To administer your WestHost account, please enter your
Domain Name or Server Manager Username.

WestHost: Professional Website Hosting Company








Results 1 to 10 of 10
  1. #1
    Junior Member
    Join Date
    May 2006
    Location
    Tampa FL
    Posts
    19

    Default SSH with RSA Key Authentication

    I have a new server that I am trying to get SSH w/RSA Keys working.
    My keys get rejected and I have to use my password to login.

    I saw posts from a year ago saying you needed to get support to
    change some configuration setting to get it working.

    I have used the same keys on two different servers with success.

    Yes permissions are right .ssh 700 and authorized_keys 644

    I see no sshd process, so it seems out of my hands.

    Anyone work through this?

    Tom
    Last edited by w2vy; 05-10-2006 at 01:30 PM.

  2. #2
    Senior Member torrin's Avatar
    Join Date
    May 2003
    Location
    Vista, CA
    Posts
    534

    Default

    Quote Originally Posted by w2vy
    I have a new server that I am trying to get SSH w/RSA Keys working.
    My keys get rejected and I have to use my password to login.

    I saw posts from a year ago saying you needed to get support to
    change some configuration setting to get it working.
    I can login to my account without password. I forget if my key is RSA or DSA though. I'll look at it later.

    However, in order to get it to work, I did need to put in a ticket with support. Your post didn't say if you had done that or not. So I'll confirm that it needs to be done.

  3. #3
    Junior Member
    Join Date
    May 2006
    Location
    Tampa FL
    Posts
    19

    Default

    Quote Originally Posted by torrin
    I can login to my account without password. I forget if my key is RSA or DSA though. I'll look at it later.

    However, in order to get it to work, I did need to put in a ticket with support. Your post didn't say if you had done that or not. So I'll confirm that it needs to be done.
    How long ago was that? Do you have the ticket number?

    I tried Chat, then Email and the finally Email and they ended up directing me to Custom Services (at $95/hr)

    So much for the 'Best Effort' to get things working I was told by sales 3 weeks ago

  4. #4
    Senior Member jalal's Avatar
    Join Date
    May 2003
    Location
    Germany
    Posts
    1,377

    Default

    Ya know... it should 'just work'. It has for me and many others. You don't give any details on what the errors are (or what package you have), so I can't make any suggestions. But I don't think support need to do anything (AFAIK).

  5. #5
    Junior Member
    Join Date
    May 2006
    Location
    Tampa FL
    Posts
    19

    Default

    Well from Putty it says:

    Using username "xanthusus".
    Server refused our key
    xanthusus@xanthus.us's password:

    Then from another server (different key set)

    xanthus:~/.ssh$ ssh -v xanthusus@xanthus.us
    OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004
    debug1: Reading configuration data /usr/local/etc/ssh_config
    debug1: Connecting to xanthus.us [206.130.125.172] port 22.
    debug1: Connection established.
    debug1: identity file /home/w2vy/.ssh/identity type -1
    debug1: identity file /home/w2vy/.ssh/id_rsa type 1
    debug1: identity file /home/w2vy/.ssh/id_dsa type -1
    debug1: Remote protocol version 1.99, remote software version OpenSSH_3.1p1
    debug1: match: OpenSSH_3.1p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'xanthus.us' is known and matches the RSA host key.
    debug1: Found key in /home/w2vy/.ssh/known_hosts:24
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/w2vy/.ssh/identity
    debug1: Offering public key: /home/w2vy/.ssh/id_rsa
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Trying private key: /home/w2vy/.ssh/id_dsa
    debug1: Next authentication method: keyboard-interactive
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Next authentication method: password
    xanthusus@xanthus.us's password:

    and then from the same server to my home system: (same keys)

    xanthus:~/.ssh$ ssh -v tom@xxxx.yyyy.us
    OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004
    debug1: Reading configuration data /usr/local/etc/ssh_config
    debug1: Connecting to xxxx.yyyy.us [70.125.7.47] port 22.
    debug1: Connection established.
    debug1: identity file /home/w2vy/.ssh/identity type -1
    debug1: identity file /home/w2vy/.ssh/id_rsa type 1
    debug1: identity file /home/w2vy/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2p1 FreeBSD-20050903
    debug1: match: OpenSSH_4.2p1 FreeBSD-20050903 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'xxxx.yyyy.us' is known and matches the DSA host key.
    debug1: Found key in /home/w2vy/.ssh/known_hosts:26
    debug1: ssh_dss_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,keyboard-interactive
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/w2vy/.ssh/identity
    debug1: Offering public key: /home/w2vy/.ssh/id_rsa
    debug1: Server accepts key: pkalg ssh-rsa blen 149
    debug1: read PEM private key done: type RSA
    debug1: Authentication succeeded (publickey).
    debug1: channel 0: new [client-session]
    debug1: Entering interactive session.

    so in short it does not like my keys...

  6. #6
    Senior Member torrin's Avatar
    Join Date
    May 2003
    Location
    Vista, CA
    Posts
    534

    Default

    I'll PM the ticket number.

    I think jalal is right, it should just work. However sometimes it doesn't.

    My story is I had this set up and working for a long time. Then around June of 2005 it suddenly stopped working. I put in a ticket with westhost and they told me that they had did some maintanence and moved my account to a different server and that I needed to recreate my authorized_keys file. Fair enough. However, after I did that, it still didn't work. So after a few more E-mails, they fixed it. Now that I look back at the responses to the ticket I see there was no explaination on what changed. So I don't know if they changed just my account or all accounts.
    Last edited by torrin; 05-09-2006 at 04:29 PM.

