ssh only with password

Thu Mar 25 15:21:11 EST 2004

Martin Imhaeuser wrote:
> * I have deleted all files in my home directory and started again fresh.
> * I have  taken the commands "mv" and "cat" and checked the permissions.

I had to start there...

> Further the remote machine and the local machine are the same. I login 
> as imhaeuse (user) on milaptop (machine), open a shell, type exec 
> ssh-agent $SHELL and ssh-add, give my passphrase and finally type ssh 
> imhaeuse at milaptop. This should be the moment where my password is not 
> needed any longer. BUT I must enter my password.
> 
> The funny thing is when I login as root on milaptop the procedure is 
> working meaning that I must not enter my password for root.

Do you have a .shosts or .rhosts file or hosts.equiv enabling this?
If you are root then ssh will start with a privileged port.  Of course
this depends upon other configuration too but could explain why root
is allowed without a password.  If this is the issue then 'ssh -P' as
root should avoid getting a privileged port and have the same behavior
as a non-root user.

> Following you see my context in the shell afer the command "ssh milaptop 
> -vvv":

I am going to need some help from the list to completely decode this.

> [imhaeuse at milaptop imhaeuse]$ ssh milaptop -vvv
> OpenSSH_3.4p1-CERN20020919, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Rhosts Authentication disabled, originating port will not be 
> trusted.
> debug1: ssh_connect: needpriv 0
> debug1: Connecting to milaptop [127.0.0.1] port 22.
> debug1: Connection established.
> debug1: identity file /home/imhaeuse/.ssh/identity type 0
> debug1: identity file /home/imhaeuse/.ssh/id_rsa type -1
> debug1: identity file /home/imhaeuse/.ssh/id_dsa type -1

Does this mean that you are using ssh protocol 1 keys?  Can you use
protocol 2 keys, as I suggested by 'ssh-keygen -t rsa'?  Is your
server configured to allow protocol 1 keys?

What does 'ssh-add -l' say?  Does it show an RSA key or an RSA1 key?

> debug1: Remote protocol version 1.99, remote software version
> OpenSSH_3.4p1-CERN20020919
> debug1: match: OpenSSH_3.4p1-CERN20020919 pat OpenSSH*
> debug1: Local version string SSH-1.5-OpenSSH_3.4p1-CERN20020919
> debug1: Waiting for server public key.
> debug1: Received server public key (768 bits) and host key (1024 bits).
> debug3: check_host_in_hostfile: filename /home/imhaeuse/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 1
> debug1: Host 'milaptop' is known and matches the RSA1 host key.
> debug1: Found key in /home/imhaeuse/.ssh/known_hosts:1
> debug1: Encryption type: 3des
> debug1: Sent encrypted session key.
> debug1: cipher_init: set keylen (16 -> 32)
> debug1: cipher_init: set keylen (16 -> 32)
> debug1: Installing crc compensation attack detector.
> debug1: Received encrypted confirmation.
> debug1: Trying Kerberos v5 authentication.
> debug3: Trying to reverse map address 127.0.0.1.
> debug1: Kerberos v5: krb5_mk_req failed: No credentials cache found
> debug1: Trying Kerberos v4 authentication.
> debug1: Kerberos v4: no ticket file /tmp/tkt500
> debug1: Trying RSA authentication via agent with 'imhaeuse at milaptop'
> debug1: Server refused our key.
> debug1: RSA authentication using agent refused.

I think no protocol 2 key was found here.

> debug1: Trying RSA authentication with key '/home/imhaeuse/.ssh/identity'
> debug1: Server refused our key.

Looks like protocol 1 key was rejected.

> debug1: Doing password authentication.
> imhaeuse at milaptop's password:
> 
> Has somebody an idea what is wrong with my system?

I may have the above analysis wrong.  But it is my best guess.
Hopefully someone on the list will correct me.

Bob