-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Long delay is probably due to DNS lookup. You can speed that up by adding those servers to your /etc/hosts file (unix box? also one on windoze in a different location) and setting /etc/hosts.conf to look at /etc/hosts first, then DNS by creating that file with only the following line: order hosts,bind Note: the /etc/hosts.conf bit only works on unix systems Unca Xitron farhat wrote: > Thanks both for pointing me in the right direction. I had copied the keys but > I hadn't put machine names into the shosts file. It works fine now for the > most part (there is a long delay in logging into one of the machines) > > -Farhat > > > Christian Grunfeld wrote: >> Hi, >> >> Did you create the shared keys and copy them between machines ? >> this seems to be the problem ! >> >> you have to make: >> # ssh-keygen -t rsa >> in every machine that is a client for ssh and copy the id_rsa.pub into >> .ss/authorized_keys in every account you want to login in the server >> >> Cheers >> Christian >> >> 2008/6/8 farhat <farhat.habib@xxxxxxxxx>: >>> I have a cluster of machines and I added a few new ones to the cluster. I >>> want to have passwordless ssh between all of them for all users. >>> Passwordless ssh works on the older machines. I added a few new machines >>> with identical ssh_config and sshd_config but am unable to get the >>> passwordless ssh working. : This is the message I get with ssh -vv >>> [code] >>> [root@node05 ~]# ssh -vv head >>> OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006 >>> debug1: Reading configuration data /etc/ssh/ssh_config >>> debug1: Applying options for * >>> debug2: ssh_connect: needpriv 0 >>> debug1: Connecting to head [192.168.100.254] port 22. >>> debug1: Connection established. >>> debug1: read PEM private key done: type DSA >>> debug1: read PEM private key done: type RSA >>> debug1: permanently_set_uid: 0/0 >>> debug1: identity file /root/.ssh/identity type -1 >>> debug1: identity file /root/.ssh/id_rsa type -1 >>> debug1: identity file /root/.ssh/id_dsa type -1 >>> debug1: loaded 3 keys >>> debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 >>> debug1: match: OpenSSH_4.3 pat OpenSSH* >>> debug1: Enabling compatibility mode for protocol 2.0 >>> debug1: Local version string SSH-2.0-OpenSSH_4.3 >>> debug2: fd 3 setting O_NONBLOCK >>> debug1: SSH2_MSG_KEXINIT sent >>> debug1: SSH2_MSG_KEXINIT received >>> debug2: kex_parse_kexinit: >>> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 >>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >>> debug2: kex_parse_kexinit: >>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr >>> debug2: kex_parse_kexinit: >>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr >>> debug2: kex_parse_kexinit: >>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 >>> debug2: kex_parse_kexinit: >>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 >>> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib >>> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib >>> debug2: kex_parse_kexinit: >>> debug2: kex_parse_kexinit: >>> debug2: kex_parse_kexinit: first_kex_follows 0 >>> debug2: kex_parse_kexinit: reserved 0 >>> debug2: kex_parse_kexinit: >>> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 >>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >>> debug2: kex_parse_kexinit: >>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr >>> debug2: kex_parse_kexinit: >>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr >>> debug2: kex_parse_kexinit: >>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 >>> debug2: kex_parse_kexinit: >>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 >>> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx >>> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx >>> debug2: kex_parse_kexinit: >>> debug2: kex_parse_kexinit: >>> debug2: kex_parse_kexinit: first_kex_follows 0 >>> debug2: kex_parse_kexinit: reserved 0 >>> debug2: mac_init: found hmac-md5 >>> debug1: kex: server->client aes128-cbc hmac-md5 none >>> debug2: mac_init: found hmac-md5 >>> debug1: kex: client->server aes128-cbc hmac-md5 none >>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent >>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP >>> debug2: dh_gen_key: priv key bits set: 123/256 >>> debug2: bits set: 567/1024 >>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent >>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY >>> debug1: Host 'head' is known and matches the RSA host key. >>> debug1: Found key in /etc/ssh/ssh_known_hosts2:1 >>> debug2: bits set: 501/1024 >>> debug1: ssh_rsa_verify: signature correct >>> debug2: kex_derive_keys >>> debug2: set_newkeys: mode 1 >>> debug1: SSH2_MSG_NEWKEYS sent >>> debug1: expecting SSH2_MSG_NEWKEYS >>> debug2: set_newkeys: mode 0 >>> debug1: SSH2_MSG_NEWKEYS received >>> debug1: SSH2_MSG_SERVICE_REQUEST sent >>> debug2: service_accept: ssh-userauth >>> debug1: SSH2_MSG_SERVICE_ACCEPT received >>> debug2: key: /root/.ssh/identity ((nil)) >>> debug2: key: /root/.ssh/id_rsa ((nil)) >>> debug2: key: /root/.ssh/id_dsa ((nil)) >>> debug1: Authentications that can continue: >>> publickey,gssapi-with-mic,password,hostbased >>> debug1: Next authentication method: gssapi-with-mic >>> debug1: Unspecified GSS failure. Minor code may provide more information >>> Unknown code krb5 195 >>> >>> debug1: Unspecified GSS failure. Minor code may provide more information >>> Unknown code krb5 195 >>> >>> debug1: Unspecified GSS failure. Minor code may provide more information >>> Unknown code krb5 195 >>> >>> debug2: we did not send a packet, disable method >>> debug1: Next authentication method: hostbased >>> debug2: userauth_hostbased: chost node05.cluster. >>> debug2: we sent a hostbased packet, wait for reply >>> debug1: Authentications that can continue: >>> publickey,gssapi-with-mic,password,hostbased >>> debug2: userauth_hostbased: chost node05.cluster. >>> debug2: we sent a hostbased packet, wait for reply >>> debug1: Authentications that can continue: >>> publickey,gssapi-with-mic,password,hostbased >>> debug1: No more client hostkeys for hostbased authentication. >>> debug2: we did not send a packet, disable method >>> debug1: Next authentication method: publickey >>> debug1: Trying private key: /root/.ssh/identity >>> debug1: Trying private key: /root/.ssh/id_rsa >>> debug1: Trying private key: /root/.ssh/id_dsa >>> debug2: we did not send a packet, disable method >>> debug1: Next authentication method: password >>> root@head's password: >>> [/code] >>> >>> On the old machines, where passwordless ssh works, this is the message I >>> get. >>> >>> [code] >>> [root@node01 ~]# ssh -vv head >>> OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006 >>> debug1: Reading configuration data /etc/ssh/ssh_config >>> debug1: Applying options for * >>> debug2: ssh_connect: needpriv 0 >>> debug1: Connecting to head [192.168.100.254] port 22. >>> debug1: Connection established. >>> debug1: read PEM private key done: type DSA >>> debug1: read PEM private key done: type RSA >>> debug1: permanently_set_uid: 0/0 >>> debug1: identity file /root/.ssh/identity type -1 >>> debug2: key_type_from_name: unknown key type '-----BEGIN' >>> debug2: key_type_from_name: unknown key type '-----END' >>> debug1: identity file /root/.ssh/id_rsa type 1 >>> debug1: identity file /root/.ssh/id_dsa type -1 >>> debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 >>> debug1: match: OpenSSH_4.3 pat OpenSSH* >>> debug1: Enabling compatibility mode for protocol 2.0 >>> debug1: Local version string SSH-2.0-OpenSSH_4.3 >>> debug2: fd 3 setting O_NONBLOCK >>> debug1: SSH2_MSG_KEXINIT sent >>> debug1: SSH2_MSG_KEXINIT received >>> debug2: kex_parse_kexinit: >>> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 >>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >>> debug2: kex_parse_kexinit: >>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr >>> debug2: kex_parse_kexinit: >>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr >>> debug2: kex_parse_kexinit: >>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 >>> debug2: kex_parse_kexinit: >>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 >>> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib >>> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib >>> debug2: kex_parse_kexinit: >>> debug2: kex_parse_kexinit: >>> debug2: kex_parse_kexinit: first_kex_follows 0 >>> debug2: kex_parse_kexinit: reserved 0 >>> debug2: kex_parse_kexinit: >>> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 >>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >>> debug2: kex_parse_kexinit: >>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr >>> debug2: kex_parse_kexinit: >>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr >>> debug2: kex_parse_kexinit: >>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 >>> debug2: kex_parse_kexinit: >>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 >>> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx >>> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx >>> debug2: kex_parse_kexinit: >>> debug2: kex_parse_kexinit: >>> debug2: kex_parse_kexinit: first_kex_follows 0 >>> debug2: kex_parse_kexinit: reserved 0 >>> debug2: mac_init: found hmac-md5 >>> debug1: kex: server->client aes128-cbc hmac-md5 none >>> debug2: mac_init: found hmac-md5 >>> debug1: kex: client->server aes128-cbc hmac-md5 none >>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent >>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP >>> debug2: dh_gen_key: priv key bits set: 133/256 >>> debug2: bits set: 517/1024 >>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent >>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY >>> debug1: Host 'head' is known and matches the RSA host key. >>> debug1: Found key in /etc/ssh/ssh_known_hosts2:1 >>> debug2: bits set: 484/1024 >>> debug1: ssh_rsa_verify: signature correct >>> debug2: kex_derive_keys >>> debug2: set_newkeys: mode 1 >>> debug1: SSH2_MSG_NEWKEYS sent >>> debug1: expecting SSH2_MSG_NEWKEYS >>> debug2: set_newkeys: mode 0 >>> debug1: SSH2_MSG_NEWKEYS received >>> debug1: SSH2_MSG_SERVICE_REQUEST sent >>> debug2: service_accept: ssh-userauth >>> debug1: SSH2_MSG_SERVICE_ACCEPT received >>> debug2: key: /root/.ssh/identity ((nil)) >>> debug2: key: /root/.ssh/id_rsa (0x5555572106c0) >>> debug2: key: /root/.ssh/id_dsa ((nil)) >>> debug1: Authentications that can continue: >>> publickey,gssapi-with-mic,password,hostbased >>> debug1: Next authentication method: gssapi-with-mic >>> debug1: Unspecified GSS failure. Minor code may provide more information >>> Unknown code krb5 195 >>> >>> debug1: Unspecified GSS failure. Minor code may provide more information >>> Unknown code krb5 195 >>> >>> debug1: Unspecified GSS failure. Minor code may provide more information >>> Unknown code krb5 195 >>> >>> debug2: we did not send a packet, disable method >>> debug1: Next authentication method: hostbased >>> debug2: userauth_hostbased: chost node01.cluster. >>> debug2: we sent a hostbased packet, wait for reply >>> debug1: Remote: Accepted by .shosts. >>> debug1: Remote: Accepted host node01.cluster ip 192.168.100.11 >>> client_user >>> root server_user root >>> debug1: Authentications that can continue: >>> publickey,gssapi-with-mic,password,hostbased >>> debug2: userauth_hostbased: chost node01.cluster. >>> debug2: we sent a hostbased packet, wait for reply >>> debug1: Remote: Accepted by .shosts. >>> debug1: Remote: Accepted host node01.cluster ip 192.168.100.11 >>> client_user >>> root server_user root >>> debug1: Authentication succeeded (hostbased). >>> debug1: channel 0: new [client-session] >>> debug2: channel 0: send open >>> debug1: Entering interactive session. >>> debug2: callback start >>> debug2: client_session2_setup: id 0 >>> debug2: channel 0: request pty-req confirm 0 >>> debug1: Sending environment. >>> debug1: Sending env LANG = en_US.UTF-8 >>> debug2: channel 0: request env confirm 0 >>> debug2: channel 0: request shell confirm 0 >>> debug2: fd 3 setting TCP_NODELAY >>> debug2: callback done >>> debug2: channel 0: open confirm rwindow 0 rmax 32768 >>> debug2: channel 0: rcvd adjust 131072 >>> Last login: Sat Jun 7 22:13:20 2008 from node05.cluster >>> [root@head ~]# >>> [/code] >>> >>> >>> Could someone help with where is this problem occuring? >>> >>> Thanks, >>> -Farhat >>> -- >>> View this message in context: >>> http://www.nabble.com/passwordless-ssh-between-machines-tp17724021p17724021.html >>> Sent from the SSH (Secure Shell) mailing list archive at Nabble.com. >>> >>> >> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSFADw44JEV90z/PrAQISRQ/+NmO2EBDdlDrYNyWozf+Ks1IYCRgSDCOY LuwZ8Tkyn7yRR16GxO5sQGUfRaf98qoITJ2ttcAcn7hO8wO0Bp8eED/tMw3MBXR8 BxDwfmC1i5qQRKgcXTg9E6IsOqIc3wkTius0q9KAsb+9+PhZGUyNTfBeQiGm1JDs A/WE748dvMgnxVBsWEzcbx0k9O5W2y32qOhzyPaY0dB79QwqdVdEBLnE6sOD8lu/ zME+ybZ7JBNotI81RpN+saXb0wX8B9Rs5atRnTqiFmWCER86lVrBKaWEdCyUaKDz /h2AdAftwMJiuzrp+PUpR9NlEVRuf+k9EsumhmUOn2I3tbz5vu5LKOxCf8maH00B LOm1NVKZbvX2PKdr7XNIMjMZssXegs8hS6EU1S1g5gaMPzLXmDnNuGroja9g66+a iQ6nH0SmuQ5bpXEu7sVE++LyK5USab2bkyMjIBXp4Mk/uVLd5jKpBsquQSrQY3lB ZMxpFLPaLztBCMSAhV1CcQMymprCQIHb6Md5YhNJxUzsQVaJZ7LwNZiItdDcoKzU PyigXPXVkWbqrK/uW5azSvj7Xgj1f0ti3HXa2yPaOKLW8CVhp9JcnFwl+iaBg8vO GlOEULyUR3OSAQvKemkAqeMYH9FfAU+F0UNNFqzxAiOP//oBBWaSUFceFPC6NXI3 ATrMoYodMng= =TN7Q -----END PGP SIGNATURE-----