  7. #7

    Default

    I was having problems, too, but just got it to work moments ago with help from the chat tech.

    Two things had me messed up:

    My authorized keys file was for ssh2, named "authorized_keys2". It should just be "authorized_keys"

    My .ssh directory was located at /home/{username}/.ssh (which is actually /usr/home/{username}/.ssh ) But it should be located in the root directory ( /.ssh )

    Oh, one other thing... the authorized_keys file was 700, tech said it needs to be 400. Don't know if that would really make a difference, but thought I'd mention it, just in case it helps...

  8. #8
    Junior Member
    Join Date
    May 2006
    Location
    Tampa FL
    Posts
    19

    Default

    Well I raised a stink with support and they looked into it...

    I tried it tonight and it works!

    Bad news... The tech says he didn't change anything on my server

    I even had them re-boot the server to make sure the setting stayed, it did.

    I hate it when things fix themselves...

    I suggested they set up a fresh server and try it...

    I hope they do...

    tom

  9. #9
    Junior Member
    Join Date
    Aug 2006
    Posts
    1

    Default Resolving ssh issue from OS X

    I found this thread from Google, but not the solution, so I thought I'd post it here. From OS X, I followed the directions at http://codeworks.gnomedia.com/westho...-secure-shell/ but still couldn't connect. Doing ssh -v username@example.com showed the line "No challenge". The trick was (and is) to do ssh -2 username@example.com to force use of SSHv2. With that, everything worked.

  10. #10
    Senior Member rolling's Avatar
    Join Date
    May 2004
    Location
    Different day, different place
    Posts
    486

    Default

    I was having problems with this today. When I tried ssh -v -2 me@mydomain.com, it would connect to my server, but only if I entered my password manually.

    To summarise, here is what you need to do:
    1. Download cwRsync or some similar package to your computer
    2. run ssh-keygen -t dsa
    3. Connect to your server using PuTTY
    4. Accept the defaults - you need to save the keys in Documents and Settings\AccountName\.ssh on a Windows PC with no passphrase.
    5. Create the directory /.ssh on your server mkdir /.ssh
    6. Change the access rights to /.ssh chmod 0700 /.ssh
    7. Copy the file Documents and Settings\AccountName\.ssh\id_dsa.pub to /.ssh/authorized_keys on your server. If authorized_keys already exists, then append your key to the end of the file. It is IMPERATIVE that each key in your authorized_keys occupies a single line. pico kept splitting the key into multiple lines with me I had to delete the extra linefeeds every time that I edited the file.
    8. Change the access rights for authorized_keys chmod 0400 /.ssh/authorized_keys
    9. Try to connect to your server ssh -v -2 mylogin@mydomain.com


    If you got it right, then this is what you should see:
    Code:
    C:\cwRsync\bin>ssh v -2 mylogin@mydomain.com 
    OpenSSH_4.5p1, OpenSSL 0.9.8d 28 Sep 2006
    debug1: Connecting to mydomain.com [xxx.xxx.xxx.xxx] port 22.
    debug1: Connection established.
    debug1: identity file /cygdrive/x/Documents and Settings/Simpleton/.ssh/id_rsa type 1
    debug1: identity file /cygdrive/x/Documents and Settings/Simpleton/.ssh/id_dsa type 2
    debug1: Remote protocol version 2.0, remote software version OpenSSH_3.1p1
    debug1: match: OpenSSH_3.1p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.5
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'mydomain.com' is known and matches the RSA host key.
    debug1: Found key in /cygdrive/x/DocumentsandSettings/Simpleton/.ssh/known_hosts:1
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Next authentication method: publickey
    debug1: Offering public key: /cygdrive/x/Documents and Settings/Simpleton/.ssh/id_rsa
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Offering public key: /cygdrive/x/Documents and Settings/Simpleton/.ssh/id_dsa
    debug1: Server accepts key: pkalg ssh-dss blen 433
    debug1: read PEM private key done: type DSA
    debug1: Authentication succeeded (publickey).
    debug1: channel 0: new [client-session]
    debug1: Entering interactive session.
    Last login: Tue May  1 10:43:24 2007 from 81.168.120.241
    [mylogin][~]$
    If you get Unexpected Error when you try to connect, or the server simply disconnects when you have any RSA keys in Documents and Settings\AccountName\.ssh, then you have a problem in /.ssh/authorized_keys on your server
    Last edited by rolling; 05-01-2007 at 05:53 PM. Reason: Typo! Filename was wrong
    Richard

    I have jotted down some of my meddlings at http://www.rollingr.net/wordpress
    Click here for a full list of formatting codes for this forum

Similar Threads

  1. HowTo Tutorial: Using and Installing SSH
    By sunzon in forum E-mail / FTP Management
    Replies: 6
    Last Post: 05-10-2008, 08:07 AM
  2. SSH Delay Issue
    By WestHost - CRussell in forum General Discussion
    Replies: 2
    Last Post: 02-07-2007, 08:42 AM
  3. can we have more than 1 ssh account?
    By vod in forum General Discussion
    Replies: 2
    Last Post: 07-14-2006, 01:44 PM
  4. Cron Jobs and SSH
    By abomahdy in forum Solutions
    Replies: 22
    Last Post: 06-06-2006, 09:50 PM
  5. SSH login directory
    By cashew in forum Account Maintenance
    Replies: 5
    Last Post: 09-20-2005, 02:58 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •