Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Public key authentication not working

from [J. David Blackstone] Network Security [Permanent Link]
Subject: Public key authentication not working
Date: Fri, 15 Apr 2005 14:04:34 +0000 

  (I sent this message yesterday, from my work address, but it doesn't seem to 
have made it to the list.  I presume that means HTML messages are being 
silently rejected.  Maybe I can use this to finally convince somebody at my 
company that automatically converting outgoing messages to HTML should be 
stopped.)

  I'm unable to get public key authentication set up to work on a remote server 
on which I do not have administrative privileges.  Given the debugging 
information below, can anyone tell me what is going wrong?

  The remote server administrator has checked, and the sshd configuration file 
does not appear to contain "RSAAuthentication no" or "PubkeyAuthentication no." 
 (I may be barking up the wrong tree with these options.  Please let me know.)  
The file does contain "#RSAAuthentication yes," but I presume the fact that the 
line is commented out is not a problem because I presume that is the default.

  In the course of trying to get this to work, I have tried DSA, RSA, and SSH1 
keys in several locations, including remotehost:~.ssh/authorized_keys2 and 
remotehost:~.ssh/authorized_keys.

  I've looked at the permissions on the directories, and I don't think there 
was a problem (will send the output of ls -l if anyone thinks it will help).

Script started on Thu Apr 14 12:58:35 2005
h:w $ ssh -vvv <myuserid>@<myipaddress>
OpenSSH_3.0.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 102 geteuid 102 anon 1
debug1: Connecting to <myipaddress> [<myipaddress>] port 22.
debug1: temporarily_use_uid: 102/1 (e=102)
debug1: restore_uid
debug1: temporarily_use_uid: 102/1 (e=102)
debug1: restore_uid
debug1: Connection established.
debug1: identity file /usr/local/.ssh/identity type 0
debug3: Not a RSA1 key file /usr/local/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: no key found
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: no key found
debug1: identity file /usr/local/.ssh/id_rsa type 1
debug3: Not a RSA1 key file /usr/local/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: no key found
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: no key found
debug1: identity file /usr/local/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.8.1p1
debug1: match: OpenSSH_3.8.1p1 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.0.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: 
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: 
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: 
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: 
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: 
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: 
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 118/256
debug1: bits set: 1050/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /usr/local/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 78
debug1: Host '<myipaddress>' is known and matches the RSA host key.
debug1: Found key in /usr/local/.ssh/known_hosts:78
debug1: bits set: 1065/2048
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: 
publickey,password,keyboard-interactive,hostbased
debug3: start over, passed a different list 
publickey,password,keyboard-interactive,hostbased
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug1: try pubkey: /usr/local/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: 
publickey,password,keyboard-interactive,hostbased
debug1: try pubkey: /usr/local/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: 
publickey,password,keyboard-interactive,hostbased
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: next auth method to try is keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: authentications that can continue: 
publickey,password,keyboard-interactive,hostbased
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: 
debug3: authmethod_is_enabled password
debug1: next auth method to try is password
<myuserid>@<myipaddress>'s password: 
debug1: packet_send2: adding 64 (len 52 padlen 12 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: authentications that can continue: 
publickey,password,keyboard-interactive,hostbased
Permission denied, please try again.
<myuserid>@<myipaddress>'s password: 
debug1: packet_send2: adding 64 (len 52 padlen 12 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: authentications that can continue: 
publickey,password,keyboard-interactive,hostbased
Permission denied, please try again.
<myuserid>@<myipaddress>'s password: 
debug1: packet_send2: adding 64 (len 52 padlen 12 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: authentications that can continue: 
publickey,password,keyboard-interactive,hostbased
debug2: we did not send a packet, disable method
debug1: no more auth methods to try
Permission denied (publickey,password,keyboard-interactive,hostbased).
debug1: Calling cleanup 0x3dbc8(0x0)
h:w $ ^D

script done on Thu Apr 14 12:58:43 2005
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Public key authentication not working, J. David Blackstone <=
Previous by Date:  could not load host keys any idea?, erwan . carniaux
Next by Date:  Re: OpenSSH question of server keys on FreeBSD --> Solution, joel d
Previous by Thread:  could not load host keys any idea?, erwan . carniaux
Next by Thread:  publickey/password login, David E. Meier
Indexes:  [Date] [Thread] [Top] [All Lists]