What are the permissions for /var/lib/amanda? From what I remember sshd doesn't like directories that aren't 700. Try changing "StrictModes Yes" to "StrictModes No" in /etc/ssh/sshd_config on the server side of the connection and restarting sshd. The other trick you can try is starting up an ssh server in debug/non-forking mode. cp /etc/ssh/sshd_config ~/temp_sshd_config edit ~/temp_sshd_config, uncomment Port 22 and change it to Port 10000 /usr/sbin/sshd -f ~/temp_sshd_config -dd On the client, ssh -p 10000 someuser at somehost, and watch the debug output on the servers terminal to see what the error is. > -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of bluethundr > Sent: Friday, December 31, 2010 2:33 PM > To: CentOS mailing list > Subject: [CentOS] happy new years ssh key problem :) > > Hi List, > > Happy New Years and I was hoping to get some help on an ssh issue > that I am having. For some reason I am unable to scp to hosts on this > network using RSA keys. Here is what I am doing/what is going on; > > scp the public key to remote host > > [amandabackup at VIRTCENT18 ~]$ scp ~/.ssh/id_rsa_amdump.pub > amandabackup at lb1:~ > amandabackup at lb1's password: > id_rsa_amdump.pub > 100% 408 0.4KB/s 00:00 > > > > ssh (w/passwd) to remote host > > > [amandabackup at VIRTCENT18 ~]$ ssh lb1 > amandabackup at lb1's password: > Last login: Fri Dec 31 10:57:05 2010 from 192.168.1.40 > ######################################################### > # SUMMITNJHOME.COM # > # TITLE: LB1 BOX # > # HOST: VIRTCENT01 # > # LOCATION: SUMMIT BASEMENT # > ######################################################### > > > check to see if the key exists in authorized_keys > > [amandabackup at VIRTCENT01 ~]$ grep -f id_rsa_amdump.pub > ~/.ssh/authorized_keys > > > it didn't so cat it into authorized_keys > > [amandabackup at VIRTCENT01 ~]$ cat id_rsa_amdump.pub >> > ~/.ssh/authorized_keys > > check again, just to make sure that it's there > > [amandabackup at VIRTCENT01 ~]$ grep -f id_rsa_amdump.pub > ~/.ssh/authorized_keys > ssh-rsa BlAB3Nza/FAKE-KEY-DATA--KEY-DATAKfMq4DDa0xaKb/FAKE-KEY-DATA-- > KEY-DATAsoqCu/boKNa/FAKE-KEY-DATA--KEY- > DATAp1n9TcDtxm2XFHcOKUw2/14/bz1pWNDI/FAKE-KEY-DATA--KEY- > DATAr9951JdK7Ny6lk/FAKE-KEY-DATA--KEY-DATA1/FAKE-KEY-DATA--KEY- > DATAwh2dmgyxI9N69x3ypvWcGWShZw1BCJI06j5qIxvin99/FAKE-KEY-DATA--KEY-DATA > > It is. so good so far. Check permissions on authorized_keys file > > [amandabackup at VIRTCENT01 ~]$ ls -l ~/.ssh/authorized_keys > -rw------- 1 amandabackup disk 408 Dec 31 11:02 > /var/lib/amanda/.ssh/authorized_keys > > make sure we have the right home environment > > HOME=/var/lib/amanda > > Also good. Now, make sure ssh is looking at the right file > > [root at VIRTCENT01 ~]# grep -i authorizedkeysfile /etc/ssh/sshd_config > AuthorizedKeysFile ~/.ssh/authorized_keys > > It is. Now exit and try to ssh in > > [amandabackup at VIRTCENT01 ~]$ exit > Connection to lb1 closed. > > > [amandabackup at VIRTCENT18 ~]$ ssh -vvv amandabackup at lb1 > OpenSSH_5.6p1lpk, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 > debug1: Reading configuration data /etc/ssh/ssh_config > debug2: ssh_connect: needpriv 0 > debug1: Connecting to lb1 [192.168.1.23] port 22. > debug1: Connection established. > debug1: identity file /var/lib/amanda/.ssh/id_rsa type -1 > debug1: identity file /var/lib/amanda/.ssh/id_rsa-cert type -1 > debug1: identity file /var/lib/amanda/.ssh/id_dsa type -1 > debug1: identity file /var/lib/amanda/.ssh/id_dsa-cert type -1 > debug1: Remote protocol version 2.0, remote software version > OpenSSH_5.6 > debug1: match: OpenSSH_5.6 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.6 > debug2: fd 3 setting O_NONBLOCK > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange- > sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: > ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,ssh-rsa-cert- > v00 at openssh.com,ssh-dss-cert-v00 at openssh.com,ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des- > cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael- > cbc at lysator.liu.se > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des- > cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael- > cbc at lysator.liu.se > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac- > ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac- > ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib > debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange- > sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des- > cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael- > cbc at lysator.liu.se > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des- > cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael- > cbc at lysator.liu.se > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac- > ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac- > ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib at openssh.com > debug2: kex_parse_kexinit: none,zlib at openssh.com > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_setup: found hmac-md5 > debug1: kex: server->client aes128-ctr hmac-md5 none > debug2: mac_setup: found hmac-md5 > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug2: dh_gen_key: priv key bits set: 114/256 > debug2: bits set: 470/1024 > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug3: check_host_in_hostfile: host lb1 filename > /var/lib/amanda/.ssh/known_hosts > debug3: check_host_in_hostfile: host lb1 filename > /var/lib/amanda/.ssh/known_hosts > debug3: check_host_in_hostfile: match line 1 > debug3: check_host_in_hostfile: host 192.168.1.23 filename > /var/lib/amanda/.ssh/known_hosts > debug3: check_host_in_hostfile: host 192.168.1.23 filename > /var/lib/amanda/.ssh/known_hosts > debug3: check_host_in_hostfile: match line 1 > debug1: Host 'lb1' is known and matches the RSA host key. > debug1: Found key in /var/lib/amanda/.ssh/known_hosts:1 > debug2: bits set: 499/1024 > debug1: ssh_rsa_verify: signature correct > debug2: kex_derive_keys > debug2: set_newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug2: set_newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: Roaming not allowed by server > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug2: key: /var/lib/amanda/.ssh/id_rsa ((nil)) > debug2: key: /var/lib/amanda/.ssh/id_dsa ((nil)) > debug1: Authentications that can continue: > publickey,password,keyboard-interactive > debug3: start over, passed a different list > publickey,password,keyboard-interactive > debug3: preferred publickey,keyboard-interactive,password > debug3: authmethod_lookup publickey > debug3: remaining preferred: keyboard-interactive,password > debug3: authmethod_is_enabled publickey > debug1: Next authentication method: publickey > debug1: Trying private key: /var/lib/amanda/.ssh/id_rsa > debug3: no such identity: /var/lib/amanda/.ssh/id_rsa > debug1: Trying private key: /var/lib/amanda/.ssh/id_dsa > debug3: no such identity: /var/lib/amanda/.ssh/id_dsa > debug2: we did not send a packet, disable method > debug3: authmethod_lookup keyboard-interactive > debug3: remaining preferred: password > debug3: authmethod_is_enabled keyboard-interactive > debug1: Next authentication method: keyboard-interactive > debug2: userauth_kbdint > debug2: we sent a keyboard-interactive packet, wait for reply > debug1: Authentications that can continue: > publickey,password,keyboard-interactive > debug3: userauth_kbdint: disable: no info_req_seen > debug2: we did not send a packet, disable method > debug3: authmethod_lookup password > debug3: remaining preferred: > debug3: authmethod_is_enabled password > debug1: Next authentication method: password > amandabackup at lb1's password: > debug3: packet_send2: adding 48 (len 67 padlen 13 extra_pad 64) > debug2: we sent a password packet, wait for reply > debug1: Authentication succeeded (password). > Authenticated to lb1 ([192.168.1.23]:22). > debug1: channel 0: new [client-session] > debug3: ssh_session2_open: channel_new: 0 > debug2: channel 0: send open > debug1: Requesting no-more-sessions at openssh.com > debug1: Entering interactive session. > debug2: callback start > debug2: client_session2_setup: id 0 > debug2: channel 0: request pty-req confirm 1 > debug2: channel 0: request shell confirm 1 > debug2: fd 3 setting TCP_NODELAY > debug2: callback done > debug2: channel 0: open confirm rwindow 0 rmax 32768 > debug2: channel_input_status_confirm: type 99 id 0 > debug2: PTY allocation request accepted on channel 0 > debug2: channel 0: rcvd adjust 2097152 > debug2: channel_input_status_confirm: type 99 id 0 > debug2: shell request accepted on channel 0 > Last login: Fri Dec 31 11:02:30 2010 from 192.168.1.40 > ######################################################### > # SUMMITNJHOME.COM # > # TITLE: LB1 BOX # > # HOST: VIRTCENT01 # > # LOCATION: SUMMIT BASEMENT # > ######################################################### > -sh-3.2$ bash > [amandabackup at VIRTCENT01 ~]$ > > > thanks for your help and the CentOS community has done wonderful > things to help me with my setups over the past year. Here's to a happy > / healthy 2011!! > > > > -- > GPG me!! > > gpg --keyserver pgp.mit.edu --recv-keys F186197B > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos