Hi, Did you create the shared keys and copy them between machines ? this seems to be the problem ! you have to make: # ssh-keygen -t rsa in every machine that is a client for ssh and copy the id_rsa.pub into .ss/authorized_keys in every account you want to login in the server Cheers Christian 2008/6/8 farhat <farhat.habib@xxxxxxxxx>: > > I have a cluster of machines and I added a few new ones to the cluster. I > want to have passwordless ssh between all of them for all users. > Passwordless ssh works on the older machines. I added a few new machines > with identical ssh_config and sshd_config but am unable to get the > passwordless ssh working. : This is the message I get with ssh -vv > [code] > [root@node05 ~]# ssh -vv head > OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug2: ssh_connect: needpriv 0 > debug1: Connecting to head [192.168.100.254] port 22. > debug1: Connection established. > debug1: read PEM private key done: type DSA > debug1: read PEM private key done: type RSA > debug1: permanently_set_uid: 0/0 > debug1: identity file /root/.ssh/identity type -1 > debug1: identity file /root/.ssh/id_rsa type -1 > debug1: identity file /root/.ssh/id_dsa type -1 > debug1: loaded 3 keys > debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 > debug1: match: OpenSSH_4.3 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_4.3 > debug2: fd 3 setting O_NONBLOCK > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_init: found hmac-md5 > debug1: kex: server->client aes128-cbc hmac-md5 none > debug2: mac_init: found hmac-md5 > debug1: kex: client->server aes128-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug2: dh_gen_key: priv key bits set: 123/256 > debug2: bits set: 567/1024 > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Host 'head' is known and matches the RSA host key. > debug1: Found key in /etc/ssh/ssh_known_hosts2:1 > debug2: bits set: 501/1024 > debug1: ssh_rsa_verify: signature correct > debug2: kex_derive_keys > debug2: set_newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug2: set_newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug2: key: /root/.ssh/identity ((nil)) > debug2: key: /root/.ssh/id_rsa ((nil)) > debug2: key: /root/.ssh/id_dsa ((nil)) > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password,hostbased > debug1: Next authentication method: gssapi-with-mic > debug1: Unspecified GSS failure. Minor code may provide more information > Unknown code krb5 195 > > debug1: Unspecified GSS failure. Minor code may provide more information > Unknown code krb5 195 > > debug1: Unspecified GSS failure. Minor code may provide more information > Unknown code krb5 195 > > debug2: we did not send a packet, disable method > debug1: Next authentication method: hostbased > debug2: userauth_hostbased: chost node05.cluster. > debug2: we sent a hostbased packet, wait for reply > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password,hostbased > debug2: userauth_hostbased: chost node05.cluster. > debug2: we sent a hostbased packet, wait for reply > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password,hostbased > debug1: No more client hostkeys for hostbased authentication. > debug2: we did not send a packet, disable method > debug1: Next authentication method: publickey > debug1: Trying private key: /root/.ssh/identity > debug1: Trying private key: /root/.ssh/id_rsa > debug1: Trying private key: /root/.ssh/id_dsa > debug2: we did not send a packet, disable method > debug1: Next authentication method: password > root@head's password: > [/code] > > On the old machines, where passwordless ssh works, this is the message I > get. > > [code] > [root@node01 ~]# ssh -vv head > OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug2: ssh_connect: needpriv 0 > debug1: Connecting to head [192.168.100.254] port 22. > debug1: Connection established. > debug1: read PEM private key done: type DSA > debug1: read PEM private key done: type RSA > debug1: permanently_set_uid: 0/0 > debug1: identity file /root/.ssh/identity type -1 > debug2: key_type_from_name: unknown key type '-----BEGIN' > debug2: key_type_from_name: unknown key type '-----END' > debug1: identity file /root/.ssh/id_rsa type 1 > debug1: identity file /root/.ssh/id_dsa type -1 > debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 > debug1: match: OpenSSH_4.3 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_4.3 > debug2: fd 3 setting O_NONBLOCK > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_init: found hmac-md5 > debug1: kex: server->client aes128-cbc hmac-md5 none > debug2: mac_init: found hmac-md5 > debug1: kex: client->server aes128-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug2: dh_gen_key: priv key bits set: 133/256 > debug2: bits set: 517/1024 > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Host 'head' is known and matches the RSA host key. > debug1: Found key in /etc/ssh/ssh_known_hosts2:1 > debug2: bits set: 484/1024 > debug1: ssh_rsa_verify: signature correct > debug2: kex_derive_keys > debug2: set_newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug2: set_newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug2: key: /root/.ssh/identity ((nil)) > debug2: key: /root/.ssh/id_rsa (0x5555572106c0) > debug2: key: /root/.ssh/id_dsa ((nil)) > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password,hostbased > debug1: Next authentication method: gssapi-with-mic > debug1: Unspecified GSS failure. Minor code may provide more information > Unknown code krb5 195 > > debug1: Unspecified GSS failure. Minor code may provide more information > Unknown code krb5 195 > > debug1: Unspecified GSS failure. Minor code may provide more information > Unknown code krb5 195 > > debug2: we did not send a packet, disable method > debug1: Next authentication method: hostbased > debug2: userauth_hostbased: chost node01.cluster. > debug2: we sent a hostbased packet, wait for reply > debug1: Remote: Accepted by .shosts. > debug1: Remote: Accepted host node01.cluster ip 192.168.100.11 client_user > root server_user root > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password,hostbased > debug2: userauth_hostbased: chost node01.cluster. > debug2: we sent a hostbased packet, wait for reply > debug1: Remote: Accepted by .shosts. > debug1: Remote: Accepted host node01.cluster ip 192.168.100.11 client_user > root server_user root > debug1: Authentication succeeded (hostbased). > debug1: channel 0: new [client-session] > debug2: channel 0: send open > debug1: Entering interactive session. > debug2: callback start > debug2: client_session2_setup: id 0 > debug2: channel 0: request pty-req confirm 0 > debug1: Sending environment. > debug1: Sending env LANG = en_US.UTF-8 > debug2: channel 0: request env confirm 0 > debug2: channel 0: request shell confirm 0 > debug2: fd 3 setting TCP_NODELAY > debug2: callback done > debug2: channel 0: open confirm rwindow 0 rmax 32768 > debug2: channel 0: rcvd adjust 131072 > Last login: Sat Jun 7 22:13:20 2008 from node05.cluster > [root@head ~]# > [/code] > > > Could someone help with where is this problem occuring? > > Thanks, > -Farhat > -- > View this message in context: http://www.nabble.com/passwordless-ssh-between-machines-tp17724021p17724021.html > Sent from the SSH (Secure Shell) mailing list archive at Nabble.com. > >
