ssh won't work... how to determine why im not loging in

[nuttervm]

i've tried the -v -v -v option for max verbosity but i still can't get ssh to work on my school server... i wonder maybe they don't have it set up right, but i doubt that.

i'm trying to login using password authentication, but the output isnt very clear, it just tells me that access is denied. i've moved the public key over the authorized_keys and it still doesn't work. i read something about the wrappers in redhat and hp-ux use some sort of PAM to make a connection... i don't really know what that is and don't have the access to the machine to make changes even if i did.

is there anything obvious that i need to know before i start asking the admin to check the server config. this should be a simple process dammit why won't it work!

 

[cureless]

You are using the same version right?

Also, there is nothing external stopping this right? ( like /etc/hosts.deny on the server? )

What messages are you getting? Can you log in from other machines? Have you tried from windows or another OS? Can you telnet? Can you ssh the other way around (yeah, so you need a server running, etc, but might as well ask)

cl

 

[n0cmonkey]

ssh v1 or v2? OpenSSH or just SSH? What does the -v give you (copy paste after removing ip's and usernames)?

 

[bubba]

SSH doesn't work if the reverse DNS nslookup does not resolve your IP/name

 

[n0cmonkey]

<< SSH doesn't work if the reverse DNS nslookup does not resolve your IP/name >>



Why would SSH inc or whatever they are called do that? Sounds stupid. But OpenSSH does not have this problem.

 

[nuttervm]

<< SSH doesn't work if the reverse DNS nslookup does not resolve your IP/name >>



i'm kinda guessing this is the problem, but i thought i fixed it. (squid wouldnt run till i had a fully qualified host name, and now it runs fine... wierd)

i can telnet into the machine, i have tried from unix/nt/98, i'm fairly sure that its openssh, or at least thats what the man pages are (dont remember what the banner said)

yeah i ssh'ed out of that machine once to my home machine. i'm pretty sure that the hosts.deny file is set up properly but am not entirely sure.

gonna work on it more tonight

 

[ScottMac]

You can't just copy the keys. You have to copy the ".pub" into the .ssh directory under your home (i.e. /home/scottmac/.ssh). Once there, use ssh-keygen to code the keys into the "authorized_keys2" file (for ssh2).

The syntax will look something like :

ssh-keygen -trsa(or -tdsa) -X -f public_key_file_name.pub >> ~/.ssh/authorized_keys2

the "-trsa" or "-tdsa" determine if the key generated is using RSA or DSA coding.

"public_key_file_name.pub" will be whatever the name of the file is that you moved to the ~/.ssh directory for the keygen. You must be careful to copy the .pub file exactly (especially for a cut & paste).

You should also be careful using the password function; in some configurations, you may be sending the password as clear text. If possible, once the configuration is proven to work, change the config to only accept public key authentication. Then Kill Telnet, it's absolutely unsecure.

If you go to ssh.com's site, you can D/L (for free) ssh 3.0.1, the latest release....either as source or an RPM.

Good Luck

Scott

 

[n0cmonkey]

Actually, for those of you that have done this before, you do NOT have to use keygen to create an authorized keys file. You can just mv your public key (I believe) to ~/.ssh/authorized_keys or ~/.ssh/authorized_keys2 (for ssh v2).

EDIT: stupid mistake.

 

[bubba]

<< Why would SSH inc or whatever they are called do that? Sounds stupid. But OpenSSH does not have this problem >>



I believe that it does, because the only time I had that problem was with a past work site that used OpenSSH. I believe it is a cross check to authenticate where you are coming from. Since the authentication is the same for both OpenSSH and SSH, I assume that they both behave the same.

 

[n0cmonkey]

<<

<< Why would SSH inc or whatever they are called do that? Sounds stupid. But OpenSSH does not have this problem >>



I believe that it does, because the only time I had that problem was with a past work site that used OpenSSH. I believe it is a cross check to authenticate where you are coming from. Since the authentication is the same for both OpenSSH and SSH, I assume that they both behave the same. >>



If you turn it on it will have that problem. At some sites that is not necessary/more trouble than it is worth. Needless to say, I dont run a dns server on my small lan, but ssh will work fine from my iBook to my desktop and firewall.

 

[bubba]

Same with me on my home LAN.

 

[n0cmonkey]

<< Same with me on my home LAN. >>



Ok, then you should realize, unless you set it up to use this "authentication" you will not run into dns problems. Anyhow, we dont have enough info to answer the question well..

 

[nuttervm]

<< Actually, for those of you that have done this before, you do NOT have to use keygen to create an authorized keys file. You can just mv your public key (I believe) to ~/.ssh/authorized_keys or ~/.ssh/authorized_keys2 (for ssh v2).

EDIT: stupid mistake. >>



yes that is true, simply using the mv command is enough. as for the keygen for sshv2 yes i have done that as well (this is of course assuming you will have only one key in the file... if you use more than one key then you need to append each key to the end of the authorized_key files). also in case some of you old timers don't know, it wants to put your identity files in ~/.ssh by default so i don't know why that has garnered so much attention...

i've been working all night away from home so i havent had time to play with it. hopefully i will find time tomorrow to spend some time with it.

edit: and the reason i want to start using ssh is because of telnets clear text badness