ssh-copy-id FAIL!
theBlueSage
tbs-Gb/NUjX2UK8 at public.gmane.org
Thu Oct 15 12:05:11 EDT 2009
Hi Folks,
I am having a weird 'twilight zone' situation with my two servers and
using passwordless RSA key exchange authentication. Basically, it is
failing in one direction.
I have two machines, A (10.6.1.87) and machine B (10.6.1.86). Both run
CentOS, both have latest packages of ssh etc.
On Machine A, as user 'user' :
- create rsa key (works)
- 'ssh-copy-id -i ~/.ssh/id_rsa.pub user-Vytmb24aE72l5wQoFSNtmw at public.gmane.org' (works)
- 'ssh user-Vytmb24aE72l5wQoFSNtmw at public.gmane.org' lets me log into machine B (10.6.1.86) without
requiring a password. This is what I want.
On Machine B, as user 'user' :
- create rsa key (works)
- ssh-copy-id -i ~/.ssh/id_rsa.pub user-Vytmb24aE70LEDhOzmVu6g at public.gmane.org (works)
- 'ssh user-Vytmb24aE72l5wQoFSNtmw at public.gmane.org' prompts for a password. This is not what I want.
--------
Things I have tried.
Upgrade ssh on both machines.
- re-keying both machines
- checking values in /etc/sysconfig/network so that the "HOSTNAME"
value in the file is correct for each machine.
- confirmed that the returned value of 'uname -a' and 'uname -n' are as
expected.
- checked that the returned value of 'hostname' are as expected.
- confirmed that pinging the 'other machines' name returns the expected
IP address
- deleted the 'other machine' from each machines arp cache, re pinged
and checked arp table.
- checked the permissions of the '.ssh' directory opn each machine, and
even opened them (755) wide open to see if that helped (nope)
- run the ssh from machine B to machine A with the -vv option and I got
interesting information (see below)
-----
Under debug I see this from the connection from A to B (this one
works) :
<snip Machine A to B debug output>
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/production/.ssh/identity
debug3: no such identity: /home/production/.ssh/identity
debug1: Offering public key: /home/production/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: SHA1 fp
48:b1:4a:33:ae:a6:e6:5c:f7:89:82:90:ce:ca:f9:e5:b9:1d:b7:c1
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
</snip Machine A to B debug output>
However, when I run this same thing on Machine B (going to machine A)
the output looks like this ....:
<snip Machine B to A debug output>
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/production/.ssh/identity
debug3: no such identity: /home/production/.ssh/identity
debug1: Offering public key: /home/production/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password
debug1: Trying private key: /home/production/.ssh/id_dsa
debug3: no such identity: /home/production/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
production-Vytmb24aE70LEDhOzmVu6g at public.gmane.org's password:
</snip Machine B to A debug output>
As you can see, it appears as if machine A does not respond to the
passing of the publickey packet.
This has eaten a whole day of my time, and in turn I have eaten every
piece of junk food within 500 feet of my desk! Please can anyone point
me in the right direction or help me out, as I dont thing I can handle
any more junk food, and I'm really really baffled !
thanks
Richard
More information about the Discuss
mailing list