Mailing List Archive

Hi all,

I reported this issue to the owner of the list before with no response yet,
but I really couldn't get ssh publik key authentication work in Mandriva 2007
when I used ssh-keygen to create a key. I have a key which was created by
WinSCP, perfectly working at the moment. This key, however is incompatible
with openssh, can not be converted to this format, therefore I wanted to
create a key from my linux box by ssh-keygen. The process works fine, asking
for the name of the key file and passphrase etc., and at the end it creates
id_rsa and id_rsa.pub files, under .ssh/. I copy the id_rsa.pub file to
$/.ssh/authorized_keys file of the server machine, with read/write privileges
for owner, read privileges for group and none for others. I restart sshd,
although I am not sure if this is needed. Then I try to login to the server
from the other linux box. Here is the output of `ssh servername -v' command:

OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to shebiaruz [192.168.0.4] port 443.
debug1: Connection established.
debug1: identity file /home/fatosh/.ssh/identity type -1
debug1: identity file /home/fatosh/.ssh/id_rsa type 1
debug1: identity file /home/fatosh/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'shebiaruz' is known and matches the RSA host key.
debug1: Found key in /home/fatosh/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/fatosh/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /home/fatosh/.ssh/identity
debug1: Offering public key: /home/fatosh/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /home/fatosh/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).

What am I missing here?

Thanks,

Hakan

Hi list,

This question concerns: OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003, and possibly
other versions.

I've noticed the following error message appears frequently in syslogs for many
systems I administer:

---snip---
Jun 28 09:02:31 hostname sshd[8062]: Postponed publickey for account from
ip_address port 39397 ssh2
---snip---

What does "postponed" mean in this context? When I test public key
authentication, I can authenticate successfully. There doesn't appear to be any
(noticeable) delay when authenticating.

I've searched this list and googled around for this error message. Others have
asked about it but I haven't found a reply that adequately explains what is
really going on.

Does this indicate a problem with a client/server configuration or is the
message purely informational?

Thanks,

Paul

hey folks. just a quick question
regarding the latest OpenSSh Patch from
http://cybnet.ch/misc/opensource/openssh-5.3p1-chroot.patch
... the problem is when i useradd test -d /home/chroot/home/test/./
the user logging in does not get chrooted.
does this patch require me to build a standard jail in /home/chroot/ ?


Linux User #431295

Hi all,

I'm writing a script which will log into a list of servers if they have public/private keypairs set up. If a server doesn't, I want the script to move on to the next server rather than wait at a password prompt.

I'm using OpenSSH version 5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007 on both client and server.

I'm using this command:

ssh root@IP -o PasswordAuthentication=no KbdInteractiveAuthentication=no

This works for most servers, but not all (on some of them the script halts at a password prompt). I suspect those servers may run an older version of SSH which doesn't support the options I'm providing. Any ideas? Thanks for any help.

Jannik

On Mon, Apr 19, 2010 at 02:16:46PM +0100, Jannik Sundø wrote:
> I'm writing a script which will log into a list of servers if they
> have public/private keypairs set up. If a server doesn't, I want the
> script to move on to the next server rather than wait at a password
> prompt.
>
> I'm using this command:
> ssh root@IP -o PasswordAuthentication=no KbdInteractiveAuthentication=no

You might also try BatchMode=yes, though I would expect if the above
doesn't work, that wouldn't either. Worth a shot maybe.

--
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0x81CFE75D

> On Mon, Apr 19, 2010 at 02:16:46PM +0100, Jannik Sundø wrote:
>> I'm writing a script which will log into a list of servers if they
>> have public/private keypairs set up. If a server doesn't, I want the
>> script to move on to the next server rather than wait at a password
>> prompt.
>>
>> I'm using this command:
>> ssh root@IP -o PasswordAuthentication=no KbdInteractiveAuthentication=no

Found elsewhere on the web and modified.... in bash,

( ssh root@IP -o PasswordAuthentication=no KbdInteractiveAuthentication=no
) & sleep 5 ; kill $!

Assuming whatever you're doing on the list of servers will take 5 seconds
to complete and continue.. if not, replace the 5 in the sleep with however
long it will take to complete the task.

If it hangs at a password prompt, it'll only hang for the sleep timer and
then continue on.

On 04/19/2010 03:16 PM, Jannik Sundø wrote:
> Hi all,
>
> I'm writing a script which will log into a list of servers if they have public/private keypairs set up. If a server doesn't, I want the script to move on to the next server rather than wait at a password prompt.
>
> I'm using OpenSSH version 5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007 on both client and server.
>
> I'm using this command:
>
> ssh root@IP -o PasswordAuthentication=no KbdInteractiveAuthentication=no
>
> This works for most servers, but not all (on some of them the script halts at a password prompt). I suspect those servers may run an older version of SSH which doesn't support the options I'm providing. Any ideas? Thanks for any help.

try

ssh root@IP -o PreferredAuthentications=publickey $command


And if you can write Perl, check also the Net::OpenSSH and
Net::OpenSSH::Parallel modules.

http://search.cpan.org/~salva/Net-OpenSSH-0.47/lib/Net/OpenSSH.pm
http://search.cpan.org/~salva/Net-OpenSSH-Parallel-0.06/lib/Net/OpenSSH/Parallel.pm

- Salva

This worked, thanks a lot! :)


On 20 Apr 2010, at 10:23, Salvador Fandino wrote:

> On 04/19/2010 03:16 PM, Jannik Sundø wrote:
>> Hi all,
>>
>> I'm writing a script which will log into a list of servers if they have public/private keypairs set up. If a server doesn't, I want the script to move on to the next server rather than wait at a password prompt.
>>
>> I'm using OpenSSH version 5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007 on both client and server.
>>
>> I'm using this command:
>>
>> ssh root@IP -o PasswordAuthentication=no KbdInteractiveAuthentication=no
>>
>> This works for most servers, but not all (on some of them the script halts at a password prompt). I suspect those servers may run an older version of SSH which doesn't support the options I'm providing. Any ideas? Thanks for any help.
>>
>> Jannik
>>
>
> try
>
> ssh root@IP -o PreferredAuthentications=publickey $command
>
>
> - Salva
>


Jannik Sundø
Junior Network Engineer
Sohonet Limited http://www.sohonet.co.uk
Registered no. 3132110 England/Wales
t: +44 (0)20 7292 6900
f: +44 (0)20 7292 6901

24/7 support:
UK: +44 (0)20 7292 6909
US: +001 310 449 8610
AU: 1800 77 5280

The information in this email may contain confidential and/or privileged material. Any copying, dissemination or other use by any person other than the intended recipient is prohibited. If you have received this email in error, please contact the sender and delete the material from your computer. Thank you.

The PreferredAuthentications=publickey option worked, but thanks for this tip as well. :)


On 20 Apr 2010, at 21:18, emf@amhran.net wrote:

>> On Mon, Apr 19, 2010 at 02:16:46PM +0100, Jannik Sundø wrote:
>>> I'm writing a script which will log into a list of servers if they
>>> have public/private keypairs set up. If a server doesn't, I want the
>>> script to move on to the next server rather than wait at a password
>>> prompt.
>>>
>>> I'm using this command:
>>> ssh root@IP -o PasswordAuthentication=no KbdInteractiveAuthentication=no
>
> Found elsewhere on the web and modified.... in bash,
>
> ( ssh root@IP -o PasswordAuthentication=no KbdInteractiveAuthentication=no
> ) & sleep 5 ; kill $!
>
> Assuming whatever you're doing on the list of servers will take 5 seconds
> to complete and continue.. if not, replace the 5 in the sleep with however
> long it will take to complete the task.
>
> If it hangs at a password prompt, it'll only hang for the sleep timer and
> then continue on.


Jannik Sundø
Junior Network Engineer
Sohonet Limited http://www.sohonet.co.uk
Registered no. 3132110 England/Wales
t: +44 (0)20 7292 6900
f: +44 (0)20 7292 6901

24/7 support:
UK: +44 (0)20 7292 6909
US: +001 310 449 8610
AU: 1800 77 5280

The information in this email may contain confidential and/or privileged material. Any copying, dissemination or other use by any person other than the intended recipient is prohibited. If you have received this email in error, please contact the sender and delete the material from your computer. Thank you.

Hi Derek,

This one worked nicely. Didn't see that one in the ssh_config man. Thanks.

Jannik

On 20 Apr 2010, at 02:44, Derek Martin wrote:

> On Mon, Apr 19, 2010 at 02:16:46PM +0100, Jannik Sundø wrote:
>> I'm writing a script which will log into a list of servers if they
>> have public/private keypairs set up. If a server doesn't, I want the
>> script to move on to the next server rather than wait at a password
>> prompt.
>>
>> I'm using this command:
>> ssh root@IP -o PasswordAuthentication=no KbdInteractiveAuthentication=no
>
> You might also try BatchMode=yes, though I would expect if the above
> doesn't work, that wouldn't either. Worth a shot maybe.
>
> --
> Derek D. Martin
> http://www.pizzashack.org/
> GPG Key ID: 0x81CFE75D
>


Jannik Sundø
Junior Network Engineer
Sohonet Limited http://www.sohonet.co.uk
Registered no. 3132110 England/Wales
t: +44 (0)20 7292 6900
f: +44 (0)20 7292 6901

24/7 support:
UK: +44 (0)20 7292 6909
US: +001 310 449 8610
AU: 1800 77 5280

The information in this email may contain confidential and/or privileged material. Any copying, dissemination or other use by any person other than the intended recipient is prohibited. If you have received this email in error, please contact the sender and delete the material from your computer. Thank you.