Thanks both for pointing me in the right direction. I had copied the keys but I hadn't put machine names into the shosts file. It works fine now for the most part (there is a long delay in logging into one of the machines) -Farhat Christian Grunfeld wrote: > > Hi, > > Did you create the shared keys and copy them between machines ? > this seems to be the problem ! > > you have to make: > # ssh-keygen -t rsa > in every machine that is a client for ssh and copy the id_rsa.pub into > .ss/authorized_keys in every account you want to login in the server > > Cheers > Christian > > 2008/6/8 farhat <farhat.habib@xxxxxxxxx>: >> >> I have a cluster of machines and I added a few new ones to the cluster. I >> want to have passwordless ssh between all of them for all users. >> Passwordless ssh works on the older machines. I added a few new machines >> with identical ssh_config and sshd_config but am unable to get the >> passwordless ssh working. : This is the message I get with ssh -vv >> [code] >> [root@node05 ~]# ssh -vv head >> OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006 >> debug1: Reading configuration data /etc/ssh/ssh_config >> debug1: Applying options for * >> debug2: ssh_connect: needpriv 0 >> debug1: Connecting to head [192.168.100.254] port 22. >> debug1: Connection established. >> debug1: read PEM private key done: type DSA >> debug1: read PEM private key done: type RSA >> debug1: permanently_set_uid: 0/0 >> debug1: identity file /root/.ssh/identity type -1 >> debug1: identity file /root/.ssh/id_rsa type -1 >> debug1: identity file /root/.ssh/id_dsa type -1 >> debug1: loaded 3 keys >> debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 >> debug1: match: OpenSSH_4.3 pat OpenSSH* >> debug1: Enabling compatibility mode for protocol 2.0 >> debug1: Local version string SSH-2.0-OpenSSH_4.3 >> debug2: fd 3 setting O_NONBLOCK >> debug1: SSH2_MSG_KEXINIT sent >> debug1: SSH2_MSG_KEXINIT received >> debug2: kex_parse_kexinit: >> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 >> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >> debug2: kex_parse_kexinit: >> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr >> debug2: kex_parse_kexinit: >> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr >> debug2: kex_parse_kexinit: >> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 >> debug2: kex_parse_kexinit: >> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 >> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib >> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib >> debug2: kex_parse_kexinit: >> debug2: kex_parse_kexinit: >> debug2: kex_parse_kexinit: first_kex_follows 0 >> debug2: kex_parse_kexinit: reserved 0 >> debug2: kex_parse_kexinit: >> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 >> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >> debug2: kex_parse_kexinit: >> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr >> debug2: kex_parse_kexinit: >> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr >> debug2: kex_parse_kexinit: >> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 >> debug2: kex_parse_kexinit: >> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 >> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx >> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx >> debug2: kex_parse_kexinit: >> debug2: kex_parse_kexinit: >> debug2: kex_parse_kexinit: first_kex_follows 0 >> debug2: kex_parse_kexinit: reserved 0 >> debug2: mac_init: found hmac-md5 >> debug1: kex: server->client aes128-cbc hmac-md5 none >> debug2: mac_init: found hmac-md5 >> debug1: kex: client->server aes128-cbc hmac-md5 none >> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent >> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP >> debug2: dh_gen_key: priv key bits set: 123/256 >> debug2: bits set: 567/1024 >> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent >> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY >> debug1: Host 'head' is known and matches the RSA host key. >> debug1: Found key in /etc/ssh/ssh_known_hosts2:1 >> debug2: bits set: 501/1024 >> debug1: ssh_rsa_verify: signature correct >> debug2: kex_derive_keys >> debug2: set_newkeys: mode 1 >> debug1: SSH2_MSG_NEWKEYS sent >> debug1: expecting SSH2_MSG_NEWKEYS >> debug2: set_newkeys: mode 0 >> debug1: SSH2_MSG_NEWKEYS received >> debug1: SSH2_MSG_SERVICE_REQUEST sent >> debug2: service_accept: ssh-userauth >> debug1: SSH2_MSG_SERVICE_ACCEPT received >> debug2: key: /root/.ssh/identity ((nil)) >> debug2: key: /root/.ssh/id_rsa ((nil)) >> debug2: key: /root/.ssh/id_dsa ((nil)) >> debug1: Authentications that can continue: >> publickey,gssapi-with-mic,password,hostbased >> debug1: Next authentication method: gssapi-with-mic >> debug1: Unspecified GSS failure. Minor code may provide more information >> Unknown code krb5 195 >> >> debug1: Unspecified GSS failure. Minor code may provide more information >> Unknown code krb5 195 >> >> debug1: Unspecified GSS failure. Minor code may provide more information >> Unknown code krb5 195 >> >> debug2: we did not send a packet, disable method >> debug1: Next authentication method: hostbased >> debug2: userauth_hostbased: chost node05.cluster. >> debug2: we sent a hostbased packet, wait for reply >> debug1: Authentications that can continue: >> publickey,gssapi-with-mic,password,hostbased >> debug2: userauth_hostbased: chost node05.cluster. >> debug2: we sent a hostbased packet, wait for reply >> debug1: Authentications that can continue: >> publickey,gssapi-with-mic,password,hostbased >> debug1: No more client hostkeys for hostbased authentication. >> debug2: we did not send a packet, disable method >> debug1: Next authentication method: publickey >> debug1: Trying private key: /root/.ssh/identity >> debug1: Trying private key: /root/.ssh/id_rsa >> debug1: Trying private key: /root/.ssh/id_dsa >> debug2: we did not send a packet, disable method >> debug1: Next authentication method: password >> root@head's password: >> [/code] >> >> On the old machines, where passwordless ssh works, this is the message I >> get. >> >> [code] >> [root@node01 ~]# ssh -vv head >> OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006 >> debug1: Reading configuration data /etc/ssh/ssh_config >> debug1: Applying options for * >> debug2: ssh_connect: needpriv 0 >> debug1: Connecting to head [192.168.100.254] port 22. >> debug1: Connection established. >> debug1: read PEM private key done: type DSA >> debug1: read PEM private key done: type RSA >> debug1: permanently_set_uid: 0/0 >> debug1: identity file /root/.ssh/identity type -1 >> debug2: key_type_from_name: unknown key type '-----BEGIN' >> debug2: key_type_from_name: unknown key type '-----END' >> debug1: identity file /root/.ssh/id_rsa type 1 >> debug1: identity file /root/.ssh/id_dsa type -1 >> debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 >> debug1: match: OpenSSH_4.3 pat OpenSSH* >> debug1: Enabling compatibility mode for protocol 2.0 >> debug1: Local version string SSH-2.0-OpenSSH_4.3 >> debug2: fd 3 setting O_NONBLOCK >> debug1: SSH2_MSG_KEXINIT sent >> debug1: SSH2_MSG_KEXINIT received >> debug2: kex_parse_kexinit: >> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 >> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >> debug2: kex_parse_kexinit: >> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr >> debug2: kex_parse_kexinit: >> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr >> debug2: kex_parse_kexinit: >> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 >> debug2: kex_parse_kexinit: >> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 >> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib >> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib >> debug2: kex_parse_kexinit: >> debug2: kex_parse_kexinit: >> debug2: kex_parse_kexinit: first_kex_follows 0 >> debug2: kex_parse_kexinit: reserved 0 >> debug2: kex_parse_kexinit: >> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 >> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >> debug2: kex_parse_kexinit: >> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr >> debug2: kex_parse_kexinit: >> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr >> debug2: kex_parse_kexinit: >> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 >> debug2: kex_parse_kexinit: >> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 >> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx >> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx >> debug2: kex_parse_kexinit: >> debug2: kex_parse_kexinit: >> debug2: kex_parse_kexinit: first_kex_follows 0 >> debug2: kex_parse_kexinit: reserved 0 >> debug2: mac_init: found hmac-md5 >> debug1: kex: server->client aes128-cbc hmac-md5 none >> debug2: mac_init: found hmac-md5 >> debug1: kex: client->server aes128-cbc hmac-md5 none >> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent >> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP >> debug2: dh_gen_key: priv key bits set: 133/256 >> debug2: bits set: 517/1024 >> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent >> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY >> debug1: Host 'head' is known and matches the RSA host key. >> debug1: Found key in /etc/ssh/ssh_known_hosts2:1 >> debug2: bits set: 484/1024 >> debug1: ssh_rsa_verify: signature correct >> debug2: kex_derive_keys >> debug2: set_newkeys: mode 1 >> debug1: SSH2_MSG_NEWKEYS sent >> debug1: expecting SSH2_MSG_NEWKEYS >> debug2: set_newkeys: mode 0 >> debug1: SSH2_MSG_NEWKEYS received >> debug1: SSH2_MSG_SERVICE_REQUEST sent >> debug2: service_accept: ssh-userauth >> debug1: SSH2_MSG_SERVICE_ACCEPT received >> debug2: key: /root/.ssh/identity ((nil)) >> debug2: key: /root/.ssh/id_rsa (0x5555572106c0) >> debug2: key: /root/.ssh/id_dsa ((nil)) >> debug1: Authentications that can continue: >> publickey,gssapi-with-mic,password,hostbased >> debug1: Next authentication method: gssapi-with-mic >> debug1: Unspecified GSS failure. Minor code may provide more information >> Unknown code krb5 195 >> >> debug1: Unspecified GSS failure. Minor code may provide more information >> Unknown code krb5 195 >> >> debug1: Unspecified GSS failure. Minor code may provide more information >> Unknown code krb5 195 >> >> debug2: we did not send a packet, disable method >> debug1: Next authentication method: hostbased >> debug2: userauth_hostbased: chost node01.cluster. >> debug2: we sent a hostbased packet, wait for reply >> debug1: Remote: Accepted by .shosts. >> debug1: Remote: Accepted host node01.cluster ip 192.168.100.11 >> client_user >> root server_user root >> debug1: Authentications that can continue: >> publickey,gssapi-with-mic,password,hostbased >> debug2: userauth_hostbased: chost node01.cluster. >> debug2: we sent a hostbased packet, wait for reply >> debug1: Remote: Accepted by .shosts. >> debug1: Remote: Accepted host node01.cluster ip 192.168.100.11 >> client_user >> root server_user root >> debug1: Authentication succeeded (hostbased). >> debug1: channel 0: new [client-session] >> debug2: channel 0: send open >> debug1: Entering interactive session. >> debug2: callback start >> debug2: client_session2_setup: id 0 >> debug2: channel 0: request pty-req confirm 0 >> debug1: Sending environment. >> debug1: Sending env LANG = en_US.UTF-8 >> debug2: channel 0: request env confirm 0 >> debug2: channel 0: request shell confirm 0 >> debug2: fd 3 setting TCP_NODELAY >> debug2: callback done >> debug2: channel 0: open confirm rwindow 0 rmax 32768 >> debug2: channel 0: rcvd adjust 131072 >> Last login: Sat Jun 7 22:13:20 2008 from node05.cluster >> [root@head ~]# >> [/code] >> >> >> Could someone help with where is this problem occuring? >> >> Thanks, >> -Farhat >> -- >> View this message in context: >> http://www.nabble.com/passwordless-ssh-between-machines-tp17724021p17724021.html >> Sent from the SSH (Secure Shell) mailing list archive at Nabble.com. >> >> > > -- View this message in context: http://www.nabble.com/passwordless-ssh-between-machines-tp17724021p17769219.html Sent from the SSH (Secure Shell) mailing list archive at Nabble.com.
