ssh refuses to authenticate keys

3

So I am setting up a connection between my machine [fedora 17] and a virtual machine running in Virtual Box in which is running CentOS 5. I have installed openssh from the repositories on CentOS, and I have configured everything as it follows:

Protocol 2

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

SyslogFacility AUTHPRIV

PermitRootLogin yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile  /home/pigreco/.ssh/authorized_keys

PasswordAuthentication no

ChallengeResponseAuthentication yes

GSSAPIAuthentication yes
GSSAPICleanupCredentials yes

UsePAM yes

AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

X11Forwarding yes

Subsystem   sftp    /usr/libexec/openssh/sftp-server

this is the configuration file sshd_config on the server i.e. on the CentOS. Moreover I have created a public/private key pair as usual on the .ssh/ folder in my home directory in my OS, i.e. Fedora, and then I've copied with scp the id_rsa.pub to the server and then I have appended its content to the file .ssh/authorized_keys on the server machine.

The error that I get is the following:

OpenSSH_5.9p1, OpenSSL 1.0.0j-fips 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 50: Applying options for *
debug1: Connecting to 192.168.100.13 [192.168.100.13] port 22.
debug1: Connection established.
debug1: identity file /home/mayhem/.ssh/identity type -1
debug1: identity file /home/mayhem/.ssh/identity-cert type -1
debug1: identity file /home/mayhem/.ssh/id_rsa type 1
debug1: identity file /home/mayhem/.ssh/id_rsa-cert type -1
debug1: identity file /home/mayhem/.ssh/id_dsa type -1
debug1: identity file /home/mayhem/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 16:e5:72:d1:37:94:1b:5e:3d:3a:e5:da:6f:df:0c:08
debug1: Host '192.168.100.13' is known and matches the RSA host key.
debug1: Found key in /home/mayhem/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Cannot determine realm for numeric host address

debug1: Unspecified GSS failure.  Minor code may provide more information
Cannot determine realm for numeric host address

debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Unspecified GSS failure.  Minor code may provide more information
Cannot determine realm for numeric host address

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/mayhem/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
Agent admitted failure to sign using the key.
debug1: Trying private key: /home/mayhem/.ssh/identity
debug1: Trying private key: /home/mayhem/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive

Do you have some good suggestion of what I can do? thank you

MixturaDementiae

Posted 2012-09-08T18:02:29.470

Reputation: 61

Answers

2

ssh-agent tries to sign the communication using your private key, but fails. If you didn't already do that, try running ssh-add to add the private key to the agent (run without arguments the command automatically tries to load the default key files). If you did alread load the key, try export SSH_AUTH_SOCK=0.

Ansgar Wiechers

Posted 2012-09-08T18:02:29.470

Reputation: 4 860

with the ssh-add I get ssh-add Could not open a connection to your authentication agent. and if I run ssh-agent ssh-agent SSH_AUTH_SOCK=/tmp/ssh-JSptucPy5585/agent.5585; export SSH_AUTH_SOCK; SSH_AGENT_PID=5586; export SSH_AGENT_PID; echo Agent pid 5586; – MixturaDementiae – 2012-09-09T11:22:16.753

I tried also to delete the keys, making new keys without password, then changing and setting the permission of .ssh to 0700 and .ssh/authorized_keys to 0600, both server side and client side for .ssh... But still it does not work... – MixturaDementiae – 2012-09-09T11:46:54.303

Did you try to export SSH_AUTH_SOCK=0? – Ansgar Wiechers – 2012-09-09T20:25:42.907

yes... no success... what export does btw? – MixturaDementiae – 2012-09-09T20:29:25.270

export exports variables to the environment, so that the variables are available in other shells as well. Without using export a variable is only available in the current shell (and its children). – Ansgar Wiechers – 2012-09-09T20:49:02.163

Try terminating all ssh-agent processes (killall ssh-agent). – Ansgar Wiechers – 2012-09-09T20:50:32.820

I did it actually, but nothing changed. I actually installed Ubuntu 12.04 server and installed ssh server in it. It works like a charm... maybe it's some problem with CentOS... – MixturaDementiae – 2012-09-09T22:11:09.760

1

Any particular reason you're hard coding the location for your authorized_keys file? OpenSSH is very anal about the permissions of files and their parent directory. The server also does NOT tell the client why a key was rejected. Check out your log file and see why sshd is rejecting the key. Check for one of these files: /var/log/secure or /var/log/auth.log on the server. You will need root access.

UtahJarhead

Posted 2012-09-08T18:02:29.470

Reputation: 1 755

Also, is it your intention to use ssh-agent? If not, there's nothing wrong with disabling it for troubleshooting purposes. This will allow you to determine if it's a problem with ssh-agent or something else. – UtahJarhead – 2012-10-05T15:51:03.297

had a similar issue. /Var/log/secure revealed that /root folder had wrong permissions. Thanks for the tip! – Jeremy Heslop – 2014-06-06T17:04:35.940

1

This worked for me:

restorecon -R $user/.ssh

https://www.centos.org/forums/viewtopic.php?t=8990

user305678

Posted 2012-09-08T18:02:29.470

Reputation: 11

Asked: 2012-09-08T18:02:29.470

Viewed: 3 390 times

Active: 2014-03-06T18:58:12.003