# [ SOLVED ] ssh with rsa keys problem

## spOOwn

Hello all,

I got a small problem to connect to a remote box with the ssh key, and so without any password or passphrase !

If someone could help, it would be great  :Smile: 

So, here is the information I can give you.

I create the key with :

```
 ssh-keygen 
```

I get the default location, and did not enter any pass-phrase !

I then copy the file :

```
 id_rsa.pub
```

to the remote box, and paste his contains to :

```
 .ssh/authorized_keys 
```

And when I log in to the remote box, I always have to enter the password of the user !

Here is the contains of the command : 

```

ssh -v remote_box
```

the output is :

```

OpenSSH_4.6p1 Debian-5build1, OpenSSL 0.9.8e 23 Feb 2007

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug1: Connecting to dell [192.168.0.100] port 22.

debug1: Connection established.

debug1: identity file /home/spoown/.ssh/identity type -1

debug1: identity file /home/spoown/.ssh/id_rsa type 1

debug1: identity file /home/spoown/.ssh/id_dsa type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debian-9etch2

debug1: match: OpenSSH_4.3p2 Debian-9etch2 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_4.6p1 Debian-5build1

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-cbc hmac-md5 none

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Host 'dell' is known and matches the RSA host key.

debug1: Found key in /home/spoown/.ssh/known_hosts:1

debug1: ssh_rsa_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,password

debug1: Next authentication method: publickey

debug1: Trying private key: /home/spoown/.ssh/identity

debug1: Offering public key: /home/spoown/.ssh/id_rsa

debug1: Authentications that can continue: publickey,password

debug1: Trying private key: /home/spoown/.ssh/id_dsa

debug1: Next authentication method: password

spoown@dell's password: 

```

and on the remote box, the config of sshd has got the option enable :

```

RSAAuthentication yes

PubkeyAuthentication yes

```

So, where is the problem ?? Why I always have to give the password ? Does anybody has an idea ? 

Thanks !

----------

## jroo

Make sure that the public key (the contents of id_rsa.pub) is exactly on one line in ~/.ssh/authorized_keys (you said you pasted it so this could be the problem).

You could "copy" in like this:

```

cat id_rs.pub >> ~/.ssh/authorized_keys

```

You can change the name of the file containing authorized keys with a following directive in /etc/ssh/sshd_config

```

AuthorizedKeysFile      .ssh/authorized_keys

```

----------

## gimpel

Also make sure the permissions are correct on the remote side.

~/.ssh has to be 700

~/.ssh/authorized_keys has to be 600

and of course both owned by the user.

----------

## spOOwn

thanks for advices, 

jroo -> The things you tell were already done like that  , I didn't change setting in sshd_config, as by default it reads the ssh key there in : .ssh/authorized_keys 

gimpel -> something new for me, I set .ssh directory to 700 as it was not like that, and set also .ssh/authorized_keys to 600 , but it neither change anything, I always have to give my password !?!? 

on local host :

```

ls -Rl .ssh

$ ls -la

total 24

drwx------  2 spoown spoown 4096 2008-09-02 11:21 .

drwxr-xr-x 55 spoown spoown 4096 2008-09-02 11:23 ..

-rw-------  1 spoown spoown 1675 2008-09-02 11:07 id_rsa

-rw-------  1 spoown spoown  396 2008-09-02 11:07 id_rsa.pub

-rw-------  1 spoown spoown  884 2008-09-02 11:22 known_hosts

-rw-r--r--  1 spoown spoown  884 2008-09-01 09:22 known_hosts.old

```

and on remote host :

```

$ ls -aRl .ssh/

.ssh/:

total 4

drwx------ 2 spoown spoown  80 2008-09-02 11:14 .

drwxr-xr-x 3 spoown spoown 248 2008-09-02 11:18 ..

-rw------- 1 spoown spoown 396 2008-09-02 11:18 authorized_keys

```

I'm always at the same problem  :Sad:  :

OpenSSH_4.6p1 Debian-5build1, OpenSSL 0.9.8e 23 Feb 2007

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug1: Connecting to dell [192.168.0.100] port 22.

debug1: Connection established.

debug1: identity file /home/spoown/.ssh/identity type -1

debug1: identity file /home/spoown/.ssh/id_rsa type 1

debug1: identity file /home/spoown/.ssh/id_dsa type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debian-9etch2

debug1: match: OpenSSH_4.3p2 Debian-9etch2 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_4.6p1 Debian-5build1

