Results 1 to 4 of 4

Thread: Passphraseless SSH not working, proly misconfigured network

  1. #1
    Join Date
    Jul 2008
    Beans
    87

    Passphraseless SSH not working, proly misconfigured network

    I'm at wits end. I have multiple ubuntu 9.04 systems at school that I am trying to set up a hadoop cluster on. On one computer everything, so far, is working fine. The other computer I've had multiple headaches with. The current headache is that I can't get passphraseless ssh up and running on it.

    I've tried
    Code:
    ssh-keygen -t rsa -P ""
    cat $HOME/.ssh/id_rsa.pub >> $HOME/.ssh/authorized_keys
    ssh localhost
    as well as
    Code:
    ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
    cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
    ssh localhost
    In between attempts I've deleted the entire contents of $HOME/.ssh/
    I've even verified that /etc/ssh/sshd_config hasn't been screwed (I think)
    Code:
    # Package generated configuration file
    # See the sshd(8) manpage for details
    
    # What ports, IPs and protocols we listen for
    Port 22
    # Use these options to restrict which interfaces/protocols sshd will bind to
    #ListenAddress ::
    #ListenAddress 0.0.0.0
    Protocol 2
    # HostKeys for protocol version 2
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_dsa_key
    #Privilege Separation is turned on for security
    UsePrivilegeSeparation yes
    
    # Lifetime and size of ephemeral version 1 server key
    KeyRegenerationInterval 3600
    ServerKeyBits 768
    
    # Logging
    SyslogFacility AUTH
    LogLevel INFO
    
    # Authentication:
    LoginGraceTime 120
    PermitRootLogin yes
    StrictModes yes
    
    RSAAuthentication yes
    PubkeyAuthentication yes
    #AuthorizedKeysFile     %h/.ssh/authorized_keys
    
    # Don't read the user's ~/.rhosts and ~/.shosts files
    IgnoreRhosts yes
    # For this to work you will also need host keys in /etc/ssh_known_hosts
    RhostsRSAAuthentication no
    # similar for protocol version 2
    HostbasedAuthentication no
    # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
    #IgnoreUserKnownHosts yes
    
    # To enable empty passwords, change to yes (NOT RECOMMENDED)
    PermitEmptyPasswords no
    
    # Change to yes to enable challenge-response passwords (beware issues with
    # some PAM modules and threads)
    ChallengeResponseAuthentication no
    
    # Change to no to disable tunnelled clear text passwords
    #PasswordAuthentication yes
    
    # Kerberos options
    #KerberosAuthentication no
    #KerberosGetAFSToken no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    
    # GSSAPI options
    #GSSAPIAuthentication no
    #GSSAPICleanupCredentials yes
    
    X11Forwarding yes
    X11DisplayOffset 10
    PrintMotd no
    PrintLastLog yes
    TCPKeepAlive yes
    #UseLogin no
    
    #MaxStartups 10:30:60
    #Banner /etc/issue.net
    
    # Allow client to pass locale environment variables
    AcceptEnv LANG LC_*
    
    Subsystem sftp /usr/lib/openssh/sftp-server
    
    UsePAM yes
    and that the /etc/ssh/ssh_config is ok.
    Code:
    # This is the ssh client system-wide configuration file.  See
    # ssh_config(5) for more information.  This file provides defaults for
    # users, and the values can be changed in per-user configuration files
    # or on the command line.
    
    # Configuration data is parsed as follows:
    #  1. command line options
    #  2. user-specific file
    #  3. system-wide file
    # Any configuration value is only changed the first time it is set.
    # Thus, host-specific definitions should be at the beginning of the
    # configuration file, and defaults at the end.
    
    # Site-wide defaults for some commonly used options.  For a comprehensive
    # list of available options, their meanings and defaults, please see the
    # ssh_config(5) man page.
    
    Host *
    #   ForwardAgent no
    #   ForwardX11 no
    #   ForwardX11Trusted yes
    #   RhostsRSAAuthentication no
    #   RSAAuthentication yes
    #   PasswordAuthentication yes
    #   HostbasedAuthentication no
    #   GSSAPIAuthentication no
    #   GSSAPIDelegateCredentials no
    #   GSSAPIKeyExchange no
    #   GSSAPITrustDNS no
    #   BatchMode no
    #   CheckHostIP yes
    #   AddressFamily any
    #   ConnectTimeout 0
    #   StrictHostKeyChecking ask
    #   IdentityFile ~/.ssh/identity
    #   IdentityFile ~/.ssh/id_rsa
    #   IdentityFile ~/.ssh/id_dsa
    #   Port 22
    #   Protocol 2,1
    #   Cipher 3des
    #   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
    #   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
    #   EscapeChar ~
    #   Tunnel no
    #   TunnelDevice any:any
    #   PermitLocalCommand no
        SendEnv LANG LC_*
        HashKnownHosts yes
        GSSAPIAuthentication yes
        GSSAPIDelegateCredentials no
    I don't think that "# RSAAuthentication yes" being commented out is a problem as the working configuration has that commented out.

    However, no matter what I do I still keep getting asked for the password.
    Code:
    ssh -vvv localhost
    OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to localhost [::1] port 22.
    debug1: connect to address ::1 port 22: Connection refused
    debug1: Connecting to localhost [127.0.0.1] port 22.
    debug1: Connection established.
    debug1: identity file /home/hadoop/.ssh/identity type -1
    debug3: Not a RSA1 key file /home/hadoop/.ssh/id_rsa.
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug3: key_read: missing keytype
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug2: key_type_from_name: unknown key type '-----END'
    debug3: key_read: missing keytype
    debug1: identity file /home/hadoop/.ssh/id_rsa type 1
    debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
    debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
    debug1: identity file /home/hadoop/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version lshd-2.0.4 lsh - a GNU ssh
    debug1: no match: lshd-2.0.4 lsh - a GNU ssh
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1
    debug2: fd 3 setting O_NONBLOCK
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: first_kex_follows 0 
    debug2: kex_parse_kexinit: reserved 0 
    debug2: kex_parse_kexinit: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,spki-sign-rsa
    debug2: kex_parse_kexinit: aes256-cbc,3des-cbc,blowfish-cbc,arcfour
    debug2: kex_parse_kexinit: aes256-cbc,3des-cbc,blowfish-cbc,arcfour
    debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
    debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: first_kex_follows 0 
    debug2: kex_parse_kexinit: reserved 0 
    debug2: mac_setup: found hmac-md5
    debug1: kex: server->client 3des-cbc hmac-md5 none
    debug2: mac_setup: found hmac-md5
    debug1: kex: client->server 3des-cbc hmac-md5 none
    debug2: dh_gen_key: priv key bits set: 192/384
    debug2: bits set: 1012/2048
    debug1: sending SSH2_MSG_KEXDH_INIT
    debug1: expecting SSH2_MSG_KEXDH_REPLY
    debug3: check_host_in_hostfile: filename /home/hadoop/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 1
    debug1: Host 'localhost' is known and matches the RSA host key.
    debug1: Found key in /home/hadoop/.ssh/known_hosts:1
    debug2: bits set: 1029/2048
    debug1: ssh_rsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /home/hadoop/.ssh/identity ((nil))
    debug2: key: /home/hadoop/.ssh/id_rsa (0x7f51c78b9920)
    debug2: key: /home/hadoop/.ssh/id_dsa ((nil))
    debug1: Authentications that can continue: password,publickey
    debug3: start over, passed a different list password,publickey
    debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/hadoop/.ssh/identity
    debug3: no such identity: /home/hadoop/.ssh/identity
    debug1: Offering public key: /home/hadoop/.ssh/id_rsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue: password,publickey
    debug1: Trying private key: /home/hadoop/.ssh/id_dsa
    debug3: no such identity: /home/hadoop/.ssh/id_dsa
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup password
    debug3: remaining preferred: ,password
    debug3: authmethod_is_enabled password
    debug1: Next authentication method: password
    hadoop@localhost's password:
    I have an inkling that there is some problem with the network configuration etc.
    Here is my /etc/hosts
    Code:
    #127.0.0.1	localhost.localdomain	localhost
    
    #attempt to get rid of "sudo: unable to resolve host port134pc30
    127.0.0.1	port134pc30 localhost.localdomain	localhost 
    
    #127.0.1.1	ubuntu.ubuntu-domain	ubuntu
    
    #attempt to get rid of "sudo: unable to resolve host port134pc30
    127.0.1.1	ubuntu.ubuntu-domain port134pc30 
    
    
    # The following lines are desirable for IPv6 capable hosts
    ::1     localhost ip6-localhost ip6-loopback
    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
    ff02::3 ip6-allhosts
    Port134 in the computer name is actually the name of the room that the computers are in and has nothing to do with the actual port. Above you can see that I had to change the file once to get rid of a "unable to resolve host" error that was preventing proper operation of Hadoop.

    So I have a hunch that the passphraseless ssh would work if I had the network configured properly. I'd like to re-install Ubuntu on this computer but I'm not sure I have that ability. (I also have this perverse need to know what is going wrong so I can fix it should this problem crop up again.)

    I really don't know much about configuring the network etc so I need help in that arena. I have no idea what might have been modified on this computer since the previous student who administered the machine is now gone.



    Any thoughts ubuntuers? Any help much appreciated.

  2. #2
    Join Date
    Jan 2009
    Beans
    Hidden!
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: Passphraseless SSH not working, proly misconfigured network

    i'm having a similar problem as mentioned here although i did have mine working but now it has stopped after reconfiguring my phone. admittedly it has been a few months since i've used it, i wonder if there's been some sort of recent update to the ssh server that requires an additional step to configure that we're missing?

  3. #3
    Join Date
    Jul 2008
    Beans
    87

    Re: Passphraseless SSH not working, proly misconfigured network

    I don't really know what the problem was but I went into Synaptic and completely removed openssh-server (which waterfalled into removing lam-runtime, lsh-server) and ssh.

    I then logged out and back in and installed openssh-server, lsh-server, and ssh via Synaptic.

    This removal and installation didn't touch my .ssh folder and all the previously generated keys and hosts were still there.
    I tried to ssh localhost and that failed due to a host key problem. I moved the known_hosts file to known_hosts.old and then 'ssh localhost' and accepted the key and then it worked.

    I'm not sure what was all gummed up but apparently removing and reinstalling ssh un-gummed up the system.

  4. #4
    Join Date
    Jan 2009
    Beans
    Hidden!
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: Passphraseless SSH not working, proly misconfigured network

    Quote Originally Posted by InkyDinky View Post
    I don't really know what the problem was but I went into Synaptic and completely removed openssh-server (which waterfalled into removing lam-runtime, lsh-server) and ssh.

    I then logged out and back in and installed openssh-server, lsh-server, and ssh via Synaptic.

    This removal and installation didn't touch my .ssh folder and all the previously generated keys and hosts were still there.
    I tried to ssh localhost and that failed due to a host key problem. I moved the known_hosts file to known_hosts.old and then 'ssh localhost' and accepted the key and then it worked.

    I'm not sure what was all gummed up but apparently removing and reinstalling ssh un-gummed up the system.
    i'm not at home at the minute and can't get my phone o connect to the network here but i'll try that next week.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •