Welcome to the Linux Foundation Forum!

Unable to complete the last part of Lab 5.3


Hi there,


 


I am unable to complete the last part of Lab 5.3. 


 

I have editied /etc/ssh/sshd_config and made sure this line is present: PermitRootLogin without-password

 



I have copied the authorized_keys to /root/.ssh/authorized_keys and checked user and group permissions.


 


     # cat /home/student/.ssh/authorized_keys >> /root/.ssh/authorized_keys

     # chown root.root /root/.ssh/authorized_keys

     # chmod 640 /root/.ssh/authorized_keys



 



I receive permission denied when attempting to log into host garply again.


     $ ssh garply



 


 


I could ssh to garply up until PermitRootLogin is changed to without-password in /etc/ssh/sshd_config.


 


I can ssh to garply but I receive permission denied.


 


I can ssh to localhost and connect with a password.


 


For my lab machine I am using CentOS 7 (Build 1511). 



 


I verified that the authorized_keys copied to /root/.ssh folder and that the permissions and owner is set according to the lab notes.


 


I verified that the ssh config file in $HOME/.ssh/ contains input from exercise 5.2:


host garply


     hostname localhost


     user root


host *


     ForwardX11 yes


 


 


Can you please help me?


 


 

Comments

  • lee42x
    lee42x Posts: 380

    Hello, Let's see if we can get his lab functioning for you. It sounds like the ssh keys are not being  used when ssh is run. We use the keys created in step 5.1 in step 5.3.

    Can you verify that in step 5.1-2 after copying student's public key to the authorized_keys fle with ssh-copy-id that you were able to "ssh student@localhost" without providing a password?  If you have to provide a password there is a problem. Additional information is available from ssh using the "-v or -vv" option. 

     

  • Hi lee42x,

    I have reviewed the steps in lab 5.1 again.

    The first ssh session does not prompt for a password.

    It prompts for a password in substequent connections after the first session is exited.

    Below is the output from lab 5.1. I used script to record output to log files.

     

    /* $ ssh-keygen -t rsa -f $HOME/.ssh/id-rsa */

    [student@localhost ~]$ ssh-keygen -t rsa -f |[K£[K$HOME//,[K[K.ssh.[K/id-rsa[C[1@ [1@-[1@v

    Generating public/private rsa key pair.

    Created directory '/home/student/.ssh'.

    Enter passphrase (empty for no passphrase): 

    Enter same passphrase again: 

    Your identification has been saved in /home/student/.ssh/id-rsa.

    Your public key has been saved in /home/student/.ssh/id-rsa.pub.

    The key fingerprint is:

    e3:42:e1:bf:9b:dc:de:b3:29:43:93:16:11:e0:7b:da student@localhost.localdomain

    The key's randomart image is:

    +--[ RSA 2048]----+

    |        ....     |

    |       .  .      |

    |      . .  .     |

    |     . . ..      |

    |      o S .o     |

    |     . o ==      |

    |      . +oE.     |

    |       o +o...   |

    |        =ooo+o   |

    +-----------------+

     

    /* eval $(ssh-agent) */

    [student@localhost ~]$ eval $()s)s)h)-)a)g)e)n)t)

    Agent pid 2453

     

    /* ssh-add $HOME/.ssh/id-rsa */

    [student@localhost ~]$ ssh-add $HOME/.ssh/id-rsa

    Identity added: /home/student/.ssh/id-rsa (/home/student/.ssh/id-rsa)

     

    /* ssh-copy-id student@localhost */

    [student@localhost ~]$ ssh-copy-id student"[K@localhost

    The authenticity of host 'localhost (::1)' can't be established.

    ECDSA key fingerprint is fa:5a:6b:81:76:3a:36:c1:6e:8d:4f:7b:f1:2d:a7:12.

    Are you sure you want to continue connecting (yes/no)? yes

    /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

    /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

    student@localhost's password: 

    Number of key(s) added: 1

    Now try logging into the machine, with:   "ssh 'student@localhost'"

    and check to make sure that only the key(s) you wanted were added.

     

    /* ssh student@localhost (first connection - no prompt received for password) */

    [student@localhost ~]$ ssh -vv /[Kstudent"[K@localhost

    OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013

    debug1: Reading configuration data /etc/ssh/ssh_config

    debug1: /etc/ssh/ssh_config line 56: Applying options for *

    debug2: ssh_connect: needpriv 0

    debug1: Connecting to localhost [::1] port 22.

    debug1: Connection established.

    debug1: identity file /home/student/.ssh/id_rsa type -1

    debug1: identity file /home/student/.ssh/id_rsa-cert type -1

    debug1: identity file /home/student/.ssh/id_dsa type -1

    debug1: identity file /home/student/.ssh/id_dsa-cert type -1

    debug1: identity file /home/student/.ssh/id_ecdsa type -1

    debug1: identity file /home/student/.ssh/id_ecdsa-cert type -1

    debug1: identity file /home/student/.ssh/id_ed25519 type -1

    debug1: identity file /home/student/.ssh/id_ed25519-cert type -1

    debug1: Enabling compatibility mode for protocol 2.0

    debug1: Local version string SSH-2.0-OpenSSH_6.6.1

    debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1

    debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000

    debug2: fd 3 setting O_NONBLOCK

    debug1: SSH2_MSG_KEXINIT sent

    debug1: SSH2_MSG_KEXINIT received

    debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

    debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss

    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

    debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

    debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

    debug2: kex_parse_kexinit: 

    debug2: kex_parse_kexinit: 

    debug2: kex_parse_kexinit: first_kex_follows 0 

    debug2: kex_parse_kexinit: reserved 0 

    debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

    debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519

    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

    debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

    debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

    debug2: kex_parse_kexinit: none,zlib@openssh.com

    debug2: kex_parse_kexinit: none,zlib@openssh.com

    debug2: kex_parse_kexinit: 

    debug2: kex_parse_kexinit: 

    debug2: kex_parse_kexinit: first_kex_follows 0 

    debug2: kex_parse_kexinit: reserved 0 

    debug2: mac_setup: setup hmac-md5-etm@openssh.com

    debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none

    debug2: mac_setup: setup hmac-md5-etm@openssh.com

    debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none

    debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16

    debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16

    debug1: sending SSH2_MSG_KEX_ECDH_INIT

    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

    debug1: Server host key: ECDSA fa:5a:6b:81:76:3a:36:c1:6e:8d:4f:7b:f1:2d:a7:12

    debug1: Host 'localhost' is known and matches the ECDSA host key.

    debug1: Found key in /home/student/.ssh/known_hosts:1

    debug1: ssh_ecdsa_verify: signature correct

    debug2: kex_derive_keys

    debug2: set_newkeys: mode 1

    debug1: SSH2_MSG_NEWKEYS sent

    debug1: expecting SSH2_MSG_NEWKEYS

    debug2: set_newkeys: mode 0

    debug1: SSH2_MSG_NEWKEYS received

    debug1: Roaming not allowed by server

    debug1: SSH2_MSG_SERVICE_REQUEST sent

    debug2: service_accept: ssh-userauth

    debug1: SSH2_MSG_SERVICE_ACCEPT received

    debug2: key: /home/student/.ssh/id-rsa (0x7f8d08e7e8f0),

    debug2: key: /home/student/.ssh/id_rsa ((nil)),

    debug2: key: /home/student/.ssh/id_dsa ((nil)),

    debug2: key: /home/student/.ssh/id_ecdsa ((nil)),

    debug2: key: /home/student/.ssh/id_ed25519 ((nil)),

    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password

    debug1: Next authentication method: gssapi-keyex

    debug1: No valid Key exchange context

    debug2: we did not send a packet, disable method

    debug1: Next authentication method: gssapi-with-mic

    debug1: Unspecified GSS failure.  Minor code may provide more information

    No Kerberos credentials available



    debug1: Unspecified GSS failure.  Minor code may provide more information

    No Kerberos credentials available



    debug1: Unspecified GSS failure.  Minor code may provide more information

     

    debug1: Unspecified GSS failure.  Minor code may provide more information

    No Kerberos credentials available



    debug2: we did not send a packet, disable method

    debug1: Next authentication method: publickey

    debug1: Offering RSA public key: /home/student/.ssh/id-rsa

    debug2: we sent a publickey packet, wait for reply

    debug1: Server accepts key: pkalg ssh-rsa blen 279

    debug2: input_userauth_pk_ok: fp e3:42:e1:bf:9b:dc:de:b3:29:43:93:16:11:e0:7b:da

    debug1: Authentication succeeded (publickey).

    Authenticated to localhost ([::1]:22).

    debug1: channel 0: new [client-session]

    debug2: channel 0: send open

    debug1: Requesting no-more-sessions@openssh.com

    debug1: Entering interactive session.

    debug2: callback start

    debug2: fd 3 setting TCP_NODELAY

    debug2: client_session2_setup: id 0

    debug2: channel 0: request pty-req confirm 1

    debug1: Sending environment.

    debug1: Sending env LANG = en_GB.UTF-8

    debug2: channel 0: request env confirm 0

    debug2: channel 0: request shell confirm 1

    debug2: callback done

    debug2: channel 0: open confirm rwindow 0 rmax 32768

    debug2: channel_input_status_confirm: type 99 id 0

    debug2: PTY allocation request accepted on channel 0

    debug2: channel 0: rcvd adjust 2097152

    debug2: channel_input_status_confirm: type 99 id 0

    debug2: shell request accepted on channel 0

    Last login: Thu Aug  4 12:59:27 2016

     

