LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   ssh problem (https://www.linuxquestions.org/questions/slackware-14/ssh-problem-4175468835/)

geeth4sg 07-08-2013 02:49 AM
ssh problem
 
I am getting ssh error, below is the log of ssh

ebug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: degas-engineering/us-east/degas-engineering
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering public key: servertestingkey
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering public key: newgitserver
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering public key: herble
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering public key: server13
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering public key: server13s
Received disconnect from 54.224.79.75: 2: Too many authentication failures for root


Regards,
Sg..

acid_kewpie 07-08-2013 03:04 AM
You've not really said what your specific problem is here, but presumably it's because you're not getting a password prompt? You have a lot of private keys there and it basically looks like you're not managing them effectively. Conventionally you'd only use a single key for each client machine, so only have one key to offer, and then fall back to a password. from the names of the keys, i'm guessing you'rem adding all keys to all machines, so really your first plan of action is really to understand the architecture behind preshard keys properly, and then to remove all but one of the keys, possibly even deleting all of them on all servers and creating a new si gle one on a per machine basis.

geeth4sg 07-08-2013 04:18 AM
Chris,

Thanks for your suggestions.

I've configured ssh without password where servers are in ec2.

The below options are enabled in my client ssh .

/etc/ssh/ssh_config

IdentityFile /root/degas-engineering/us-east/degas-engineering


/etc/profile.d/ssh-agent.sh

SSHAGENT=/usr/bin/ssh-agent
SSHAGENTARGS="-s"
SSH_ENV="/root/.ssh/environment"

# start the ssh-agent
function start_agent {
#echo "Initializing new SSH agent..."
# spawn ssh-agent
ssh-agent | sed 's/^echo/#echo/' > "$SSH_ENV"
echo succeeded
chmod 600 "$SSH_ENV"
. "$SSH_ENV" > /dev/null
ssh-add
}


# Source SSH settings, if applicable

if [ -f "${SSH_ENV}" ]; then
. "${SSH_ENV}" > /dev/null
#ps ${SSH_AGENT_PID} doesn't work under cywgin
ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
start_agent;
}
else
start_agent;
fi

Server side:

/etc/ssh_config

StrictHostKeyChecking no

/etc/sshd_config

PasswordAuthentication no


I could login the another server with this key which is slackware 13.7.

I trying this for slack 14 64 bit.

Regards,
sg,,

acid_kewpie 07-08-2013 04:31 AM
yoru distribution of choice is irrlevant, SSH *MUST* work the same on any system.

are all your keys in /root/degas-engineering/us-east/degas-engineering then?

geeth4sg 07-08-2013 07:23 AM
Thanks for the reply...

In the below path have only one key ie : degas-engineering

/root/degas-engineering/us-east/degas-engineering

acid_kewpie 07-08-2013 07:35 AM
well that's not a key, that's a file that could contain multiple keys. Add a few more -v's to the ssh command and I think it'll say which file each key is coming from.

geeth4sg 07-09-2013 12:31 AM
this is the key Chris.. I could login another using this key.

Please find the below log..

debug1: identity file /root/degas-engineering/us-east/degas-engineering type 1
debug1: identity file /root/degas-engineering/us-east/degas-engineering-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5
debug1: match: OpenSSH_5.5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ec2-23-20-202-10.compute-1.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:82
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: degas-engineering/us-east/degas-engineering
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
Last login: Mon Jul 8 09:13:18 2013 from 1.22.214.66
Linux 2.6.34.
root@system:~#

acid_kewpie 07-09-2013 06:18 AM
sure, but that's the first one offered in the original output too, so if all you want is for that key to be accepted, you should just need to add it to the authorized_hosts on the remote end. As I originally stated, it really isn't clear what you perceive the issue to be here, or rather, what you expect "working" to look like.


All times are GMT -5. The time now is 05:45 PM.