SSH connectivity

bphealy
bphealy
in IBM
Hi

I must be doing something daft wrong but I cannot get the ssh working with the ssh keys.  I have a linux machine with stor2rrd running, i Su'd to stor2rrd user and created the key pair without a key pair.  I then used scp to copy the public key to the v7000 and then created a user on the storage called stor2rrd which has that key assigned.  when I try connect using the ssh -i /home/stor2rrd/.ssh/id_dsa storagename i keep getting prompted for a password.  all suggestions welcome, thanks.

Comments

  • Jirka
    Jirka
    Hi,  try to run ssh with verbose parameter (-v ), it should tell you why the connection fails - some permission problem maybe.
  • bphealy
    bphealy
    Hi, this is the verbose output --> it seems to be looking for .cert file, is this expected ?

    stor2rrd@overwatch:~/stor2rrd/logs$ ssh -v -i /home/stor2rrd/.ssh/id_dsa stor2rrd@193.1.247.102
    OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g  1 Mar 2016
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 19: Applying options for *
    debug1: Connecting to 193.1.247.102 [193.1.247.102] port 22.
    debug1: Connection established.
    debug1: identity file /home/stor2rrd/.ssh/id_dsa type 2
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/stor2rrd/.ssh/id_dsa-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_6.4
    debug1: match: OpenSSH_6.4 pat OpenSSH* compat 0x04000000
    debug1: Authenticating to 193.1.247.102:22 as 'stor2rrd'
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: algorithm: ecdh-sha2-nistp256
    debug1: kex: host key algorithm: ssh-rsa
    debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256-etm@openssh.com compression: none
    debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256-etm@openssh.com compression: none
    debug1: sending SSH2_MSG_KEX_ECDH_INIT
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: Server host key: ssh-rsa SHA256:5Jr0HeFs67s/gyeXNOoYi5VoQbOq4EccZFHyjWm7ePI
    debug1: Host '193.1.247.102' is known and matches the RSA host key.
    debug1: Found key in /home/stor2rrd/.ssh/known_hosts:1
    debug1: rekey after 4294967296 blocks
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: rekey after 4294967296 blocks
    debug1: SSH2_MSG_NEWKEYS received
    debug1: Skipping ssh-dss key /home/stor2rrd/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Next authentication method: password



  • Jirka
    Jirka
    edited September 2016

    Hi,
    Look at this line:
    Skipping ssh-dss key /home/stor2rrd/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes

    Remote system doesn't accept your key type. It can be related with this:

    Starting with the 7.0 release of OpenSSH, support for ssh-dss keys has been disabled by default at runtime due to their inherit weakness.  If you rely on these key types, you will have to take corrective action or risk being locked out.
    There are four types of keys: dsa, ecdsa, ed25519, or rsa. Try to generate rsa type key and connect with it.

    ssh-keygen -t rsa


  • bphealy
    bphealy
    Hi Jirka

    Thanks a million that worked a treat

    Regards
    Brendan
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Categories

In this Discussion