Paul W. Roach III on 21 Jul 2010 07:51:11 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Problems with password-less SSH

  • From: "Paul W. Roach III" <paul@isaroach.com>
  • To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
  • Subject: Re: [PLUG] Problems with password-less SSH
  • Date: Wed, 21 Jul 2010 10:51:05 -0400
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:content-type; bh=i0ISR7kAl7Y+HVRhHTPyIzwve3STcSHry+/BQJf0fQU=; b=EmALkbAt/TCx7gS7BleBvcUkcTVUlOMDXUyJ+0UWaovBpdJCuAi7wOO9mZwwZLCqux OaFslheYVhm6Y/87iAGoWi0aIboJEGTBXBnX8236HnZ0IthggCksVJoncDu+Fl0GrE6H 1LNIAeXIkAH3eWM6yZPet6ItESwkPq7SGDs3M=
  • Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
  • Sender: plug-bounces@lists.phillylinux.org

Check /var/log/secure on the server side for SSHD debug messages -- I believe that's where sshd messages go by default on most systems.

On Wed, Jul 21, 2010 at 10:42 AM, Mike Leone <turgon@mike-leone.com> wrote:
On 7/21/2010 10:35 AM, Kyle R. Burton had this to say:

One thing that often gets me is to ensure that FileCollector's .ssh
directory is 700, and that the files within it are 600.

They are.

I know I'm being pedantic - but they need to be this way on both
boxes...and what I see below makes me think the perms are correct...

If I understood it all, I'm sure it would be helpful. :-) I saw this (from a
single -v):

debug1: Host '192.168.1.30' is known and matches the RSA host key.
debug1: Found key in /home/vadmin/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: An invalid name was supplied
Cannot determine realm for numeric host address

Googling for that (An invalid name was supplied) returned this:

  http://www.webmasterworld.com/forum40/1350.htm

which mentions 'verifyreversemapping' in the sshd_config - is that set to 'yes'?

Don't see that line at all, in either sshd_config.




debug1: An invalid name was supplied
Cannot determine realm for numeric host address

debug1: An invalid name was supplied


debug1: Next authentication method: publickey

That it's trying the keys is a good sign that the permissions are correct...

Well, that's something, I suppose. :-)

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug