Debugging SSH Digest Login.

I recently when through some issue trying to find out why my SSH digest login did not work. I would like to share this experience. (Assuming that you have root access.)

Before we start off, there are generally 2 kind of ssh daemon, those based on openSSH and based on ssh.com. The difference is in the way these 2 differentiate the public key and the private key.
Hence it is important to know which is which to prevent a headache in troubleshooting it.
(You can use puttygen to find out the difference. Basically they are the same except for the formating.)

I normally use a mixture of putty and Ubuntu ssh (aka openssh ) to navigate around my work servers and my home servers. So I am pretty comfortable with both. To start off, check your sshd.config which is located in /etc/ssh/ in ubuntu. Turn the log level to debug or verbose. If you do not know, do a man on the sshd. It should tell you what sort of values you can put. Then restart your sshd daemon. Otherwise restart your server.

On your own server execute the ssh-keygen and generate your private and public key. Then cat the which is offen in the file of id_rsa.pub into the authorized_keys files within the .ssh directory.
Assuming everything is correct, you can ssh localhost and bypass the login prompt. If it cannot then execute ssh -v localhost to show more information. Still cannot, ssh -vvv localhost. Using the -v, -vv or -vvv options will throw out information with regards to the key exchange between the ssh client and ssh server. From there you will find it easier to debug your ssh digest login failure.

Common Problem:
Usually it is due to permission issue that caused the login to fail. The permission on the home folder also plays a part not just the .ssh directory. It needs to be at least a drwxr-xr-x for the ssh transaction to be successful.

Drop me comments if you want more details.

1 comment:

Unknown said...

Yes please provide me more details on some of the debauchery we talked abt at lunch at kfc...