key fingerprint is:
04:be:15:ca:1d:0a:1e:e2:a7:e5:de:98:4f:b1:a6:01 [email protected]

Caution: a) Please enter a passphrase different from your account password and confirm the same.
b) The public key is written to /home/you/.ssh/id_dsa.pub.
c) The private key is written to /home/you/.ssh/id_dsa.
d) It is important you never-ever give out your private key.

Step #2: Set directory permission

Next make sure you have correct permission on .ssh directory:
$ cd
$ chmod 755 .ssh

Step #3: Copy public key

Now copy file ~/.ssh/id_dsa.pub on Machine #1 (tom) to remote server jerry as ~/.ssh/authorized_keys:
$ scp ~/.ssh/id_dsa.pub [email protected]:.ssh/authorized_keys

Command to type on your remote server called jerry

Login to your remote server and make sure permissions are set correct:
$ chmod 600 ~/.ssh/authorized_keys

Task: How do I login from client to server with DSA key?

Use scp or ssh as follows from your local computer:
$ ssh [email protected]
$ ssh [email protected]
$ scp file [email protected]:/tmp

You will still be asked for the passphrase for the DSA key file each time you connect to remote server called jerry, unless you either did not enter a passphrase when generating the DSA key pair.

Task: How do I login from client to server with DSA key but without typing a passhrase i.e. password-less login?

Type the following command at shell prompt:
$ exec /usr/bin/ssh-agent $SHELL
$ ssh-add

Output:

Enter passphrase for /home/vivek/.ssh/id_dsa: myPassword
Identity added: /home/vivek/.ssh/id_dsa (/home/vivek/.ssh/id_dsa)

Type your passhrase once. Now, you should not be prompted for a password whenever you use ssh, scp, or sftp command.

If you are using GUI such as Gnome use the command:
$ ssh-askpass
OR
$ /usr/lib/openssh/gnome-ssh-askpass

To save your passphrase during your GNOME session under Debian / Ubuntu, do as follows:
a) Click on System
b) Select Preferences
c) Select Session
d) Click on New
e) Enter “OpenSSH Password Management” in the Name text area
f) Enter /usr/lib/openssh/gnome-ssh-askpass in the command text area.
Howto Linux / UNIX setup SSH with DSA public key authentication
g) Click on close to save the changes
h) Log out and then log back into GNOME. After GNOME is started, a dialog box will appear prompting you for your passphrase. Enter the passphrase requested. From this point on, you should not be prompted for a password by ssh, scp, or sftp.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

76 comment

      1. Oh for godsakes, RSA has proven themselves to be insecure.
        Why would you use their technology instead of something open (and not getting kickbacks from the NSA). We use DSA keys across thousands of servers.

  1. Vivek,

    A small suggestion. Instead of

    scp ~/.ssh/id_dsa.pub [email protected]:.ssh/authorized_keys

    It is better to copy it in some other name and append the contents of the authorized_keys file with the contents of the id_dsa.pub file.

    This way if there are any existing keys in the file, it will not get overwritten.

    ricc

  2. Hi,
    I am trying to connect from a UNIX machine to a Windows SSH server without a password entry.
    I tried the steps above but I have no luck in doing it.
    Any suggestions?

  3. Hi Experts,

    password less login information is really helpful however it does not fullfil my requirement.

    I have more than 200 machines in my network running linux and I want to be able to ssh to each one of them using thier IP address from a file and then run some commands inside each and then log out.

    Now, using key-gen is not practical for me and I do not want to install the “expect” utility due to some reason.

    Please tell me if there is any way to supply ssh password using bash scripting? I know supplying the password in script might not be very secure, but still I want to do it this way. I shall be greatful to any help.

    Regards, R.

  4. well there is no such need of doing login and executing commands u can just send the commands to the other machines
    eg

    ssh -i publicKeyFile 192.168.XXX.XXX “poweroff”

    just put this in loop and put some variable for XXX values which has to be modified in each iteration based on your network IP addresses.

  5. In the 3rd step, before you execute the following command:
    scp ~/.ssh/id_dsa.pub [email protected]:.ssh/authorized_keys
    you need to make sure that the home dir in jerry (remote computer) has a .ssh folder. Other wise, you need to create this folder in the remote computer before executing the above command.

  6. Dear Experts,

    I have one HP and other Solaris, say hp1 and sol1
    Created DSA key in hp1 populated public key to sol1 and appended in authorized_keys
    But while I am doing ssh it is asking password.
    During troubleshooting it was showing the following output:
    bash$ sftp -v -v -v [email protected]
    Connecting to sol1…
    OpenSSH_4.3p2-hpn, OpenSSL 0.9.7i 14 Oct 2005
    HP-UX Secure Shell-A.04.30.000, HP-UX Secure Shell version
    debug1: Reading configuration data /opt/ssh/etc/ssh_config
    debug3: RNG is ready, skipping seeding
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to sol1 [10.23.45.67] port 22.
    debug1: Connection established.
    debug1: identity file /batch/.ssh/id_rsa type -1
    debug3: Not a RSA1 key file /batch/.ssh/id_dsa.
    debug2: key_type_from_name: unknown key type ‘—–BEGIN’
    debug3: key_read: missing keytype
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug2: key_type_from_name: unknown key type ‘—–END’
    debug3: key_read: missing keytype
    debug1: identity file /batch/.ssh/id_dsa type 2
    debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
    debug1: no match: Sun_SSH_1.1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.3p2-hpn
    debug2: fd 5 setting O_NONBLOCK
    debug3: RNG is ready, skipping seeding
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gro
    up14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1
    28,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-c
    tr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1
    28,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-c
    tr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected]
    ssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected]
    ssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,[email protected],zlib
    debug2: kex_parse_kexinit: none,[email protected],zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellm
    an-group-exchange-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
    debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: i-default
    debug2: kex_parse_kexinit: i-default
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_init: found hmac-md5
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug2: mac_init: found hmac-md5
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug2: dh_gen_key: priv key bits set: 142/256
    debug2: bits set: 506/1024
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug3: check_host_in_hostfile: filename /batch/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 1
    debug3: check_host_in_hostfile: filename /batch/.ssh/known_hosts
    _hosts
    debug3: check_host_in_hostfile: match line 1
    debug1: Host ‘sol1’ is known and matches the RSA host key.
    debug1: Found key in /batch/.ssh/known_hosts:1
    debug2: bits set: 514/1024
    debug1: ssh_rsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /batch/.ssh/known_hosts/id_rsa (0)
    debug2: key: /batch/.ssh/known_hosts/id_dsa (4002ecf8)
    debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publicke
    y,password,keyboard-interactive
    debug3: start over, passed a different list gssapi-keyex,gssapi-with-mic,publick
    ey,password,keyboard-interactive
    debug3: preferred publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Trying private key: /batch/.ssh/known_hosts/id_rsa
    debug3: no such identity: /batch/.ssh/known_hosts/id_rsa
    debug1: Offering public key: /batch/.ssh/known_hosts/id_dsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publicke
    y,password,keyboard-interactive
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup keyboard-interactive
    debug3: remaining preferred: password
    debug3: authmethod_is_enabled keyboard-interactive
    debug1: Next authentication method: keyboard-interactive
    debug2: userauth_kbdint
    debug2: we sent a keyboard-interactive packet, wait for reply
    debug2: input_userauth_info_req
    debug2: input_userauth_info_req: num_prompts 1
    Password:

    Please provide your feed back

    Thanks in advance
    Nazoor

  7. I’ve set up ssh with DSA public key authentication to be able to scp without a password. I’ve got a script that I run from a Red Hat Linux box (v.4 64-bit) that uses scp to copy a couple of files to a Solaris box, which works fine without a password. (It also works copying to a Mac OSX box.) However, the exact same script doesn’t work when I try to call it from a cron job.

    The relevant differences of the very verbose log files from (1.) the successful commmand-line scp and (2.) the failed cron job scp are below. Do you have any ideas of how to get my cron scp job to work? I notice that the unsuccessful script run from the cron job looks in .sssh/identity and .ssh/id_rsa first (for a private key?) before looking in .ssh/id_dsa. Though the script run from the cron job eventually accepts the public key, the PEM_read_PrivateKey fails immediately thereafter and the copy fails. Conversely, and successfully, the same script called from the command line checks in .ssh/id_dsa first and succeeds with the publickey authentication (without ever looking at .ssh/identity and .ssh/id_rsa twice!) I’d very much appreciate any help you may be able to lend. Thanks very much.

    1. Successful scp called from command-line script

    Executing: program /usr/bin/ssh host test.ucsd.edu, user Foobar, command scp -v -p -t /Users/Foobar/Documents
    OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
    debug1: Reading configuration data /etc/ssh/ssh_config
    . . .
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /home/Foobar/.ssh/id_dsa (0x. . .)
    debug2: key: /home/Foobar/.ssh/identity ((nil))
    debug2: key: /home/Foobar/.ssh/id_rsa ((nil))
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
    debug1: Next authentication method: gssapi-with-mic
    debug2: we sent a gssapi-with-mic packet, wait for reply
    debug1: Miscellaneous failure
    Unknown code krb5 195
    
    debug1: Trying to start again
    debug2: we sent a gssapi-with-mic packet, wait for reply
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
    debug2: we did not send a packet, disable method
    debug1: Next authentication method: publickey
    debug1: Offering public key: /home/Foobar/.ssh/id_dsa
    debug2: we sent a publickey packet, wait for reply
    debug1: Server accepts key: pkalg ssh-dss blen 433
    debug2: input_userauth_pk_ok: fp 3f:4a:64: . . .
    debug1: Authentication succeeded (publickey).
    . . .
    debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds
    debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
    debug1: Exit status 0

    2. Unsuccessful scp called from cron-job script

    Executing: program /usr/bin/ssh host test.ucsd.edu, user Foobar, command scp -v -p -t /Users/Foobar/Documents
    OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
    debug1: Reading configuration data /etc/ssh/ssh_config
    . . .
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /home/Foobar/.ssh/identity ((nil))
    debug2: key: /home/Foobar/.ssh/id_rsa ((nil))
    debug2: key: /home/Foobar/.ssh/id_dsa (0x. . .)
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
    debug1: Next authentication method: gssapi-with-mic
    debug2: we sent a gssapi-with-mic packet, wait for reply
    debug1: Miscellaneous failure
    Unknown code krb5 195
    
    debug1: Trying to start again
    debug2: we sent a gssapi-with-mic packet, wait for reply
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
    debug2: we did not send a packet, disable method
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/Foobar/.ssh/identity
    debug1: Trying private key: /home/Foobar/.ssh/id_rsa
    debug1: Offering public key: /home/Foobar/.ssh/id_dsa
    debug2: we sent a publickey packet, wait for reply
    debug1: Server accepts key: pkalg ssh-dss blen 433
    debug2: input_userauth_pk_ok: fp 3f:4a:64: . . .
    debug1: PEM_read_PrivateKey failed
    . . .
    debug1: No more authentication methods to try.
    Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive).
    lost connection
  8. @ Milan:

    I had the same problem but was able to rectify it by adding option -i to my scp command and pointing it to my user’s identify file like so:

    scp -B -i /home/my_user filename_to_transfer.txt [email protected]:

    I think that without specifying my_user’s identify file, it default’s to the cron user’s which would could an authentication failure.

    Hope this helps.

  9. Paul,

    Thanks for the suggestion, which I’m guessing just might do the trick. I think I tried using -B without luck but I didn’t try -i. Coincidentally, I finally resolved the impasse just yesterday by giving up on DSA and switching to RSA authentication! Thanks again for the very relevant help.

  10. I have followed these steps to the letter, and I am still getting these errors:

    satwasdev01[/home/mvnuser/.ssh]$ ssh -vvv -i /home/mvnuser/.ssh/id_dsa.pub ic>
    OpenSSH_4.6p1 (CentrifyDC build 3.0.7-745), OpenSSL 0.9.8e (CentrifyDC build 3.0.7-745) 23 Feb 2007
    debug1: Reading configuration data /etc/centrifydc/ssh/ssh_config
    debug1: Applying options for *
    debug3: RNG is ready, skipping seeding
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to icosqas2 [10.9.245.67] port 22.
    debug1: Connection established.
    debug3: Not a RSA1 key file /home/mvnuser/.ssh/id_dsa.pub.
    debug1: identity file /home/mvnuser/.ssh/id_dsa.pub type 2
    debug1: Remote protocol version 2.0, remote software version OpenSSH_4.6
    debug1: match: OpenSSH_4.6 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.6
    debug2: fd 3 setting O_NONBLOCK
    debug1: Miscellaneous failure
    No credentials cache found
    
    debug1: Miscellaneous failure
    No credentials cache found
    
    debug3: RNG is ready, skipping seeding
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,[email protected],zlib
    debug2: kex_parse_kexinit: none,[email protected],zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,[email protected]
    debug2: kex_parse_kexinit: none,[email protected]
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_init: found hmac-md5
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug2: mac_init: found hmac-md5
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug2: dh_gen_key: priv key bits set: 138/256
    debug2: bits set: 492/1024
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug3: check_host_in_hostfile: filename /home/mvnuser/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 1
    debug3: check_host_in_hostfile: filename /home/mvnuser/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 1
    debug1: Host 'icosqas2' is known and matches the RSA host key.
    debug1: Found key in /home/mvnuser/.ssh/known_hosts:1
    debug2: bits set: 482/1024
    debug1: ssh_rsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /home/mvnuser/.ssh/id_dsa.pub (2005c358)
    debug3: input_userauth_banner
    This is a protected computer system. Unauthorized access is prohibited. This computer system including all related equipment, networks, and network devices is provide only for authorized Harland Clarke use.  Harland Clarke computer systems may be monitored for lawfull purposes, including approved Harland Clarke security testing.  Use of this Harland Clarke computer system authorized or unauthorized constitutes consent to monitoring of this system. Unauthorized use may subject you to criminal prosecution.
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
    debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
    debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
    debug3: authmethod_lookup gssapi-keyex
    debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
    debug3: authmethod_is_enabled gssapi-keyex
    debug1: Next authentication method: gssapi-keyex
    debug1: No valid Key exchange context
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup gssapi-with-mic
    debug3: remaining preferred: publickey,keyboard-interactive,password
    debug3: authmethod_is_enabled gssapi-with-mic
    debug1: Next authentication method: gssapi-with-mic
    debug1: Miscellaneous failure
    No credentials cache found
    
    debug1: Miscellaneous failure
    No credentials cache found
    
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Offering public key: /home/mvnuser/.ssh/id_dsa.pub
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup password
    debug3: remaining preferred: ,password
    debug3: authmethod_is_enabled password
    debug1: Next authentication method: password
    [email protected]'s password:

    Please help!!

  11. I installed OpenSSH on my windows PC (jerry here).
    I have a unix box (tom here).
    I’ve done all the steps mentioned here.
    But when i’m trying to sftp from the unix box to the Windows PC, it is again asking for password.
    Is this because the remote server is a windows pc with openSSH installed on it?
    Kindly help.

  12. I trying to login from a solaris box(local machine : daytona) to solaris box(remote machine : voltest).
    my username in daytona : bpadhy
    i tried to login to the voltest using the below command
    sftp [email protected]
    but it still asks for password.

    Can anyone help me in this regard.

  13. Hi, I followed the exact steps and in the same session I was able to do a password less login. But when I opened a new session, I couldnt do it until I again typed:
    $ exec /usr/bin/ssh-agent $SHELL
    $ ssh-add

    Do I need to type this in every new session? If yes, then it doesnt serve the purpose.

  14. It should be pointed out that the tutorial, as is, will NOT work with backup scripts which
    is probably the primary reason many of us came to this link. This will allow you to log in
    during a session without a password.

    There needs to be clear instructions on scripting and backups using keys for this tutorial
    to ROCK. Great information and I don’t mean to be course or an ungrateful bastard, this is a great site …however. Do we need keychain for this functionality? I hope the answer is no because keychain is a PITA.

    Thanks ~

    Bub

  15. Hi I have two machine from machine 1 Ima trying to do password less ssh to machine 2, generated a dsa key on machine 1 user/.ssh folder. I got private and publick dsa keys there. copied the content of pub key file and paste it to machine2 user/.ssh folder authorized_key file in the end.
    but now when trying to login from machine 1 to machine 2 it asks for password, verbose mode gives below in short.

    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Offering public key: /var/smarthkp/.ssh/id_dsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
    debug1: Offering public key: /var/smarthkp/.ssh/id_dsa_s3c
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
    debug1: Trying private key: /var/smarthkp/.ssh/identity
    debug3: no such identity: /var/smarthkp/.ssh/identity
    debug1: Trying private key: /var/smarthkp/.ssh/id_rsa
    debug3: no such identity: /var/smarthkp/.ssh/id_rsa
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup keyboard-interactive
    debug3: remaining preferred: password
    debug3: authmethod_is_enabled keyboard-interactive
    debug1: Next authentication method: keyboard-interactive
    debug2: userauth_kbdint
    debug2: we sent a keyboard-interactive packet, wait for reply
    debug2: input_userauth_info_req
    debug2: input_userauth_info_req: num_prompts 1
    Password:

    Please help….

  16. I followed the procedure and its perfect.
    I have another question.
    Requirements: I want to assign my root account with a DSA key so that only with that specific DSA
    can use the root account
    How can I achieve this?

    Thanks

  17. Hi ,

    Even i followed same step but it worked from for first time but 1 week that my backup was not happening ,,then when i checked i was not able to login to remote system without password …

    And regenerated the key also but still not working .. But from the remote system to local machine its working ,, wat may be the fundAA!!!!!!!!!!!..

  18. Hi it works fine for me ,but everytime i close the putty and try to do scp again it asks for the passphrase again .so each time i login afresh i have to start the ssh-agent and the ssh-add
    ….like i m wondering if there is a better way to do it?

  19. I tested if computer A64 [intel(R) Xeon(R) dual quadcore, RedHat Enterprise Linux v5.4, 64-bit] and B32 [Intel(R) Core(TM)2 Duo CPU, Oracle-VitualBox-enabled-linux-Fedora-13 in MS Windows XP Professional V2002, 32-bit] can communicate with each other via ssh without password.

    Here is what I did:
    (1) Used either rsa or dsa, connection from B32 to A64 is ok via ssh without password.

    (2) Neither rsa nor the dsa instruction on the top of this page enabled me to make a passwordless connection from A64 to B32. The error message was similar to (a) Dhananjay October 6, 2009 and (b) Brian A July 16, 2009;

    ssh -vvv 146.114.64.235 -p 22
    OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to 146.114.64.235 [146.114.64.235] port 22.
    debug1: Connection established.
    debug1: identity file /home/plivings/.ssh/identity type -1
    debug3: Not a RSA1 key file /home/plivings/.ssh/id_rsa.
    debug2: key_type_from_name: unknown key type ‘—–BEGIN’
    debug3: key_read: missing keytype
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug2: key_type_from_name: unknown key type ‘—–END’
    debug3: key_read: missing keytype
    debug1: identity file /home/plivings/.ssh/id_rsa type 1
    debug3: Not a RSA1 key file /home/plivings/.ssh/id_dsa.
    debug2: key_type_from_name: unknown key type ‘—–BEGIN’
    debug3: key_read: missing keytype
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug2: key_type_from_name: unknown key type ‘—–END’
    debug3: key_read: missing keytype
    debug1: identity file /home/plivings/.ssh/id_dsa type 2
    debug1: loaded 3 keys
    debug1: Remote protocol version 2.0, remote software version OpenSSH_5.4
    debug1: match: OpenSSH_5.4 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.3
    debug2: fd 3 setting O_NONBLOCK
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,[email protected],zlib
    debug2: kex_parse_kexinit: none,[email protected],zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,[email protected]
    debug2: kex_parse_kexinit: none,[email protected]
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_init: found hmac-md5
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug2: mac_init: found hmac-md5
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug2: dh_gen_key: priv key bits set: 122/256
    debug2: bits set: 505/1024
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug3: check_host_in_hostfile: filename /home/plivings/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 1
    debug1: Host '146.114.64.235' is known and matches the RSA host key.
    debug1: Found key in /home/plivings/.ssh/known_hosts:1
    debug2: bits set: 495/1024
    debug1: ssh_rsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /home/plivings/.ssh/identity ((nil))
    debug2: key: /home/plivings/.ssh/id_rsa (0x2b860e4783f0)
    debug2: key: /home/plivings/.ssh/id_dsa (0x2b860e47dfd0)
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
    debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
    debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
    debug3: authmethod_lookup gssapi-with-mic
    debug3: remaining preferred: publickey,keyboard-interactive,password
    debug3: authmethod_is_enabled gssapi-with-mic
    debug1: Next authentication method: gssapi-with-mic
    debug3: Trying to reverse map address 146.114.64.235.
    debug1: Unspecified GSS failure. Minor code may provide more information
    Unknown code krb5 195

    debug1: Unspecified GSS failure. Minor code may provide more information
    Unknown code krb5 195

    debug1: Unspecified GSS failure. Minor code may provide more information
    Unknown code krb5 195

    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/plivings/.ssh/identity
    debug3: no such identity: /home/plivings/.ssh/identity
    debug1: Offering public key: /home/plivings/.ssh/id_rsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
    debug1: Offering public key: /home/plivings/.ssh/id_dsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup password
    debug3: remaining preferred: ,password
    debug3: authmethod_is_enabled password
    debug1: Next authentication method: password
    "

    From the above record, it is shown that
    (a) A64 tried rsa before dsa.
    (b) The OpenSSH version5.4 in Fedora13 was newer than the OpenSSH version4.3 in RHEL5.4.
    (c) In the beginning of the passwordless ssh connection attempt, the authentication process checked among ( publickey, gssapi-keyex, gssapi-with-mic, password ).
    (d) Error message with regard to the public key seems to be:
    ____________________________________________________________________
    Next authentication method: publickey
    debug1: Trying private key: /home/plivings/.ssh/identity
    debug3: no such identity: /home/plivings/.ssh/identity
    debug1: Offering public key: /home/plivings/.ssh/id_rsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
    debug1: Offering public key: /home/plivings/.ssh/id_dsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
    debug2: we did not send a packet, disable method
    ____________________________________________________________________

    (e) It is kind of confusing to read the last three lines of the error message in (d), isn't it?

    Could any expert or seasoned ssh developer provide a tip for me to get through this barrier?

    Thanks and have a nice weekend.

  20. We wish to devlope the software with cd-lock protection.
    – there is 90 days validity.
    – Cd copy is not possible.
    – Installation process
    – Automatic System key generate.
    – Provide registration key via Phone on basis of System key.

  21. And for those of you on hp-ux 11.31, (or other O/Ses) resist the tempation to add these lines into your .bashrc / ,bash_profile, because you will, like me, lock yourself out :-

    exec /usr/bin/ssh-agent $SHELL
    ssh-add

    Shame :(

  22. While transferring the files from one server to another, if the file contains a colon(:) then it is assuming the file name before colon as server name and giving the error “host nor service provided, or not known”

    For ex: scp -pq copy:temp.txt [email protected]:/home/user/bin/.

    If the file name is “s:temp.txt”, it is taking “copy” as server name… Any suggestions on how to resolve this issue?

  23. Hi,

    I am connecting to a Linux machine using the sftp2 command to fetch a file.I have followed these steps but it still asks for a password.

    Please reply to this query

  24. Hi,
    I have setup the SSH keys for passwordless login as u mentioned above. But when I use the automated sftp script in crontab it fails when executed manually it executes.

    Please let me know what might be the issue.

  25. Hey all,
    I am suffering with an error which says “debug3: key_read: missing keytype” and a list of lines which say “Missing key” — BEGIN and –END.
    I am trying to connect to Ubuntu 11 Linux machine (Server) from a MAC OS X using remote login SSH.
    I have understood the concept that after setting permissions and generating keys on both the machines, have to add the id_rsa.pub or id_dsa.pub contents of MAC to authorized_keys of Ubuntu (Server).
    But it shows the above outcome. Please help!!!

  26. Hello friends,
    There is many question regarding ssh/etc command. but not able to find my answer.

    I want a command like Unix ssh or … in such way
    ssh @ -file

    Problem is, I have to provide write permission to others (no count) to different file in different path in my home area (through script, so that I can control affected area).

    Yes, I have option of public key generation and ask other to copy in their home .ssh area, so that they can have write access to my home area. But in this case they have permission all the time.

    Is there are any way to doing so.
    Please revert back to me, any confusion in this problem.

    Regards
    Rohit

  27. just me requirement, as it seems site have update message for special char.

    I want a command like Unix ssh or … in such way
    ssh @ -file

    AS

    I want a command like Unix ssh or … in such way that i can pass password or encrypted passwd file or command
    ssh [email protected] -file encrypted_password_file

  28. I have followed the same steps for password less connection. But when I am executing the script It prompts for password.

    On local machine. it gives me the below error :–

    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Next authentication method: publickey
    debug1: Offering agent key: /home/app/users/srmwrk2/.ssh/id_dsa
    debug1: Server accepts key: pkalg ssh-dss blen 433 lastkey 75520 hint -1
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Trying private key: /home/app/users/srmwrk2/.ssh/id_rsa
    debug1: Trying public key: /home/app/users/srmwrk2/.ssh/id_dsa
    debug1: Server accepts key: pkalg ssh-dss blen 433 lastkey 6f048 hint 1
    debug1: read PEM private key done: type DSA
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Next authentication method: keyboard-interactive
    Password:
    debug1: Authentications that can continue: publickey,keyboard-interactive
    debug1: Next authentication method: keyboard-interactive
    Password:

  29. Issue : sftp utility fails when it gets executed from oracle user ( or when the script is being executed from Concurrent Program – oracle application) – whereas the same is working fine from unix box,i can able to transfer the file .can any one help me on this ?

    Error : ssh_askpass: exec(/usr/lib/ssh/ssh-askpass): No such file or directory
    Host key verification failed.
    lost connection

  30. Dear All
    I am not able to get ssh of a remote server . How will i get the console of the server. ( ssh is not working and vnc is also not allowed .) . What is the otherway you can access the server

  31. Hi,

    As per my requirement i need to run some shell scripts from Unix Box B and the scripts exist on Unix Box A, we were actually used rsh now we want to replace it with ssh.

    I follwed the same steps like,

    OnUnix Box B
    1)ssh-keygen -t dsa –it generated 2 files called id_dsa.pub and id_dsa
    2)Then i tried to copy id_dsa.pub to Unix Box B using below command,
    scp -v ~/home/esbadmin/.ssh/id_dsa.pub [email protected]:home/esbadmin/.ssh/authorized_keys2

    Now i get propmt for asking password ..i entered the password and it’s givving me like
    lost connection..
    isbfns05:esbadmin:/home/esbadmin> scp -v ~/home/esbadmin/.ssh/id_dsa.pub [email protected]:home/esbadmin/.ssh/authorized_keys2
    Executing: program /usr//bin/ssh host isbfns06, user esbadmin, command scp -v -t — home/esbadmin/.ssh/authorized_keys2
    OpenSSH_5.4p1, OpenSSL 0.9.8m 25 Feb 2010
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
    0509-026 System error: A file or directory in the path name does not exist.

    debug1: Error loading Kerberos, disabling Kerberos auth.
    debug1: Connecting to isbfns06 [205.145.78.171] port 22.
    debug1: Connection established.
    debug1: identity file /home/esbadmin/.ssh/id_rsa type -1
    debug1: identity file /home/esbadmin/.ssh/id_rsa-cert type -1
    debug1: identity file /home/esbadmin/.ssh/id_dsa type 2
    debug1: identity file /home/esbadmin/.ssh/id_dsa-cert type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_5.4
    debug1: match: OpenSSH_5.4 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.4
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024

    i have tried copying .ssh forlder manuallu from Unix Box B to Unix Box A
    and tried exexuting some scripts like below ,

    ssh [email protected] ../hyperion/scripts/maxl/Dep_Test/File_to.sh
    it’s again asking me the password and i have given it and throwing error like”connection lost”
    suggest me where am lagging..

  32. Deepa ,

    When you generate dsa key using “ssh-keygen -t dsa ” can you try pressing “enter” and try the same routine once without using a phassphrase . Moving the entire .ssh key would not be the best method cause you might expose the private key as well.

  33. I’ve tried above method for my fedora 17 box and it was working fine. Later today I was getting some error while doing ssh from my laptop putty and other unix box.

    Error ” Permission denied (publickey,gssapi-keyex,gssapi-with-mic).”
    and, from putty “Disconnected: No supported authentication method available (Server sent: publickey,gssapi-keyex,gssapi-with-mic)”

    anyone please help me with this connection issue. Thanks for your time!

  34. hi All,
    Just a question: I have two server one is active and other is passive.I have created the auth keys in active server and i have shared the keys with other[external] systems.But on monthly basis I will fail-over the application from active to passive.Do i need to create the keys again in passive server and share it with external systems again during the failover ?if so is there any other way to overcome it? I am using SunOS5.10 and the disk is shared between active and passive servers.

  35. I have configured SSH on both the Servers.
    I am able to connect A server to B server, In the same process is it possible to connect B server to A server.
    If It possible can u tell me the steps to config.

  36. I have had this setup for years but I broke it this week with an rsync typo.
    Thanks to Yuan Sun above I have it now fixed.
    The issue was my home directory had gotten write permission to group on it.
    This was forcing ssh to prompt for a password no matter what i had setup in the keys.
    So.. if you are still having issues you may want to look to your home.
    755 is a thing of beauty now!
    ;)

  37. I have one server where I have home directories with 777, this is required for report generation and file processing. Running SFTP using keys is not a problem in the server as long as the .ssh directory is 700 and the authorized_keys file is 600.

    I have a second server with similar requirements requiring 777 on the home directory. I have .ssh at 700 and authorized keys set at 600, but this one doesn’t work. Is this a setting somewhere? Maybe in the sshd_config file. I’ve compared but I don’t see it. Is it somewhere else? maybe ssh_config?

  38. Found the problem. I corrected the permissions on the .ssh directory using chmod 700. But when I did ls -ltra in the .ssh directory, the .. directory still had missions of 770. So I had to also change the permission to 700 for the .. directory . Then I was not prompted a password.

  39. Most common cause for the public key not working are the file and folder permissions. The connection was requesting password even after I had installed the public key on the server. Then I changed the .ssh and the home folder permission to 755 and authorized_keys permission to 644 and everything is now ok.

  40. I was having trouble getting this to work on Centos 6.8. It kept asking for a password. When I set selinux into permissive mode, it started working. The solution was to run the following command:

    restorecon -R -v /root/.ssh

    After re-enabling selinux, everything worked fine.

Leave a Comment