This is a pure SSH problem, I guess. At least, I am not able to get
passwordless SSH work by just logging in remote machines, not to mention
getting it work with LAM. But since there were posts to this mailing list
on this topic, I guess people here would be kind enough to give me guidance.
I did look at some previous posts on SSH but I still cannot get it work.
I am using Solaris 5.8 on Sun Ultra 60s. I am not a sys adm so I have no
idea how SSH was installed and configured. I am trying to set up SSH between
two machines: tokyo and bombay. Here is the log:
mingl_at_tokyo% ssh -V
ssh: SSH Secure Shell 2.4.0 (non-commercial version) on
sparc-sun-solaris2.5.1
mingl_at_tokyo% ssh-keygen -t dsa
Generating 1024-bit dsa key pair
2 Oo.ooOo.oOo.
Key generated.
1024-bit dsa, mingl_at_[hidden], Thu Jul 31 2003 03:07:20
Passphrase :
Again :
Key is stored with NULL passphrase.
(You can ignore the following warning if you are generating hostkeys.)
This is not recommended.
Don't do this unless you know what you're doing.
If file system protections fail (someone can access the keyfile),
or if the super-user is malicious, your key can be used without
the deciphering effort.
Private key saved to /home/mingl/.ssh2/id_dsa_1024_a
Public key saved to /home/mingl/.ssh2/id_dsa_1024_a.pub
mingl_at_tokyo% cd /home/mingl/.ssh2
mingl_at_tokyo% ls -l
total 10
drwx------ 2 mingl grad 1536 Jul 30 15:41 hostkeys/
-rw------- 1 mingl grad 874 Jul 30 20:07 id_dsa_1024_a
-rw------- 1 mingl grad 743 Jul 30 20:07 id_dsa_1024_a.pub
-rw------- 1 mingl grad 512 Jul 30 20:07 random_seed
mingl_at_tokyo% scp id_dsa_1024_a.pub
mingl_at_[hidden]:./id_dsa_1024_a.pub
mingl_at_[hidden]'s password:
id_dsa_1024_a.pub | 743B | 0.7 kB/s | TOC: 00:00:01 | 100%
mingl_at_bombay% ssh -V
ssh: SSH Secure Shell 2.4.0 (non-commercial version) on
sparc-sun-solaris2.5.1
mingl_at_bombay% cd .ssh2
mingl_at_bombay% ls
authorized_keys2/ id_dsa_1024_a random_seed
hostkeys/ id_dsa_1024_a.pub
mingl_at_bombay% touch authorized_keys2
mingl_at_bombay% chmod 600 authorized_keys2
mingl_at_bombay% ll -a
total 20
drwx------ 3 mingl grad 512 Jul 30 20:18 ./
drwxr-xr-x 34 mingl grad 3584 Jul 30 20:13 ../
-rw------- 1 mingl grad 0 Jul 30 20:18 authorized_keys2
drwx------ 2 mingl grad 1536 Jul 30 15:41 hostkeys/
-rw------- 1 mingl grad 874 Jul 30 20:07 id_dsa_1024_a
-rw------- 1 mingl grad 743 Jul 30 20:07 id_dsa_1024_a.pub
-rw------- 1 mingl grad 512 Jul 30 20:13 random_seed
mingl_at_bombay% cat ../id_dsa_1024_a.pub >> authorized_keys2
mingl_at_bombay% rm ../id_dsa_1024_a.pub
rm: remove ../id_dsa_1024_a.pub (yes/no)? y
mingl_at_bombay% chmod og+r id_dsa_1024_a.pub authorized_keys2
mingl_at_bombay% ls -l
total 20
-rw-r--r-- 1 mingl grad 743 Jul 30 20:19 authorized_keys2
drwx------ 2 mingl grad 1536 Jul 30 15:41 hostkeys/
-rw------- 1 mingl grad 874 Jul 30 20:07 id_dsa_1024_a
-rw-r--r-- 1 mingl grad 743 Jul 30 20:07 id_dsa_1024_a.pub
-rw------- 1 mingl grad 512 Jul 30 20:32 random_seed
mingl_at_tokyo% ssh -v bombay.ics.uci.edu
debug: hostname is 'bombay.ics.uuu.edu'.
debug: connecting to bombay.ics.uuu.edu...
debug: entering event loop
debug: ssh_client_wrap: creating transport protocol
debug:
SshAuthMethodClient/sshauthmethodc.c:117/ssh_client_authentication_initialize:
Added "publickey" to usable methods.
debug:
SshAuthMethodClient/sshauthmethodc.c:117/ssh_client_authentication_initialize:
Added "password" to usable methods.
debug: Ssh2Client/sshclient.c:1142/ssh_client_wrap: creating userauth
protocol
debug: Ssh2Common/sshcommon.c:502/ssh_common_wrap: local ip = 128.175.6.104,
local port = 40785
debug: Ssh2Common/sshcommon.c:504/ssh_common_wrap: remote ip =
128.175.6.105, remote port = 22
debug: SshConnection/sshconn.c:1866/ssh_conn_wrap: Wrapping...
debug: Ssh2Transport/trcommon.c:599/ssh_tr_input_version: Remote version:
SSH-2.0-OpenSSH_3.5p1
debug: Ssh2Transport/trcommon.c:789/ssh_tr_input_version: Remote version has
rekey incompatibility bug.
debug: Ssh2Transport/trcommon.c:1120/ssh_tr_negotiate: c_to_s: cipher
3des-cbc, mac hmac-sha1, compression none
debug: Ssh2Transport/trcommon.c:1123/ssh_tr_negotiate: s_to_c: cipher
3des-cbc, mac hmac-sha1, compression none
debug: Ssh2Client/sshclient.c:406/keycheck_key_match: Host key found from
database.
debug: Ssh2Common/sshcommon.c:306/ssh_common_special: Received
SSH_CROSS_STARTUP packet from connection protocol.
debug: Ssh2Common/sshcommon.c:356/ssh_common_special: Received
SSH_CROSS_ALGORITHMS packet from connection protocol.
debug:
Ssh2AuthPubKeyClient/authc-pubkey.c:777/ssh_client_auth_pubkey_agent_list_complete:
adding keyfile "/home/mingl/.ssh2/id_dsa_1024_a" to candidates
debug: Ssh2AuthClient/sshauthc.c:309/ssh_authc_completion_proc: Method
'publickey' disabled.
debug: Ssh2AuthPasswdClient/authc-passwd.c:92/ssh_client_auth_passwd:
Starting password query...
mingl's password: (That is, it still asked me for a pswd)
In the above, it seems to report that the remote node (bombay) is using
SSH-2.0-OpenSSH_3.5p1. I have no idea why it is saying that. And I do not
know what that "rekey incompatibility bug" is.
In a previous post, Jeff Squyres asked a user to look at the ssh_config and
sshd_config files. I did not have them in my ssh2 directory. And here are
the contents of the /etc/ssh2/ssh2_config and /etc/ssh2/sshd2_config files:
## ssh2_config
## SSH 2.0 Client Configuration File
##
## The "*" is used for all hosts, but you can use other hosts as
## well.
*:
## General
VerboseMode no
AuthenticationSuccessMsg yes
## Network
Port 22
NoDelay no
KeepAlive yes
## Crypto
Ciphers AnyStdCipher
MACs AnyMAC
StrictHostKeyChecking ask
## User public key authentication
IdentityFile identification
AuthorizationFile authorization
RandomSeedFile random_seed
## SSH1 Compatibility
Ssh1Compatibility yes
Ssh1AgentCompatibility none
## Authentication
## Hostbased is not enabled by default.
# AllowedAuthentications hostbased,publickey,password
AllowedAuthentications publickey,password
## sshd2_config
## SSH 2.4 Server Configuration File
##
## General
VerboseMode no
AllowCshrcSourcingWithSubsystems no
ForcePTTYAllocation no
SyslogFacility AUTH
## Network
Port 22
ListenAddress 0.0.0.0
RequireReverseMapping no
MaxBroadcastsPerSecond 0
## Crypto
Ciphers AnyCipher
MACs AnyMAC
## User
PrintMotd yes
CheckMail yes
UserConfigDirectory "%D/.ssh2"
UserKnownHosts yes
## User public key authentication
HostKeyFile hostkey
PublicHostKeyFile hostkey.pub
RandomSeedFile random_seed
IdentityFile identification
AuthorizationFile authorization
AllowAgentForwarding yes
## Tunneling
AllowX11Forwarding yes
AllowTcpForwarding yes
PublicHostKeyFile hostkey.pub
RandomSeedFile random_seed
IdentityFile identification
AuthorizationFile authorization
AllowAgentForwarding yes
## Tunneling
AllowX11Forwarding yes
AllowTcpForwarding yes
PublicHostKeyFile hostkey.pub
RandomSeedFile random_seed
IdentityFile identification
AuthorizationFile authorization
AllowAgentForwarding yes
## Tunneling
AllowX11Forwarding yes
AllowTcpForwarding yes
## User restrictions
PermitRootLogin yes
## subsystem definitions
subsystem-sftp sftp-server
I did copy the above ssh2_config to the .ssh2 my directory. If not, then
the log would show "Cannot access /home/mingl/ssh2_config". Is it correct
that I actually do not need to worry about this error/warning msg? That is,
if SSH cannot find a ssh2_config in my user directory, it would go to the
/etc/ssh2 directory to look for one and use it?
I notice that in sshd2_config, the IdentityFile is defined to be
identification, and AuthorizationFile is defined to be authorization.
Does that mean I have to create two files with these names? I did, and
followed the instructions on the ssh's man page to include a line in each of
these two files to include the names of the files that contain the private
and public keys. But it did not work out
BTW, some previous posts suggested setting LAMRSH=ssh, but the LAM 7.0 User
Guide seem to suggest that LAM would automatically choose between SSH and
RSH, is that true? So, it would try SSH first, and than RSH? The Guide
also has this -ssi boot rsh option -- I am running LAM 6.5.9 and this option
is not available, right?
Thank you very much.
Ming Lai
_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail
|
