SSH promts for password

Support for security such as Firewalls and securing linux
Post Reply
nmurali2
Posts: 1
Joined: 2007/02/25 03:47:59

SSH promts for password

Post by nmurali2 » 2007/02/25 16:56:04

I set up my Linux box 1 (mkas1) with RSA and DSA keys generated for the users root and oracle. I also copied the public keys from another linux box 2 (mkas2) and appended the public keys to the authorized_keys one box1 and vice versa.

The issue I have is.
On mkas1:
"ssh mkas1 date" as user oracle always prompts for password.
"ssh mkas1 date" as user root works well without prompting for the password.
"ssh mkas2 date" as user oracle and root works good.

On mkas2:
"ssh mkas1 date" as user oracle always prompts for password.
"ssh mkas1 date" as user root works well without prompting for the password.
"ssh mkas2 date" as user oracle and root works good.

Any one knows what is the issue with oracle ID? Any help on this will be highly appreciated. Given below is the debug output for root and oracle IDs.

Here is debug out for when executed as root which works good:
[root@localhost bin]# ssh -v mkas1 date
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to mkas1 [192.168.2.3] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024
Enter passphrase for key '/root/.ssh/id_rsa':
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending command: date
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: forcing write
Sat Feb 24 22:09:33 EST 2007
debug1: channel 0: free: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0
[root@localhost bin]#

Here is the output for user oracle which always prompts for password:
[root@localhost bin]# su - oracle
[oracle@localhost ~]$ ssh -v mkas1 date
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to mkas1 [192.168.2.3] port 22.
debug1: Connection established.
debug1: identity file /apps/oracle/.ssh/identity type -1
debug1: identity file /apps/oracle/.ssh/id_rsa type 1
debug1: identity file /apps/oracle/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'mkas1' is known and matches the RSA host key.
debug1: Found key in /apps/oracle/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /apps/oracle/.ssh/identity
debug1: Offering public key: /apps/oracle/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Offering public key: /apps/oracle/.ssh/id_dsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: password
oracle@mkas1's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending command: date
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: forcing write
Sat Feb 24 22:11:38 EST 2007
debug1: channel 0: free: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0

michaelnel
Posts: 1478
Joined: 2006/05/29 16:50:11
Location: San Francisco, CA

SSH promts for password

Post by michaelnel » 2007/02/28 18:23:53

Make sure the authorized_keys file is rw only for the owner. Having looser permissions on that file has bitten me many times with similar symptoms to yours. I have mine at mode 600.

ryanclaw
Posts: 1
Joined: 2007/03/05 08:38:16
Contact:

Re: SSH promts for password

Post by ryanclaw » 2007/03/05 08:41:54

I got same problem from your replied post but after doing your suggestion I got it working.. thanks

michaelnel
Posts: 1478
Joined: 2006/05/29 16:50:11
Location: San Francisco, CA

Re: SSH promts for password

Post by michaelnel » 2007/03/05 20:41:51

[quote]
ryanclaw wrote:
I got same problem from your replied post but after doing your suggestion I got it working.. thanks[/quote]

Great! That's one right answer in a row for me!

Post Reply

Return to “CentOS 4 - Security Support”