Hi all,

Using OpenSSH 4.0p1 for Solaris 8

I used RSH to run remote command by using .rshosts file and the system not
ask me the password.

How can i configure sshd to run remote command without ask me password ?

I tried .rhosts, .shosts, ans change options like :

HostbasedAuthentication yes
IgnoreUserKnownHosts no
IgnoreRhosts no

But sshd is always ask me password

Thank You very much for your help

Codly
NS

ns <ns@none.ns> wrote:
> Hi all,
> 
> Using OpenSSH 4.0p1 for Solaris 8
> 
> I used RSH to run remote command by using .rshosts file and the system not
> ask me the password.
> 
> How can i configure sshd to run remote command without ask me password ?
> 
> I tried .rhosts, .shosts, ans change options like :
> 
> HostbasedAuthentication yes
> IgnoreUserKnownHosts no
> IgnoreRhosts no
> 
> But sshd is always ask me password
> 
> Thank You very much for your help

There are a lot of subtle reasons this might be failing. Your best
bet is to run sshd in debug mode (sshd -d), and try to connect with
the verbose flag (ssh -v hostname).

ns wrote:
> Hi all,
>
> Using OpenSSH 4.0p1 for Solaris 8
>
> I used RSH to run remote command by using .rshosts file and the system
> not
> ask me the password.
>
> How can i configure sshd to run remote command without ask me password
> ?
> I tried .rhosts, .shosts, ans change options like :
>
> HostbasedAuthentication yes
> IgnoreUserKnownHosts no
> IgnoreRhosts no
>
> But sshd is always ask me password
>
> Thank You very much for your help
>
Hello ns,

I think the best way to achieve this is to use .ssl/authorized_keys
Have a look at the manpage for ssh-keygen.
With that you create a pair of keys. The public key is tranferred to the
remote host and appended to .ssl/authorized_keys.
Then ssh works without asking for a password.

Hope that helps,
Lothar

-- 
Lothar Armbr�ster       | la@oktagramm.de
Hauptstr. 26            | la@heptagramm.de
D-65346 Eltville        | lothar.armbruester@t-online.de

ns wrote:
> Hi all,
> 
> Using OpenSSH 4.0p1 for Solaris 8
> 
> I used RSH to run remote command by using .rshosts file and the system not
> ask me the password.
> 
> How can i configure sshd to run remote command without ask me password ?
> 
> I tried .rhosts, .shosts, ans change options like :
> 
> HostbasedAuthentication yes
> IgnoreUserKnownHosts no
> IgnoreRhosts no
> 
> But sshd is always ask me password
> 
> Thank You very much for your help
> 
> Codly
> NS
> 
> 
Think we may have been here before, but let's try again...
For the purpose of testing, on the server run:

	# /usr/local/sbin/sshd -d -p 3333
   (substituting the absolute path for your installation)

and then, on the client:

	% ssh -p 3333 -v serverhost:/bin/date

Study the output for clues about what authentication is
attempted, and if you need further help, post the output
from both client and server.

For hostbased authentication to work, you'll need to have
each hosts public keys in the other's known_hosts file,
you'll need to have each in the other's shosts.equiv
file, and ssh-keysign must be suid root.

Thanks a lot for yours answers? Here is my log, client and server side. Can
you help me please.

RESUME SERVER SIDE
====================
debug1: userauth-request for user itadmin service ssh-connection method none
debug1: userauth-request for user itadmin service ssh-connection method
keyboard-interactive
debug1: userauth-request for user itadmin service ssh-connection method
password
debug1: monitor_child_preauth: itadmin has been authenticated by privileged
process

RESUME CLIENT SIDE
====================
debug1: Authentications that can continue:
publickey,password,keyboard-interactive,hostbased
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user1/.ssh/identity
debug1: Trying private key: /home/user1/.ssh/id_rsa
debug1: Trying private key: /home/user1/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue:
publickey,password,keyboard-interactive,hostbased
debug1: Next authentication method: password
itadmin@MyServer's password:
debug1: Authentication succeeded (password).

==============
COMPLETE LOG
==============

===============================================
SERVER SIDE
===============================================
[root@MyServer:>/usr/local/sbin/sshd -d -f /usr/local/etc/sshd_config
debug1: sshd version OpenSSH_4.0p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: rexec_argv[0]='/usr/local/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-f'
debug1: rexec_argv[3]='/usr/local/etc/sshd_config'
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.

debug1: fd 6 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 11
debug1: inetd sockets after dupping: 4, 4
Connection from 192.168.2.208 port 1449
debug1: Client protocol version 2.0; client software version OpenSSH_3.8.1p1
debug1: match: OpenSSH_3.8.1p1 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_4.0
debug1: permanently_set_uid: 1004/103
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user itadmin service ssh-connection method none
debug1: attempt 0 failures 0
debug1: userauth_send_banner: sent
Failed none for itadmin from 192.168.2.208 port 1449 ssh2
Failed none for itadmin from 192.168.2.208 port 1449 ssh2
debug1: userauth-request for user itadmin service ssh-connection method
keyboard-interactive
debug1: attempt 1 failures 1
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=itadmin devs=
debug1: kbdint_alloc: devices ''
Failed keyboard-interactive for itadmin from 192.168.2.208 port 1449 ssh2
debug1: userauth-request for user itadmin service ssh-connection method
password
debug1: attempt 2 failures 2
Accepted password for itadmin from 192.168.2.208 port 1449 ssh2
Accepted password for itadmin from 192.168.2.208 port 1449 ssh2
debug1: monitor_child_preauth: itadmin has been authenticated by privileged
process
debug1: permanently_set_uid: 1002/0
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 131072 max
32768
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request exec reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req exec
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 4023
debug1: session_exit_message: session 0 channel 0 pid 4023
debug1: session_exit_message: release channel 0
debug1: session_close: session 0 pid 4023
debug1: channel 0: free: server-session, nchannels 1
Connection closed by 192.168.2.208
debug1: do_cleanup
Closing connection to 192.168.2.208
[root@MyServer:>


===============================================
CLIENT SIDE
===============================================
C:\>ssh -v itadmin@MyServer /u1/itadmin/lsdate
OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to MyServer [192.168.2.171] port 22.
debug1: Connection established.
debug1: identity file /home/user1/.ssh/identity type -1
debug1: identity file /home/user1/.ssh/id_rsa type -1
debug1: identity file /home/user1/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.0
debug1: match: OpenSSH_4.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'MyServer' is known and matches the RSA host key.
debug1: Found key in /home/user1/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue:
publickey,password,keyboard-interactive,hostbased
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user1/.ssh/identity
debug1: Trying private key: /home/user1/.ssh/id_rsa
debug1: Trying private key: /home/user1/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue:
publickey,password,keyboard-interactive,hostbased
debug1: Next authentication method: password
itadmin@MyServer's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending command: /u1/itadmin/lsdate
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Environment:
  USER=itadmin
  LOGNAME=itadmin
  HOME=/u1/itadmin
  PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
  MAIL=/var/mail//itadmin
  SHELL=/bin/csh
  TZ=MET
  SSH_CLIENT=192.168.2.208 1360 22
  SSH_CONNECTION=192.168.2.208 1360 192.168.2.171 22
debug1: channel 0: free: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.3 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0

C:\>

ns wrote:
> Thanks a lot for yours answers? Here is my log, client and server side. Can
> you help me please.
> 

> ===============================================
> SERVER SIDE
> ===============================================
> [root@MyServer:>/usr/local/sbin/sshd -d -f /usr/local/etc/sshd_config
> debug1: sshd version OpenSSH_4.0p1
> debug1: private host key: #0 type 0 RSA1
> debug1: read PEM private key done: type RSA
> debug1: private host key: #1 type 1 RSA
> debug1: read PEM private key done: type DSA
> debug1: private host key: #2 type 2 DSA
> debug1: rexec_argv[0]='/usr/local/sbin/sshd'
> debug1: rexec_argv[1]='-d'
> debug1: rexec_argv[2]='-f'
> debug1: rexec_argv[3]='/usr/local/etc/sshd_config'
> debug1: Bind to port 22 on ::.
> Server listening on :: port 22.
> debug1: Bind to port 22 on 0.0.0.0.
> Server listening on 0.0.0.0 port 22.
> Generating 768 bit RSA key.
> RSA key generation complete.
> 
> debug1: fd 6 clearing O_NONBLOCK
> debug1: Server will not fork when running in debugging mode.
> debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 11
> debug1: inetd sockets after dupping: 4, 4
> Connection from 192.168.2.208 port 1449
> debug1: Client protocol version 2.0; client software version OpenSSH_3.8.1p1
> debug1: match: OpenSSH_3.8.1p1 pat OpenSSH_3.*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-1.99-OpenSSH_4.0
> debug1: permanently_set_uid: 1004/103
> debug1: list_hostkey_types: ssh-rsa,ssh-dss
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
> debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
> debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: KEX done
> debug1: userauth-request for user itadmin service ssh-connection method none
> debug1: attempt 0 failures 0
> debug1: userauth_send_banner: sent
> Failed none for itadmin from 192.168.2.208 port 1449 ssh2
> Failed none for itadmin from 192.168.2.208 port 1449 ssh2
> debug1: userauth-request for user itadmin service ssh-connection method
	Does user "itadmin" have a ~/.ssh directory and ssh keys?
	It doesn't appear so.
> keyboard-interactive
> debug1: attempt 1 failures 1
> debug1: keyboard-interactive devs
> debug1: auth2_challenge: user=itadmin devs=
> debug1: kbdint_alloc: devices ''
> Failed keyboard-interactive for itadmin from 192.168.2.208 port 1449 ssh2
> debug1: userauth-request for user itadmin service ssh-connection method
> password
> debug1: attempt 2 failures 2
> Accepted password for itadmin from 192.168.2.208 port 1449 ssh2
> .....

