Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ssh-copy-id FAIL!



Hi Folks,

I am having a weird 'twilight zone' situation with my two servers and
using passwordless RSA key exchange authentication. Basically, it is
failing in one direction.

I have two machines, A (10.6.1.87) and machine B (10.6.1.86). Both run
CentOS, both have latest packages of ssh etc.

On Machine A, as user 'user' :

 - create rsa key  (works)
 - 'ssh-copy-id -i ~/.ssh/id_rsa.pub user-Vytmb24aE72l5wQoFSNtmw at public.gmane.org' (works)
 - 'ssh user-Vytmb24aE72l5wQoFSNtmw at public.gmane.org' lets me log into machine B (10.6.1.86) without
requiring a password. This is what I want.


On Machine B, as user 'user' :

 - create rsa key  (works)
 - ssh-copy-id -i ~/.ssh/id_rsa.pub user-Vytmb24aE70LEDhOzmVu6g at public.gmane.org (works)
 - 'ssh user-Vytmb24aE72l5wQoFSNtmw at public.gmane.org' prompts for a password. This is not what I want.


--------

Things I have tried.

Upgrade ssh on both machines.
 - re-keying both machines
 - checking values in /etc/sysconfig/network so that the "HOSTNAME"
value in the file is correct for each machine. 
 - confirmed that the returned value of 'uname -a' and 'uname -n' are as
expected.
 - checked that the returned value of 'hostname' are as expected.
 - confirmed that pinging the 'other machines' name returns the expected
IP address
 - deleted the 'other machine' from each machines arp cache, re pinged
and checked arp table.
 - checked the permissions of the '.ssh' directory opn each machine, and
even opened them (755) wide open to see if that helped (nope)
 - run the ssh from machine B to machine A with the -vv option and I got
interesting information (see below)

-----

Under debug I see this from the connection from A to B (this one
works) :
<snip Machine A to B debug output>

debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/production/.ssh/identity
debug3: no such identity: /home/production/.ssh/identity
debug1: Offering public key: /home/production/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: SHA1 fp
48:b1:4a:33:ae:a6:e6:5c:f7:89:82:90:ce:ca:f9:e5:b9:1d:b7:c1
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start

</snip Machine A to B debug output>


However, when I run this same thing on Machine B (going to machine A)
the output looks like this ....:
<snip Machine B to A debug output>


debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/production/.ssh/identity
debug3: no such identity: /home/production/.ssh/identity
debug1: Offering public key: /home/production/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password
debug1: Trying private key: /home/production/.ssh/id_dsa
debug3: no such identity: /home/production/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
production-Vytmb24aE70LEDhOzmVu6g at public.gmane.org's password: 

</snip Machine B to A debug output>


As you can see, it appears as if machine A does not respond to the
passing of the publickey packet.
This has eaten a whole day of my time, and in turn I have eaten every
piece of junk food within 500 feet of my desk! Please can anyone point
me in the right direction or help me out, as I dont thing I can handle
any more junk food, and I'm really really baffled !

thanks

Richard








BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org