    /* id */

    [student@localhost ~]$ id

    uid=1000(student) gid=1000(student) groups=1000(student),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

     

    /* exit */

    [student@localhost ~]$ exitdebug1: client_input_channel_req: channel 0 rtype exit-status reply 0

    debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0

    debug2: channel 0: rcvd eow

    debug2: channel 0: close_read

    debug2: channel 0: input open -> closed

    debug2: channel 0: rcvd eof

    debug2: channel 0: output open -> drain

    debug2: channel 0: rcvd close

    logout

    debug2: channel 0: obuf empty

    debug2: channel 0: close_write

    debug2: channel 0: output drain -> closed

    debug2: channel 0: almost dead

    debug2: channel 0: gc: notify user

    debug2: channel 0: gc: user detached

    debug2: channel 0: send close

    debug2: channel 0: is dead

    debug2: channel 0: garbage collecting

    debug1: channel 0: free: client-session, nchannels 1

    Connection to localhost closed.

    Transferred: sent 2924, received 2648 bytes, in 2.3 seconds

    Bytes per second: sent 1252.8, received 1134.6

    debug1: Exit status 0

     

    /* ssh student@localhost (subsequent connections - Prompt received for password) */

    [student@localhost ~]$ ssh -vv student"[K@localhost

    OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013

    debug1: Reading configuration data /etc/ssh/ssh_config

    debug1: /etc/ssh/ssh_config line 56: Applying options for *

    debug2: ssh_connect: needpriv 0

    debug1: Connecting to localhost [::1] port 22.

    debug1: Connection established.

    debug1: identity file /home/student/.ssh/id_rsa type -1

    debug1: identity file /home/student/.ssh/id_rsa-cert type -1

    debug1: identity file /home/student/.ssh/id_dsa type -1

    debug1: identity file /home/student/.ssh/id_dsa-cert type -1

    debug1: identity file /home/student/.ssh/id_ecdsa type -1

    debug1: identity file /home/student/.ssh/id_ecdsa-cert type -1

    debug1: identity file /home/student/.ssh/id_ed25519 type -1

    debug1: identity file /home/student/.ssh/id_ed25519-cert type -1

    debug1: Enabling compatibility mode for protocol 2.0

    debug1: Local version string SSH-2.0-OpenSSH_6.6.1

    debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1

    debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000

    debug2: fd 3 setting O_NONBLOCK

    debug1: SSH2_MSG_KEXINIT sent

    debug1: SSH2_MSG_KEXINIT received

    debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

    debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss

    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

    debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

    debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

    debug2: kex_parse_kexinit: 

    debug2: kex_parse_kexinit: 

    debug2: kex_parse_kexinit: first_kex_follows 0 

    debug2: kex_parse_kexinit: reserved 0 

    debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

    debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519

    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

    debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

    debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

    debug2: kex_parse_kexinit: none,zlib@openssh.com

    debug2: kex_parse_kexinit: none,zlib@openssh.com

    debug2: kex_parse_kexinit: 

    debug2: kex_parse_kexinit: 

    debug2: kex_parse_kexinit: first_kex_follows 0 

    debug2: kex_parse_kexinit: reserved 0 

    debug2: mac_setup: setup hmac-md5-etm@openssh.com

    debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none

    debug2: mac_setup: setup hmac-md5-etm@openssh.com

    debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none

    debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16

    debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16

    debug1: sending SSH2_MSG_KEX_ECDH_INIT

    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

    debug1: Server host key: ECDSA fa:5a:6b:81:76:3a:36:c1:6e:8d:4f:7b:f1:2d:a7:12

    debug1: Host 'localhost' is known and matches the ECDSA host key.

    debug1: Found key in /home/student/.ssh/known_hosts:1

    debug1: ssh_ecdsa_verify: signature correct

    debug2: kex_derive_keys

    debug2: set_newkeys: mode 1

    debug1: SSH2_MSG_NEWKEYS sent

    debug1: expecting SSH2_MSG_NEWKEYS

    debug2: set_newkeys: mode 0

    debug1: SSH2_MSG_NEWKEYS received

    debug1: Roaming not allowed by server

    debug1: SSH2_MSG_SERVICE_REQUEST sent

    debug2: service_accept: ssh-userauth

    debug1: SSH2_MSG_SERVICE_ACCEPT received

    debug2: key: /home/student/.ssh/id_rsa ((nil)),

    debug2: key: /home/student/.ssh/id_dsa ((nil)),

    debug2: key: /home/student/.ssh/id_ecdsa ((nil)),

    debug2: key: /home/student/.ssh/id_ed25519 ((nil)),

    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password

    debug1: Next authentication method: gssapi-keyex

    debug1: No valid Key exchange context

    debug2: we did not send a packet, disable method

    debug1: Next authentication method: gssapi-with-mic

    debug1: Unspecified GSS failure.  Minor code may provide more information

    No Kerberos credentials available



    debug1: Unspecified GSS failure.  Minor code may provide more information

    No Kerberos credentials available



    debug1: Unspecified GSS failure.  Minor code may provide more information

     

    debug1: Unspecified GSS failure.  Minor code may provide more information

    No Kerberos credentials available



    debug2: we did not send a packet, disable method

    debug1: Next authentication method: publickey

    debug1: Trying private key: /home/student/.ssh/id_rsa

    debug1: Trying private key: /home/student/.ssh/id_dsa

    debug1: Trying private key: /home/student/.ssh/id_ecdsa

    debug1: Trying private key: /home/student/.ssh/id_ed25519

    debug2: we did not send a packet, disable method

    debug1: Next authentication method: password

    student@localhost's password: 

    debug2: we sent a password packet, wait for reply

    debug1: Authentication succeeded (password).

    Authenticated to localhost ([::1]:22).

    debug1: channel 0: new [client-session]

    debug2: channel 0: send open

    debug1: Requesting no-more-sessions@openssh.com

    debug1: Entering interactive session.

    debug2: callback start

    debug2: fd 3 setting TCP_NODELAY

    debug2: client_session2_setup: id 0

    debug2: channel 0: request pty-req confirm 1

    debug1: Sending environment.

    debug1: Sending env LANG = en_GB.UTF-8

    debug2: channel 0: request env confirm 0

    debug2: channel 0: request shell confirm 1

    debug2: callback done

    debug2: channel 0: open confirm rwindow 0 rmax 32768

    debug2: channel_input_status_confirm: type 99 id 0

    debug2: PTY allocation request accepted on channel 0

    debug2: channel 0: rcvd adjust 2097152

    debug2: channel_input_status_confirm: type 99 id 0

    debug2: shell request accepted on channel 0

    Last login: Thu Aug  4 13:03:25 2016 from localhost

  • lee42x
    lee42x Posts: 380
    edited August 2016

    I was able to duplicate the issue.

    Please examine the last 20 (or so) lines of the  /var/log/secure file, I believe the answer should be there.

    $ sudo grep ssh /var/log/secure | tail -n20 

    Look for "Authentication Refused", it should indicate the permissions are incorrect on the $HOME/.ssh directory. 

    Check &  change the permissions on the .ssh directory

    $ chmod 700 $HOME/.ssh

    And it should function.

    Thanks, keep us posted.

  • fortisvir
    fortisvir Posts: 6
    edited August 2016

    Hi lee42x,

    I changed the permissions but It still appears to be prompting for a password after the system is rebooted. 

    I have been able to resolve the issue by removing the custom file location parameter from ssh-keygen. The prompt for a password after the sshd service is restarted or when the system is rebooted no longer appears.

    $ ssh-keygen -t rsa (instead of $ ssh-keygen -t rsa -f $HOME/.ssh/id-rsa)

    $ eval $(ssh-agent)

    $ ssh-add $HOME/.ssh/id-rsa 

    $ ssh-copy-id student@localhost

    $ ssh student@localhost

    $ id

    $ exit

     

     

    The permissions on $HOME/.ssh are 700

     

    The permissions on files contained in $HOME/.ssh are:

    authorised_keys 600

    id_rsa 600

    id_rsa.pub 644

    known_hosts 644

     

    Thank you for your help.

  • Exercise 5.2 asks you to change the default username and create a host alias using the config file in $HOME/.ssh.

    On CentOS 7 the config file does not exist and has to be created. - sudo vi $HOME/.ssh/config

     

    When you ssh garply it will request a user password and authentication will fail becasue the root user (set in the config file) does not have a .ssh directory configured with authorisation_keys present. Removing user root from the config file allows ssh garply to connect.

    host garply

         hostname localhost

    host *

         ForwardX11 yes

     

  • In exercise 5.3 user root can be added back to $HOME/.ssh/config

    host garply

         hostname localhost

         user root

    host *

         ForwardX11 yes

     

    Copying only the authorized_keys file from /home/student/.ssh/ to /root/.ssh/ is not enough . The public key file ($HOME/.ssh/id_rsa.pub) is required to be copied to /root/.ssh/ in order for the ssh connection to work.

Categories

Upcoming Training