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-cbc hmac-md5 none

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Host 'dell' is known and matches the RSA host key.

debug1: Found key in /home/spoown/.ssh/known_hosts:2

debug1: ssh_rsa_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,password

debug1: Next authentication method: publickey

debug1: Trying private key: /home/spoown/.ssh/identity

debug1: Offering public key: /home/spoown/.ssh/id_rsa

debug1: Authentications that can continue: publickey,password

debug1: Trying private key: /home/spoown/.ssh/id_dsa

debug1: Next authentication method: password

I don't understand why the server don't take the key, in my config file there is : 

```

RSAAuthentication yes

PubkeyAuthentication yes

#AuthorizedKeysFile     %h/.ssh/authorized_keys

```

----------

## gimpel

Maybe you even have to set /home/<user> to 700 on the remote side, depending on the config (Debian too it seems, so try that).

Erm, what the hell..

 *spOOwn wrote:*   

> OpenSSH_4.6p1 Debian-5build1, OpenSSL 0.9.8e 23 Feb 2007

 

http://www.linuxsecurity.com/content/view/136975

http://lists.debian.org/debian-security-announce/2008/msg00152.html

http://lists.debian.org/debian-security-announce/2008/msg00153.html

etc etc

I guess any key generated on that Debilian box might be blacklisted if the remote server is sane.

Did you update openssl in May and did you regenerate all keys?

----------

## bbgermany

Hi,

I had a similiar issue with Debians OpenSSH implementation. Try DSA keys instead of RSA keys. This should work.

bb

----------

## gimpel

lol, I'd get rid of that mess then..

----------

## abhinav420420

Maybe you  have to set /home/<user> to 700 on the remote side, depending on the config 

moreover do check permisions on the remote side also

thanks

----------

## spOOwn

doesn't seems neither to work ! I tryied with dsa keys, and change permission of home directory to 700, but does not change...

It seems that the server doesn't accepte my accepte, but it doesn't tell me something like that, but my client offered the key, and the server don't get it into account !

```

OpenSSH_4.6p1 Debian-5build1, OpenSSL 0.9.8e 23 Feb 2007

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug1: Connecting to dell [192.168.0.100] port 22.

debug1: Connection established.

debug1: identity file /home/spoown/.ssh/identity type -1

debug1: identity file /home/spoown/.ssh/id_rsa type 1

debug1: identity file /home/spoown/.ssh/id_dsa type 2

debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debian-9etch2

debug1: match: OpenSSH_4.3p2 Debian-9etch2 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_4.6p1 Debian-5build1

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-cbc hmac-md5 none

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Host 'dell' is known and matches the RSA host key.

debug1: Found key in /home/spoown/.ssh/known_hosts:2

debug1: ssh_rsa_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,password

debug1: Next authentication method: publickey

debug1: Trying private key: /home/spoown/.ssh/identity

                                                       debug1: Offering public key: /home/spoown/.ssh/id_rsa

debug1: Authentications that can continue: publickey,password

                                                       debug1: Offering public key: /home/spoown/.ssh/id_dsa

debug1: Authentications that can continue: publickey,password

debug1: Next authentication method: password

spoown@dell's password: 

```

----------

## bbgermany

Maybe this helps a bit in this case then: http://fedoraforum.org/forum/archive/index.php/t-30684.html

you should start sshd with debuging enabled to see where the problem is.

bb

----------

## spOOwn

 *bbgermany wrote:*   

> Maybe this helps a bit in this case then: http://fedoraforum.org/forum/archive/index.php/t-30684.html
> 
> you should start sshd with debuging enabled to see where the problem is.
> 
> bb

 

Thanks a lot !! It helps me a lot, and finally found a solution !!

I run the sshd in debut mode, and finally see in : /var/log/auth.log

this message :

```

Jul 21 13:56:49 debian-base-system-dell sshd[2357]: Public key 7c:cd:ca:1f:b4:da:07:e2:9b:bf:fd:af:89:f0:6

5:0a blacklisted (see ssh-vulnkey(1))

Jul 21 13:56:52 debian-base-system-dell sshd[2359]: Public key 7c:cd:ca:1f:b4:da:07:e2:9b:bf:fd:af:89:f0:6

5:0a blacklisted (see ssh-vulnkey(1))

```

So, I upgrade my ssh client to a new version, and it's working now !

gimpel -> you also find the solution since the beginning ! Thanks...

Thanks for all... I have to say that I got more help here than the debian forum ! Really one of the best forum I ever knewn !!

----------

