ssh rsa/dsa keys not working with RHEL3/4

Austin Godber godber at uberhip.com
Fri May 19 16:04:35 MST 2006 

On Friday 19 May 2006 10:18, Dan Lund wrote:
> Hi all,
>
> I'm working with a few of our RHEL3 and 4 machines right now, getting
> an automated ssh tunnel going between a RHEL3 (and 4 in prod) to a RH8
> machine. (8 in prod too)
>
> The problem I'm having is that with RHEL3/4, ssh doesn't seem to work
> the same.  It's perplexing, and aggrevating.  I
>
> 've used "ssh-keygen -t rsa" on the RHEL3 box to create the id_rsa and
> id_rsa.pub files, transferred the id_rsa.pub file to the remote RH8
> box and put it into the ${HOME}/.ssh/authorized_keys file.  No dice.
> The verbose debugging says it negotiates as ssh2 between each other,
> reads the files, even finds the id_rsa file but then it says "we sent
> a publickey packet, waiting for reply" and then "we did not send a
> packet, disable method".
> my ssh_config is essentially empty (stock, bare, empty) and the
> sshd_config on the remote host is the same.
>
> I've done RH8 -> RH8, RH8 -> Gentoo, Gentoo -> Gentoo.. okay... let's
> just narrow it down and say I've done nearly every distribution to
> every distribution =)  except RHEL3/4.
>
> Anyone ever ran into this problem before?
>
> RHEL4 uses OpenSSH 3.9p1, RH8 uses OpenSSH 3.4p1.
>
> I've also tried localhost with two individual users just to see if the
> RHEL3 or 4 box would auth against itself passwordless and it doesn't.
> SOMETHING technology-wise has changed.....

Have you checked the logs on the server side?  Most of the time these sorts of 
problems stem from permissions of either the .ssh directory or key files or 
authorized_keys on either side.  More recent SSH installs have been requiring 
strict permissions.  There is a config option to turn it off though but they 
are a good idea.

Also, check for SELINUX settings.  I have never had a problem with it but I 
never turn it on on RHEL boxes.

Theres the standard stuff like /etc/hosts.allow/deny.  Or you could have 
strange things in your sshd_config file ... like no root logins (if you are 
using root) ... or it could be restricting logins to given users.  But you;ve 
kindof covered that.

Austin

More information about the PLUG-discuss mailing list