1.  Home
  2. MIDRANGE-L
  3. February 2023

ssh public key authentication set up troubles

Trying to follow the steps as outlined in the IBM Redpaper Securing
Communications with OpenSSH circa 2006 to connect between two IBM i v7.4
servers using public key authentication

All required IBM software products are installed, sshd is running on target
server, and I can connect using using the ssh client from qsh- but I am am
required to enter a password.

Private key file id_rsa created in the .ssh directory under my home
directory on the client server, id_rsa.pub ftp'd to server in bin mode, and
added to authorized_keys in my .ssh under my home directory on the target
server as specified in the redpaper.

Not seeing any changes to the shipped sshd_config

verbose connection dialog below seems to attempt to use id_rsa private key
but fails, exhausts other alternate private keys, and moves on to the next
authentication method (password).

Any insight appreciated.

OpenSSH_8.0p1, OpenSSL 1.1.1k 25 Mar
2021

debug1: Reading configuration data
/QOpenSys/QIBM/ProdData/SC1/OpenSSH/etc/ssh_config

debug1: /QOpenSys/QIBM/ProdData/SC1/OpenSSH/etc/ssh_config line 19:
Applying options for *

debug1: Connecting to 10.209.28.79 [10.209.28.79] port
22.

debug1: Connection
established.

debug1: identity file /home/JACKCAL/.ssh/id_rsa type
-1

debug1: identity file /home/JACKCAL/.ssh/id_rsa-cert type -1

debug1: identity file /home/JACKCAL/.ssh/id_dsa type -1

debug1: identity file /home/JACKCAL/.ssh/id_dsa-cert type -1

debug1: identity file /home/JACKCAL/.ssh/id_ecdsa type -1

debug1: identity file /home/JACKCAL/.ssh/id_ecdsa-cert type -1

debug1: identity file /home/JACKCAL/.ssh/id_ed25519 type -1

debug1: identity file /home/JACKCAL/.ssh/id_ed25519-cert type -1

debug1: identity file /home/JACKCAL/.ssh/id_xmss type -1

debug1: identity file /home/JACKCAL/.ssh/id_xmss-cert type -1

debug1: Local version string SSH-2.0-OpenSSH_8.0

debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0

debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000

debug1: Authenticating to 10.209.28.79:22 as 'jackcal'

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: algorithm: curve25519-sha256

debug1: kex: host key algorithm:
ecdsa-sha2-nistp256

debug1: kex: server->client cipher: chacha20-poly1305@xxxxxxxxxxx MAC:
<implicit> compression: none

debug1: kex: client->server cipher: chacha20-poly1305@xxxxxxxxxxx MAC:
<implicit> compression: none

debug1: expecting
SSH2_MSG_KEX_ECDH_REPLY


debug1: Server host key: ecdsa-sha2-nistp256
SHA256:zStXUvkPHB1oOaU4eEnCgknN5c5a3uRpJBjkaeXfZ1A

debug1: Host '10.209.28.79' is known and matches the ECDSA host
key.

debug1: Found key in
/home/JACKCAL/.ssh/known_hosts:2


debug1: rekey out after 134217728
blocks

debug1: SSH2_MSG_NEWKEYS
sent

debug1: expecting SSH2_MSG_NEWKEYS


debug1: SSH2_MSG_NEWKEYS
received

debug1: rekey in after 134217728
blocks

debug1: Will attempt key:
/home/JACKCAL/.ssh/id_rsa

debug1: Will attempt key:
/home/JACKCAL/.ssh/id_dsa

debug1: Will attempt key:
/home/JACKCAL/.ssh/id_ecdsa

debug1: Will attempt key:
/home/JACKCAL/.ssh/id_ed25519

debug1: Will attempt key: /home/JACKCAL/.ssh/id_xmss

debug1: SSH2_MSG_EXT_INFO received

debug1: kex_input_ext_info:
server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>


debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue:
publickey,password,keyboard-interactive


debug1: Next authentication method:
publickey


debug1: Trying private key:
/home/JACKCAL/.ssh/id_rsa


debug1: Authentications that can continue:
publickey,password,keyboard-interactive


debug1: Trying private key:
/home/JACKCAL/.ssh/id_dsa


debug1: Trying private key: /home/JACKCAL/.ssh/id_ecdsa


debug1: Trying private key:
/home/JACKCAL/.ssh/id_ed25519


debug1: Trying private key:
/home/JACKCAL/.ssh/id_xmss


debug1: Next authentication method:
keyboard-interactive


debug1: Authentications that can continue:
publickey,password,keyboard-interactive


debug1: Next authentication method:
password


debug1: read_passphrase: can't open /dev/tty: No such device or
address

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.