another SSH/public key problem

Greetings

I have SSH configured and working on an OpenSuse 11.1 system - now I’m trying to set up public key authentication. I’ve followed the instructions in

http://en.opensuse.org/Public_Key_Authentication

, but I must’ve hosed up something, b/c I’m still being prompted for a password.

below is my sshd_config from the server:

obsoletes QuietMode and FascistLogging

#SyslogFacility AUTH
#LogLevel INFO

Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile ~/.ssh/authorized_keys

For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

#RhostsRSAAuthentication no

similar for protocol version 2

#HostbasedAuthentication no

Change to yes if you don’t trust ~/.ssh/known_hosts for

RhostsRSAAuthentication and HostbasedAuthentication

#IgnoreUserKnownHosts no

Don’t read the user’s ~/.rhosts and ~/.shosts files

#IgnoreRhosts yes

To disable tunneled clear text passwords, change to no here!

PasswordAuthentication no
#PermitEmptyPasswords no

this is the SSH_config file from the client:

1. command line options

2. user-specific file

3. system-wide file

Any configuration value is only changed the first time it is set.

Thus, host-specific definitions should be at the beginning of the

configuration file, and defaults at the end.

Site-wide defaults for various options

Host *

ForwardAgent no

ForwardX11 no

RhostsAuthentication no

RhostsRSAAuthentication yes

RSAAuthentication yes

PasswordAuthentication yes

FallBackToRsh no

UseRsh no

BatchMode no

CheckHostIP yes

StrictHostKeyChecking yes

IdentityFile ~/.ssh/identity

IdentityFile ~/.ssh/id_dsa

IdentityFile ~/.ssh/id_rsa

Port 22

Protocol 2

Protocol 2,1

Cipher blowfish

EscapeChar ~

Can anybody look at this and tell me what must be obvious that I’m not seeing?

dsteven1 wrote:
> Greetings
>
> I have SSH configured and working on an OpenSuse 11.1 system - now I’m
> trying to set up public key authentication. I’ve followed the
> instructions in
> http://en.opensuse.org/Public_Key_Authentication, but I
> must’ve hosed up something, b/c I’m still being prompted for a
> password.
>
Is it possible that your private key has a passphrase? In order
to do passwordless logins, the idea is to allow your private key
answer the public key challenge, but that requires you to have
allowed use of your key, which, if you assigned a passphrase to it,
you’ll be prompted for it. Nothing goes across the wire, the
passphrase is just used to allow use of your private key to
answer the challenge.

Another way to avoid having to constantly type in your
passphrase is to use something that loads them up at one time… e.g.
ssh-agent. If you’re on a Windows box using PuTTY, you’d use
pageant (PuTTY agent).

Just a guess…
Chris

Chris

Thanks for the reply.

There is no passphrase on the key.

I’ll have to look in to ssh-agent.

Dan

SSHD is picky about file protections on the authorized_keys file. It or the containing directories cannot be group writable.

dsteven1 wrote:
> Greetings
>
> I have SSH configured and working on an OpenSuse 11.1 system - now I’m
> trying to set up public key authentication. I’ve followed the
> instructions in
> http://en.opensuse.org/Public_Key_Authentication, but I
> must’ve hosed up something, b/c I’m still being prompted for a
> password.

This is my normal way to do it:
First have sshd running on the remote machine so that the normal log in
is possible. Then locally:

ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa

And then:

cat ~/.ssh/id_rsa.pub | ssh <user>@>remote machine> ‘cat - >>
~/.ssh/authorized_keys’

>
> Can anybody look at this and tell me what must be obvious that I’m not
> seeing?
>
>

The above has always worked, so I wouldn’t know…

Vahis

“Sunrise 7:54am (EEST), sunset 6:18pm (EEST) at Espoo, Finland (10:23
hours daylight)”
http://waxborg.servepics.com
Linux 2.6.25.20-0.5-default #1 SMP 2009-08-14 01:48:11 +0200 x86_64
6:13am up 20 days 12:53, 13 users, load average: 0.00, 0.04, 0.03

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Even better… use ssh-copy-id which specifically makes sure to not
overwrite the destination file and also makes sure that permissions are
set correctly throughout.

For troubleshooting use ‘ssh -v’ or ‘-vv’ or -‘vvv’ and post the output here.

Good luck.

Vahis wrote:
> dsteven1 wrote:
>> Greetings
>>
>> I have SSH configured and working on an OpenSuse 11.1 system - now I’m
>> trying to set up public key authentication. I’ve followed the
>> instructions in
>> http://en.opensuse.org/Public_Key_Authentication, but I
>> must’ve hosed up something, b/c I’m still being prompted for a
>> password.
>
> This is my normal way to do it:
> First have sshd running on the remote machine so that the normal log in
> is possible. Then locally:
>
> ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa
>
> And then:
>
> cat ~/.ssh/id_rsa.pub | ssh <user>@>remote machine> ‘cat - >>
> ~/.ssh/authorized_keys’
>
>> Can anybody look at this and tell me what must be obvious that I’m not
>> seeing?
>>
>>
>
> The above has always worked, so I wouldn’t know…
>
> Vahis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJK0qp4AAoJEF+XTK08PnB5wAEP/0kyudpeLL5De1XpudpfMhcW
5VWTyKxdbuS3dvO5llpMkpTC/EGtA+cVekVPd8pd3c5xf4sj1lnsR/k3KN5qcBzJ
AomNjFnKwxaTZLwTmXFhYjTzIbLb4kOvw8tjtU2zNDCFgUZeD0nlAYB7ReOppmHX
T5maQrqPZEcyk5t+cikc+OS4yhjHNO+AoPuLAXR0NUuRdv4jV5aL7mEhzqyUk+ED
LgLOCELj2rN4UDnLXZYdDI4PEi3oL34L2pHnOwpju+IZDY0NivKtpAC+o5mHYhFG
B1ZnowoRrBwuaMmULACAqZlN4EUka1FW7X/MjCdOySy7weqyoEIoZT0t6mOhE+au
bWz4d6KHXOa5EmAENMkx7/wvCLU9u8CT50K2gAg6+m3hyZe0m/xZg9qD5e3ILMWL
1C2fv2H9pDqeQFeyDYeSWSTjyPKEgFbPsi8XPvE5nrWcUB/zIXcGZX9WH/y6Lp50
g3nsFA+8fcYrokNINBplAMF+4fBSoYSM3YeBFb/hvbEdzH80p0ZzRS3qPV8eHfPV
+1IIeFwMC9pauHhmpoj9hFRCeLDeEPveKY4aURNaHhCvaInevrsaPHMXkWSP+2G9
J8cXPORwBy4xh+KhmRqFzPhGU6qdmqJe38f53aeNdWtM2jAs2pu37IqpigVQA0X9
LGEIpwR0zKa0C6N5Ji9e
=sp2y
-----END PGP SIGNATURE-----

Vahis wrote:
> dsteven1 wrote:
>> Greetings
>>
>> I have SSH configured and working on an OpenSuse 11.1 system - now I’m
>> trying to set up public key authentication. I’ve followed the
>> instructions in
>> http://en.opensuse.org/Public_Key_Authentication, but I
>> must’ve hosed up something, b/c I’m still being prompted for a
>> password.
>
> This is my normal way to do it:
> First have sshd running on the remote machine so that the normal log in
> is possible. Then locally:
>
> ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa

I forgot to mention:
As the key is generated a passphrase will be prompted, twice, I think.
Leave that empty (=just Enter) if you want passwoedless authentication
with the key.
>
> And then:
>
> cat ~/.ssh/id_rsa.pub | ssh <user>@>remote machine> ‘cat - >>
> ~/.ssh/authorized_keys’

This will append the key to the end of the file ‘~/.ssh/authorized_keys’
on the remote machine.

>> Can anybody look at this and tell me what must be obvious that I’m not
>> seeing?
>>
>>
>
> The above has always worked, so I wouldn’t know…
>
Vahis

“Sunrise 7:54am (EEST), sunset 6:18pm (EEST) at Espoo, Finland (10:23
hours daylight)”
http://waxborg.servepics.com
Linux 2.6.25.20-0.5-default #1 SMP 2009-08-14 01:48:11 +0200 x86_64
11:15am up 20 days 17:55, 13 users, load average: 0.06, 0.08, 0.04

Botkeeper
what SHOULD the permissions be for the directory/files? I believe my ~/.ssh folder permissions are 700; the files, I’ll have to check again when I get in front of the system. I would think they should be pretty restrictive (maybe 400?)

ab@novell.com
where does ssh-copy-id run - on the client box or the server?

Vahis
I initially tried the “cat ~/.ssh…” command, but I think I might have already hosed up the file/folder permissions on the server; that said, I was able to use that command successfully when setting up public/private keys between two openSuse systems; this time, I’m going between a Windows 2003 Server box running Cygwin to an openSuse 11.1 system (as if that should make any difference).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

700 and 400 are probably fine. Be sure nobody other than your user can
get into the directory OR read the file (if the directory could be accessed).

ssh-copy-id is run from the client to put the public key on the server.

Good luck.

dsteven1 wrote:
> Botkeeper
> what SHOULD the permissions be for the directory/files? I believe my
> ~/.ssh folder permissions are 700; the files, I’ll have to check again
> when I get in front of the system. I would think they should be pretty
> restrictive (maybe 400?)
>
> ab@novell.com
> where does ssh-copy-id run - on the client box or the server?
>
> Vahis
> I initially tried the “cat ~/.ssh…” command, but I think I might have
> already hosed up the file/folder permissions on the server; that said, I
> was able to use that command successfully when setting up public/private
> keys between two openSuse systems; this time, I’m going between a
> Windows 2003 Server box running Cygwin to an openSuse 11.1 system (as if
> that should make any difference).
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJK04PeAAoJEF+XTK08PnB5U9wP/RFo7WvBh7vY4TtpFQSM3Rfs
mKXW7+UCoKJTFC/aWofjsJCpXiMKXCvhJtxTuQ6XI7iHUXRvoouYXsEN4DIOlVPu
lWJyCJbS0bA6Zi0EAyW4vcrTq1utPfqMZsp9SLLpkdo302kgG7xykEL5XUv7Nk3p
0qbidi3UPXhRvWEkMKsSomxwA9ui9duIldBWzMjLvt1+y7zBel1Puddvvj16RTvM
6B7pa0OH5KMo8HqCRrFor3DNnczHtdLUggdUEDIUY/L94PlSVj4XFv0CkeAg3R/k
MG0aqBJgtAl8yIAraAuypquXhelmdr79s9lCMD9+CbTY9UNJsGM2QST3/vL3qGDk
PRFEj0kU4UAYYVu1ZrLyromhlkweXsGx407s7RTVDkB5wqLRjRhT8fFjaJ2WmcRL
f295nrGjYiK82CrafhxPd7KnL/dXXx6rGuTuoOsK5Ij3VuARriCClz4kfS48gTdu
Z9aZdqlN85y+Frai1GHurjslgtYozC+gsFYXAtx07/1lDzbNiiQhrl8T2F/sqmbA
ikuNSlvshryKnFYW75Eu/8FYc1SgbvFsrzdvSCaObMRclZdd6fy6VJI6y2/uAYek
/KtyQ9xxXrHm15pZ4x9pFQTDjghVr9PTr7UxQZkEOqvUpDbhLUkpF/tIebGtI8vo
AKgc0uPAOiTMH/I695ly
=+TPx
-----END PGP SIGNATURE-----

I’ve verified the permissions on the directory and the files, still no luck. The stripped-down version of CYGWIN that I’m trying to use doesn’t have a ssh-copy-id command in it, so I think I’m going to load up a couple of VMs and keep experimenting.

Is it possible to unload/reload SSH on my existing openSuse PC, just so I can get things back to a pristine condition? (I know, shame on me for not having a backup in the first place).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Still haven’t seen the -v output from your SSH attempts.

Good luck.

dsteven1 wrote:
> I’ve verified the permissions on the directory and the files, still no
> luck. The stripped-down version of CYGWIN that I’m trying to use
> doesn’t have a ssh-copy-id command in it, so I think I’m going to load
> up a couple of VMs and keep experimenting.
>
> Is it possible to unload/reload SSH on my existing openSuse PC, just so
> I can get things back to a pristine condition? (I know, shame on me for
> not having a backup in the first place).
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJK09TWAAoJEF+XTK08PnB5kREQAL4w0Lo3al+AGbEDJpg/SeBl
SnFgeZ6SIIOWYiWd3iBUFKYmmsgz7+2mqagBK/q7IUbh4bn8PbsdvmBMTVM7p52k
Nlp4s88aY/C/5H3pQcEukcYRARJLUNZIaFw9ILypuWqaXtsOxTwNsdF+h8rhf81o
rZ22W/5SxHAyl9tJ6hZ3409vHrMw1NOnbD3BTsjYCFKylw08km7wsDSMHLIqK6Bq
sL4Fc6cTuSqz1qMn6VgRbjzeLTz02d+6ITF/zhYiKYgjXscfG+DIvChDOWWTdXc4
MVcu1FXWoc2xX9BAfaTwhsjkX+aDQU58qSxbNRT1JrNAhz35m7jLI1ozBAikUIOV
IdA1U/5SEHI81dPNC78YBnkxvEPaoqPTdi6ZBzWSQm5rQ9VMMzndSU4zOmM8UEJE
fWN7BaCe7qZtPigS1Lgpk+14KL1zQdM5tf/Nc5vlrHnQODJeWylQRSmshxRVZhjl
B8q8kL7hMFy8DZzAh5fiConlCPM4m/JM+FtEj3RLkHUkwHxt1Iu13Itw+nfH6ESA
kQ3IGcBIVIfxG55ADPW27iVWyOmlR/WVxkqWPaQdNBB6u2drVRYJtFN2cX9m2nkY
RmvpME0kZkpyH7mumgxn7EUgPh0Ov6BRJ67GNd8+TJP8WgoTILoJPlSz8AIJfRND
8bDECJOLG1IVHRw/SqMi
=fV+c
-----END PGP SIGNATURE-----

dang, you’re right - I’ll post that as soon as I can get back in front of my openSuse system.

ssh -v output:

user04@linux-sbsk:~> ssh -v user10@192.168.1.101 -p 22200
OpenSSH_5.1p1, OpenSSL 0.9.8h 28 May 2008                
debug1: Reading configuration data /etc/ssh/ssh_config   
debug1: Applying options for *                           
debug1: Connecting to 192.168.1.101 [192.168.1.101] port 22200.
debug1: Connection established.                                
debug1: identity file /home/user04/.ssh/id_rsa type 1          
debug1: identity file /home/user04/.ssh/id_dsa type -1         
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*                                 
debug1: Enabling compatibility mode for protocol 2.0                    
debug1: Local version string SSH-2.0-OpenSSH_5.1                        
debug1: SSH2_MSG_KEXINIT sent                                           
debug1: SSH2_MSG_KEXINIT received                                       
debug1: kex: server->client aes128-cbc hmac-md5 none                    
debug1: kex: client->server aes128-cbc hmac-md5 none                    
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent                
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP                             
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '[192.168.1.101]:22200' is known and matches the RSA host key.
debug1: Found key in /home/user04/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/user04/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
**Enter passphrase for key '/home/user04/.ssh/id_rsa':
Enter passphrase for key '/home/user04/.ssh/id_rsa':**
debug1: Trying private key: /home/user04/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
user10@192.168.1.101's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Sat Oct 10 15:33:14 2009 from linux-sbsk

user10@windoze ~
$

I’m puzzled as to why it asked for a passphrase - I know I didn’t enter a passphrase when I generated the key - it must be in the SSHD_CONFIG

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So when you logged in it asked you for a passphrase? That could be in the
configs, yes, but it’d be odd and I’d really expect it more on the client
side than the server side (I doubt the server can even really see any of
that part).

The authentication tries the private key and then falls back to keyboard
authentication (password, not passphrase). Could you get the
/var/log/messages output? Here is the login from my system to a box of
mine with ‘-vv’ after setting up the keys properly:

<quote>
ab@mybox0:~/Desktop> ssh -vv ab@remotebox0
OpenSSH_5.1p1, OpenSSL 0.9.8h 28 May 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to remotebox0 [remotebox0] port 22.
debug1: Connection established.
debug2: key_type_from_name: unknown key type ‘-----BEGIN’
debug2: key_type_from_name: unknown key type ‘-----END’
debug1: identity file /home/ab/.ssh/id_rsa type 1
debug1: identity file /home/ab/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.0
debug1: match: OpenSSH_5.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 118/256
debug2: bits set: 533/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host ‘remotebox0’ is known and matches the RSA host key.
debug1: Found key in /home/ab/.ssh/known_hosts:42
debug2: bits set: 497/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/ab/.ssh/id_rsa (0x7f1563e8f570)
debug2: key: /home/ab/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/ab/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: fp
a5:92:71:22:f2:3a:7d:94:85:68:b9:fd:42:b3:c0:84
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug2: channel 0: request shell confirm 1
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last login: Tue Oct 13 19:06:55 2009 from 192.168.1.2
[ab@remotebox0 ~]$
</quote>

Good luck.

dsteven1 wrote:
> ssh -v output:
>
>
> PHP code:
> --------------------
> user04@linux-sbsk:~> ssh -v user10@192.168.1.101 -p 22200
> OpenSSH_5.1p1, OpenSSL 0.9.8h 28 May 2008
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Connecting to 192.168.1.101 [192.168.1.101] port 22200.
> debug1: Connection established.
> debug1: identity file /home/user04/.ssh/id_rsa type 1
> debug1: identity file /home/user04/.ssh/id_dsa type -1
> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
> debug1: match: OpenSSH_5.2 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_5.1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host ‘[192.168.1.101]:22200’ is known and matches the RSA host key.
> debug1: Found key in /home/user04/.ssh/known_hosts:3
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password,keyboard-interactive
> debug1: Next authentication method: publickey
> debug1: Offering public key: /home/user04/.ssh/id_rsa
> debug1: Server accepts key: pkalg ssh-rsa blen 277
> ENTER PASSPHRASE FOR KEY ‘/HOME/USER04/.SSH/ID_RSA’:
> ENTER PASSPHRASE FOR KEY ‘/HOME/USER04/.SSH/ID_RSA’:
> debug1: Trying private key: /home/user04/.ssh/id_dsa
> debug1: Next authentication method: keyboard-interactive
> debug1: Authentications that can continue: publickey,password,keyboard-interactive
> debug1: Next authentication method: password
> user10@192.168.1.101’s password:
> debug1: Authentication succeeded (password).
> debug1: channel 0: new [client-session]
> debug1: Requesting no-more-sessions@openssh.com
> debug1: Entering interactive session.
> debug1: Sending environment.
> debug1: Sending env LANG = en_US.UTF-8
> Last login: Sat Oct 10 15:33:14 2009 from linux-sbsk
>
> user10@windoze ~
> $
> --------------------
>
>
> I’m puzzled as to why it asked for a passphrase - I know I didn’t enter
> a passphrase when I generated the key - it must be in the SSHD_CONFIG
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJK1SUcAAoJEF+XTK08PnB5Yc4P/jrRucv6T2T3ivWN2VNzOOV0
6SgVs8b7I08bDKgpXfhe/wgqNNbPJDga5EvqJytQnuQjeCt54n8hTbvs5VbZEB21
HCmGI+kv5bgKI4ojKyPxABJNDkiVWQ4lkouH+5/aZ513mSKoum4uEua89lQE0r+J
hNaLUDvuQ29mq/UzeqUCwyfFT0II+p1F1OXIsB+NoDq4ILXNwQYY28hpKP/ejaXQ
tzGSl/i13JFjFZF5vUdrxfuJbFEE2MQK9hEZP4LUH3f1HiTzbslID4orpuM43rgC
Ws7ZPZX8PjBeTBqKd6zrN+3YC6BCQ6lOc0YS1ngWHwr9YkjnaSmt/Sd21KxS6GxW
RDVOM4k14V2+xbaub6iMbzLjUTFI/kwvOazWb+ErBQcMqZCIytj7IeTildAnysC0
AjsALDdJrGCDpsQzG0aRb6FdVUhiszYq8xZoxRO4fn5tKRSRzmXxTAAQfOGFw/pb
kwMyEdFYBXdqCRt016v3ffb5RWHsIsVSbIE3u+8M+AhbBhe1tEOKBvwfWYT1ReXw
LJjcOWGIxM1szb2XBBFjglR4Mag+ljjZHhx4jP7PG54d23D3/UC4wHsdLdiNs+58
IXz4Tstq/Q/cDrg+egv2ddbbg2fmE+mAMPb94xH5oCQnvAIvoDkDyEJWiMb25Q7W
FL9/X175OZc+/eZf7gEp
=pDke
-----END PGP SIGNATURE-----