How to authenticate on a machine with ssh (protocol 1) without password

This document describes the necessary steps to be carried out in order to authenticate with ssh protocol 1 without password.

1. Generate private/public pair of keys on client computer (let's say desktop)
[codesyntax lang="bash"]

ssh-keygen -t rsa1

[/codesyntax]

2. Copy the public key to the server
[codesyntax lang="bash"]

ssh-copy-id -i identity.pub user@server

[/codesyntax]

3. Try to authenticate on server
[codesyntax lang="bash"]

ssh -1 -vvv server

[/codesyntax]

Note: If authenticate on step 3 fails with the following error message:

user@user:~/.ssh$ ssh -1 -vvv user@server
OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to staging13.vendio.com [10.111.0.236] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type 0
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: Remote protocol version 1.5, remote software version 1.2.27
debug1: no match: 1.2.27
debug1: Local version string SSH-1.5-OpenSSH_5.3p1 Debian-3ubuntu7
debug2: fd 3 setting O_NONBLOCK
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug3: check_host_in_hostfile: filename /home/user/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1014
debug3: check_host_in_hostfile: filename /home/user/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1015
debug1: Host 'staging13.vendio.com' is known and matches the RSA1 host key.
debug1: Found key in /home/user/.ssh/known_hosts:1014
debug1: Encryption type: 3des
debug3: Wrote 156 bytes for a total of 194
debug1: Sent encrypted session key.
debug2: cipher_init: set keylen (16 -> 32)
debug2: cipher_init: set keylen (16 -> 32)
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug3: Wrote 20 bytes for a total of 214
debug1: RSA authentication using agent refused.
debug1: Trying RSA authentication with key '/home/user/.ssh/identity'
debug3: Wrote 268 bytes for a total of 482
Connection closed by X.X.X.X

And the sshd log on looks like:
Aug 29 00:26:21 staging13 sshd[16286]: connect from Y.Y.Y.Y
Aug 29 00:26:21 staging13 sshd[16286]: log: Connection from Y.Y.Y.Y port 43749
Aug 29 00:26:21 staging13 sshd[16286]: log: Could not reverse map address Y.Y.Y.Y.
Aug 29 00:26:22 staging13 sshd[16286]: fatal: RSA key has too many bits for RSAREF to handle (max 1024).

You should know that this is a limitation in the RSAREF library and we should set a host key with at most 896 bits. This can be accomplished by adding -b 896 parameter to ssh-keygen command on step one. After generating the key, it must be copied on the server.

Scrie si tu o vorbulita


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.