> ===============================================
> CLIENT SIDE
> ===============================================
> C:\>ssh -v itadmin@MyServer /u1/itadmin/lsdate
> OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
> debug1: Reading configuration data /etc/ssh_config
> debug1: Connecting to MyServer [192.168.2.171] port 22.
> debug1: Connection established.
> debug1: identity file /home/user1/.ssh/identity type -1
> debug1: identity file /home/user1/.ssh/id_rsa type -1
> debug1: identity file /home/user1/.ssh/id_dsa type -1
> debug1: Remote protocol version 1.99, remote software version OpenSSH_4.0
> debug1: match: OpenSSH_4.0 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'MyServer' is known and matches the RSA host key.
> debug1: Found key in /home/user1/.ssh/known_hosts:3
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> 
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive,hostbased
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/user1/.ssh/identity
> debug1: Trying private key: /home/user1/.ssh/id_rsa
> debug1: Trying private key: /home/user1/.ssh/id_dsa
> debug1: Next authentication method: keyboard-interactive
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive,hostbased
> debug1: Next authentication method: password
> itadmin@MyServer's password:
> debug1: Authentication succeeded (password).
> debug1: channel 0: new [client-session]
> debug1: Entering interactive session.
> debug1: Sending command: /u1/itadmin/lsdate
> debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
> Environment:
>   USER=itadmin
>   LOGNAME=itadmin
>   HOME=/u1/itadmin
>   PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
>   MAIL=/var/mail//itadmin
>   SHELL=/bin/csh
>   TZ=MET
>   SSH_CLIENT=192.168.2.208 1360 22
>   SSH_CONNECTION=192.168.2.208 1360 192.168.2.171 22
> debug1: channel 0: free: client-session, nchannels 1
> debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.3 seconds
> debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
> debug1: Exit status 0
> 
> C:\>
> 

Let's crawl before we try to walk, and try to do create
an ssh session for you (as same user on each system) that
doesn't require a passwd.  It appears that you have
generated keys for "user1" on 192.168.2.208, and attempting
to use your keys to authenticate as a different user on,
the remote system (MyServer).  This won't work.  Assuming
that "user1" has an account on MyServer, make sure that
~/user1/.ssh exists and has a file named "authorized_keys"
that is a copy of the user1 id_rsa.pub key.  If you really
want to persist with authenticating as "itadmin" with your
own key then copy the "authorized_keys" file to ~itadmin/.ssh/.

See if this works.  If not, post the logs as before.  Also,
please state your goal.  Is it to allow authenticating as
an arbitrary user (whose private key you have) on a remote
host?  Is it to use ssh without users having to create keys?
Its difficult to grasp just what problem you are trying to
solve.

- Bob

Thanks Robert for your answer

> Does user "itadmin" have a ~/.ssh directory and ssh keys?
> It doesn't appear so.

YES. itadmin account have a ~/.ssh directory and ssh keys

> Let's crawl before we try to walk, and try to do create
> an ssh session for you (as same user on each system) that
> doesn't require a passwd.  It appears that you have
> generated keys for "user1" on 192.168.2.208, and attempting
> to use your keys to authenticate as a different user on,
> the remote system (MyServer).  This won't work.  Assuming
> that "user1" has an account on MyServer, make sure that
> ~/user1/.ssh exists and has a file named "authorized_keys"
> that is a copy of the user1 id_rsa.pub key.  If you really
> want to persist with authenticating as "itadmin" with your
> own key then copy the "authorized_keys" file to ~itadmin/.ssh/.
>
> See if this works.  If not, post the logs as before.  Also,
> please state your goal.  Is it to allow authenticating as
> an arbitrary user (whose private key you have) on a remote
> host?  Is it to use ssh without users having to create keys?
> Its difficult to grasp just what problem you are trying to
> solve.
>
> - Bob

Here is debug result of test by using the same user on each system (client
and server). The username is "itadmin".
It's not work. The system always ask me the password of username itadmin.

#####################################
CLIENT SIDE : MyClient (192.168.2.44)
#####################################
MyClient% ssh -v itadmin@MyServer /u1/itadmin/showdate
OpenSSH_4.0p1, OpenSSL 0.9.7f 22 Mar 2005
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Connecting to MyServer [192.168.2.171] port 22.
debug1: Connection established.
debug1: identity file /export/spare/itadmin/.ssh/identity type -1
debug1: identity file /export/spare/itadmin/.ssh/id_rsa type -1
debug1: identity file /export/spare/itadmin/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.0
debug1: match: OpenSSH_4.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'MyServer' is known and matches the RSA host key.
debug1: Found key in /export/spare/itadmin/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive,hostbased
debug1: Next authentication method: publickey
debug1: Trying private key: /export/spare/itadmin/.ssh/identity
debug1: Trying private key: /export/spare/itadmin/.ssh/id_rsa
debug1: Trying private key: /export/spare/itadmin/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue:
publickey,password,keyboard-interactive,hostbased
debug1: Next authentication method: password
itadmin@MyServer's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending command: /u1/itadmin/showdate
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Environment:
  USER=itadmin
  LOGNAME=itadmin
  HOME=/u1/itadmin
  PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
  MAIL=/var/mail//itadmin
  SHELL=/bin/csh
  TZ=MET
  SSH_CLIENT=192.168.2.44 32793 22
  SSH_CONNECTION=192.168.2.44 32793 192.168.2.171 22
debug1: channel 0: free: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.2 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0
MyClient%

#####################################
SERVER SIDE : MyServer (192.168.2.171)
#####################################

[root@MyServer:>/usr/local/sbin/sshd -d -f /usr/local/etc/sshd_config
debug1: sshd version OpenSSH_4.0p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: rexec_argv[0]='/usr/local/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-f'
debug1: rexec_argv[3]='/usr/local/etc/sshd_config'
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: fd 6 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 11
debug1: inetd sockets after dupping: 4, 4
Connection from 192.168.2.44 port 32793
debug1: Client protocol version 2.0; client software version OpenSSH_4.0
debug1: match: OpenSSH_4.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_4.0
debug1: permanently_set_uid: 1004/103
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user itadmin service ssh-connection method none
debug1: attempt 0 failures 0
debug1: userauth_send_banner: sent
Failed none for itadmin from 192.168.2.44 port 32793 ssh2
Failed none for itadmin from 192.168.2.44 port 32793 ssh2
debug1: userauth-request for user itadmin service ssh-connection method
keyboard-interactive
debug1: attempt 1 failures 1
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=itadmin devs=
debug1: kbdint_alloc: devices ''
Failed keyboard-interactive for itadmin from 192.168.2.44 port 32793 ssh2
debug1: userauth-request for user itadmin service ssh-connection method
password
debug1: attempt 2 failures 2
Accepted password for itadmin from 192.168.2.44 port 32793 ssh2
Accepted password for itadmin from 192.168.2.44 port 32793 ssh2
debug1: monitor_child_preauth: itadmin has been authenticated by privileged
process
debug1: permanently_set_uid: 1002/0
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 131072 max
32768
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request exec reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req exec
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 17317
debug1: session_exit_message: session 0 channel 0 pid 17317
debug1: session_exit_message: release channel 0
debug1: session_close: session 0 pid 17317
debug1: channel 0: free: server-session, nchannels 1
Connection closed by 192.168.2.44
debug1: do_cleanup
Closing connection to 192.168.2.44
[root@MyServer:>

ns wrote:
> Thanks Robert for your answer
> 
> 
>>Does user "itadmin" have a ~/.ssh directory and ssh keys?
>>It doesn't appear so.
> 
> 
> YES. itadmin account have a ~/.ssh directory and ssh keys
> 
> [snip]

It looks like your "itadmin" is gid=0, and I think it would be
simplest to work this out for a user that has no special privs.
That said, what I'd expect to see would be something like lines
below (with +) rather than those with "-".  Note that the server
output you posted never tried to use publickey auth, it went
straight to passwd.  I don't know whether this is due to something
in your sshd_config or something else.  For a final (for me) try
please post your sshd_config file AND use -ddd (not just -d) when
you start the daemon, and do this for a user whose uid != 0
and gif != 0. OK?

- Bob

debug1: userauth-request for user itadmin service ssh-connection method none

+debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
+Failed none for itadmin from 192.168.2.44 port 32793 ssh2
+debug1: userauth-request for user itadmin service ssh-connection method publickey
+debug1: attempt 1 initial attempt 0 failures 1 initial failures 0
+debug1: test whether pkalg/pkblob are acceptable
+debug1: temporarily_use_uid: 500/1 (e=0/0)
+debug1: trying public key file /u1/itadmin/.ssh/authorized_keys
+debug1: matching key found: file /u1/itadmin/.ssh/authorized_keys, line 13
+Found matching RSA key: ce:88:2f:5f:cc:05:69:a7:3f:7f:ed:b0:f5:43:94:21
+debug1: restore_uid: 0/0
+debug1: userauth-request for user itadmin service ssh-connection method publickey
+debug1: attempt 2 initial attempt 0 failures 1 initial failures 0
+debug1: temporarily_use_uid: 500/1 (e=0/0)
+debug1: trying public key file /u1/itadmin/.ssh/authorized_keys
+debug1: matching key found: file /u1/itadmin/.ssh/authorized_keys, line 13
+Found matching RSA key: ce:88:2f:5f:cc:05:69:a7:3f:7f:ed:b0:f5:43:94:21
+debug1: restore_uid: 0/0
+debug1: ssh_rsa_verify: signature correct
+Accepted publickey for itadmin from 192.168.2.44 port 32793 ssh2
+debug1: permanently_set_uid: 500/1
+debug1: Entering interactive session for SSH2.
+

-debug1: attempt 0 failures 0
-debug1: userauth_send_banner: sent

-Failed none for itadmin from 192.168.2.44 port 32793 ssh2
-Failed none for itadmin from 192.168.2.44 port 32793 ssh2
-debug1: userauth-request for user itadmin service ssh-connection method 
keyboard-interactive
-debug1: attempt 1 failures 1
-debug1: keyboard-interactive devs
-debug1: auth2_challenge: user=itadmin devs=
-debug1: kbdint_alloc: devices ''
-Failed keyboard-interactive for itadmin from 192.168.2.44 port 32793 ssh2
-debug1: userauth-request for user itadmin service ssh-connection method

Thank You very much Robert for your help.

Yes, itadmin is member of root's group.
i created a new account named itadmin2 in the client and server and i
updated .rhosts and .shosts files. The server always ask me the password.

Here is debug data with -ddd option :

#############################################
CLIENT SIDE
#############################################
[itadmin2@MyClient ~]$ ssh -v itadmin2@MyServer
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to MyServer [192.168.2.171] port 22.
debug1: Connection established.
debug1: identity file /home/itadmin2/.ssh/identity type -1
debug1: identity file /home/itadmin2/.ssh/id_rsa type -1
debug1: identity file /home/itadmin2/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.0
debug1: match: OpenSSH_4.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 123/256
debug1: bits set: 1008/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'MyServer' is known and matches the RSA host key.
debug1: Found key in /home/itadmin2/.ssh/known_hosts:1
debug1: bits set: 984/2048
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interactive,hostbased
debug1: next auth method to try is publickey
debug1: try privkey: /home/itadmin2/.ssh/identity
debug1: try privkey: /home/itadmin2/.ssh/id_rsa
debug1: try privkey: /home/itadmin2/.ssh/id_dsa
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue:
publickey,password,keyboard-interactive,hostbased
debug1: next auth method to try is password
itadmin2@MyServer's password:
debug1: ssh-userauth2 successful: method password
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 0
debug1: channel request 0: pty-req
debug1: channel request 0: shell
debug1: fd 3 setting TCP_NODELAY
debug1: channel 0: open confirm rwindow 0 rmax 32768
Last login: Mon Jun 13 10:50:46 2005 from MyClient.refcop
Environment:
  USER=itadmin2
  LOGNAME=itadmin2
  HOME=/u1/itadmin2
  PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
  MAIL=/var/mail//itadmin2
  SHELL=/bin/csh
  TZ=MET
  SSH_CLIENT=192.168.2.151 46030 22
  SSH_CONNECTION=192.168.2.151 46030 192.168.2.171 22
  SSH_TTY=/dev/pts/4
  TERM=xterm
debug3: channel 0: close_fds r -1 w -1 e -1 c -1
Sun Microsystems Inc.   SunOS 5.8       Generic Patch   October 2001
MyServer%
MyServer%
MyServer% debug1: channel_free: channel 0: client-session, nchannels 1
Connection to MyServer closed by remote host.
Connection to MyServer closed.
debug1: Transferred: stdin 0, stdout 0, stderr 85 bytes in 3.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 27.3
debug1: Exit status -1
[itadmin2@MyClient ~]$

#############################################
SERVER SIDE
#############################################

[root@MyServer:>/usr/local/sbin/sshd -ddd -f /usr/local/etc/sshd_config
debug2: load_server_config: filename /usr/local/etc/sshd_config
debug2: load_server_config: done config len = 280
debug2: parse_server_config: config /usr/local/etc/sshd_config len 280
debug1: sshd version OpenSSH_4.0p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /usr/local/etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /usr/local/etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: rexec_argv[0]='/usr/local/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-f'
debug1: rexec_argv[3]='/usr/local/etc/sshd_config'
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug2: fd 5 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: fd 6 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 11 config len 280
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 11
debug1: inetd sockets after dupping: 4, 4
Connection from 192.168.2.151 port 46030
debug1: Client protocol version 2.0; client software version OpenSSH_3.5p1
debug1: match: OpenSSH_3.5p1 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_4.0
debug2: fd 4 setting O_NONBLOCK
debug3: privsep user:group 1004:103
debug1: permanently_set_uid: 1004/103
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug2: Network child is on pid 18096
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellma
n-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
ijndael cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
ijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
ac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
ac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
ijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
ijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
ac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
ac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug3: mm_request_send entering: type 0
debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
debug3: mm_request_receive_expect entering: type 1
debug3: mm_request_receive entering
debug3: preauth child monitor started
debug3: mm_request_receive entering
debug3: monitor_read: checking request 0
debug3: mm_answer_moduli: got parameters: 1024 2048 8192
debug3: mm_request_send entering: type 1
debug3: mm_choose_dh: remaining 0
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug2: monitor_read: 0 used once, disabling now
debug3: mm_request_receive entering
debug2: dh_gen_key: priv key bits set: 122/256
debug2: bits set: 984/2048
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 1008/2048
debug3: mm_key_sign entering
debug3: mm_request_send entering: type 4
debug3: monitor_read: checking request 4
debug3: mm_answer_sign
debug3: mm_answer_sign: signature 9c6e8(143)
debug3: mm_request_send entering: type 5
debug2: monitor_read: 4 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
debug3: mm_request_receive_expect entering: type 5
debug3: mm_request_receive entering
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user itadmin2 service ssh-connection method
none
debug1: attempt 0 failures 0
debug3: mm_getpwnamallow entering
debug3: mm_request_send entering: type 6
debug3: monitor_read: checking request 6
debug3: mm_answer_pwnamallow
debug3: auth_shadow_acctexpired: today 12947 sp_expire -1 days left -12948
debug3: account expiration disabled
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
debug3: mm_request_receive_expect entering: type 7
debug3: mm_request_receive entering
debug2: input_userauth_request: setting up authctxt for itadmin2
debug3: mm_inform_authserv entering
debug3: mm_request_send entering: type 3
debug3: monitor_read: checking request 3
debug3: mm_answer_authserv: service=ssh-connection, style=
debug2: monitor_read: 3 used once, disabling now
debug3: mm_request_receive entering
debug2: input_userauth_request: try method none
debug3: mm_auth2_read_banner entering
debug3: mm_request_send entering: type 8
debug3: monitor_read: checking request 8
debug3: mm_request_send entering: type 9
debug2: monitor_read: 8 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_request_receive_expect entering: type 9
debug3: mm_request_receive entering
debug1: userauth_send_banner: sent
debug3: mm_auth_password entering
debug3: mm_request_send entering: type 10
debug3: monitor_read: checking request 10
debug3: mm_answer_authpassword: sending result 0
debug3: mm_request_send entering: type 11
Failed none for itadmin2 from 192.168.2.151 port 46030 ssh2
debug3: mm_request_receive entering
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
debug3: mm_request_receive_expect entering: type 11
debug3: mm_request_receive entering
debug3: mm_auth_password: user not authenticated
Failed none for itadmin2 from 192.168.2.151 port 46030 ssh2
debug1: userauth-request for user itadmin2 service ssh-connection method
keyboard-interactive
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=itadmin2 devs=
debug1: kbdint_alloc: devices ''
debug2: auth2_challenge_start: devices
Failed keyboard-interactive for itadmin2 from 192.168.2.151 port 46030 ssh2
debug1: userauth-request for user itadmin2 service ssh-connection method
password
debug1: attempt 2 failures 2
debug2: input_userauth_request: try method password
debug3: mm_auth_password entering
debug3: mm_request_send entering: type 10
debug3: monitor_read: checking request 10
debug3: auth_shadow_pwexpired: today 12947 sp_lstchg 12947 sp_max -1
debug3: password expiration disabled
debug3: mm_answer_authpassword: sending result 1
debug3: mm_request_send entering: type 11
Accepted password for itadmin2 from 192.168.2.151 port 46030 ssh2
debug1: monitor_child_preauth: itadmin2 has been authenticated by privileged
process
debug3: mm_get_keystate: Waiting for new keys
debug3: mm_request_receive_expect entering: type 24
debug3: mm_request_receive entering
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
debug3: mm_request_receive_expect entering: type 11
debug3: mm_request_receive entering
debug3: mm_auth_password: user authenticated
Accepted password for itadmin2 from 192.168.2.151 port 46030 ssh2
debug3: mm_send_keystate: Sending new keys: 9bd30 a4ce0
debug3: mm_newkeys_to_blob: converting 9bd30
debug3: mm_newkeys_to_blob: converting a4ce0
debug3: mm_send_keystate: New keys have been sent
debug3: mm_send_keystate: Sending compression state
debug3: mm_request_send entering: type 24
debug3: mm_newkeys_from_blob: 9d0f8(118)
debug2: mac_init: found hmac-md5
debug3: mm_get_keystate: Waiting for second key
debug3: mm_newkeys_from_blob: 9d0f8(118)
debug2: mac_init: found hmac-md5
debug3: mm_get_keystate: Getting compression state
debug3: mm_get_keystate: Getting Network I/O buffers
debug3: mm_share_sync: Share sync
debug3: mm_share_sync: Share sync end
debug3: mm_send_keystate: Finished sending state
debug1: permanently_set_uid: 1005/1
debug2: set_newkeys: mode 0
debug2: set_newkeys: mode 1
debug1: Entering interactive session for SSH2.
debug2: fd 5 setting O_NONBLOCK
debug2: fd 6 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug2: User child is on pid 18097
debug3: mm_request_receive entering
debug1: server_input_channel_req: channel 0 request pty-req reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug3: mm_request_send entering: type 25
debug3: mm_pty_allocate: waiting for MONITOR_ANS_PTY
debug3: mm_request_receive_expect entering: type 26
debug3: mm_request_receive entering
debug3: monitor_read: checking request 25
debug3: mm_answer_pty entering
debug1: session_new: init
debug1: session_new: session 0
debug3: Trying to reverse map address 192.168.2.151.
debug3: mm_request_send entering: type 26
debug1: session_pty_req: session 0 alloc /dev/pts/4
debug3: tty_parse_modes: SSH2 n_bytes 256
debug3: tty_parse_modes: ospeed 38400
debug3: tty_parse_modes: ispeed 38400
debug3: tty_parse_modes: 1 3
debug3: tty_parse_modes: 2 28
debug3: tty_parse_modes: 3 127
debug3: tty_parse_modes: 4 21
debug3: tty_parse_modes: 5 4
debug3: tty_parse_modes: 6 0
debug3: tty_parse_modes: 7 0
debug3: tty_parse_modes: 8 17
debug3: tty_parse_modes: 9 19
debug3: tty_parse_modes: 10 26
debug3: tty_parse_modes: 12 18
debug3: tty_parse_modes: 13 23
debug3: tty_parse_modes: 14 22
debug3: tty_parse_modes: 18 15
debug3: tty_parse_modes: 30 0
debug3: tty_parse_modes: 31 0
debug3: tty_parse_modes: 32 0
debug3: tty_parse_modes: 33 0
debug3: tty_parse_modes: 34 0
debug3: tty_parse_modes: 35 0
debug3: tty_parse_modes: 36 1
debug3: tty_parse_modes: 37 0
debug3: tty_parse_modes: 38 1
debug3: tty_parse_modes: 39 0
debug3: tty_parse_modes: 40 0
debug3: tty_parse_modes: 41 0
debug3: tty_parse_modes: 50 1
debug3: tty_parse_modes: 51 1
debug3: tty_parse_modes: 52 0
debug3: tty_parse_modes: 53 1
debug3: tty_parse_modes: 54 1
debug3: tty_parse_modes: 55 1
debug3: tty_parse_modes: 56 0
debug3: tty_parse_modes: 57 0
debug3: tty_parse_modes: 58 0
debug3: tty_parse_modes: 59 1
debug3: tty_parse_modes: 60 1
debug3: tty_parse_modes: 61 1
debug3: tty_parse_modes: 62 0
debug3: tty_parse_modes: 70 1
debug3: tty_parse_modes: 71 0
debug3: tty_parse_modes: 72 1
debug3: tty_parse_modes: 73 0
debug3: tty_parse_modes: 74 0
debug3: tty_parse_modes: 75 0
debug3: tty_parse_modes: 90 1
debug3: tty_parse_modes: 91 1
debug3: tty_parse_modes: 92 0
debug3: tty_parse_modes: 93 0
debug1: server_input_channel_req: channel 0 request shell reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug2: fd 4 setting TCP_NODELAY
debug2: fd 9 setting O_NONBLOCK
debug3: fd 8 is O_NONBLOCK
debug3: mm_answer_pty: tty /dev/pts/4 ptyfd 5
debug3: mm_request_receive entering
[root@MyServer:>
===========================================================

ns wrote:
> Thank You very much Robert for your help.
> 
> Yes, itadmin is member of root's group.
> i created a new account named itadmin2 in the client and server and i
> updated .rhosts and .shosts files. The server always ask me the password.
> 
> Here is debug data with -ddd option :
> 
> #############################################
> CLIENT SIDE
> #############################################
> [itadmin2@MyClient ~]$ ssh -v itadmin2@MyServer
> OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Rhosts Authentication disabled, originating port will not be
> trusted.
> debug1: ssh_connect: needpriv 0
> debug1: Connecting to MyServer [192.168.2.171] port 22.
> debug1: Connection established.

I think there is something wrong with the keys or permissions
on them that prevents their use (on the client at least).
When the client reads your kesy we see:

> debug1: identity file /home/itadmin2/.ssh/identity type -1
> debug1: identity file /home/itadmin2/.ssh/id_rsa type -1
> debug1: identity file /home/itadmin2/.ssh/id_dsa type -1
> debug1: Remote protocol version 1.99, remote software version OpenSSH_4.0
> debug1: match: OpenSSH_4.0 pat OpenSSH*

Yet what I think you should be seeing is:

debug1: identity file /home/itadmin2/.ssh/identity type 0
debug1: identity file /home/itadmin2/.ssh/id_rsa type 1
debug1: identity file /home/itadmin2/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.0

Note the different types!  I'd suggest hiding ALL the test user's
existing keys, then as the test user use ssh-keygen to create
a new RSA keypair, making sure to copy the public key to the
test user's .ssh directory AND to the test user's authorized_keys
files, and repeat using -vvv on client to get additional clues.
I think the server worked correctly but was never presented
the request for publickey authentication.
Perms on the .ssh dir and the private keys must permit access
to only the owner (test user).

- Bob

ThankYou very much for your help Robert

i will try a gain.

Best Regards
NS

"Robert Lawhead" <news0000.5.unixguru@spamgourmet.com> a �crit dans le
message de news:SNydnc4eJO-xQTDfRVn-iw@speakeasy.net...
> ns wrote:
> > Thank You very much Robert for your help.
> >
> > Yes, itadmin is member of root's group.
> > i created a new account named itadmin2 in the client and server and i
> > updated .rhosts and .shosts files. The server always ask me the
password.
> >
> > Here is debug data with -ddd option :
> >
> > #############################################
> > CLIENT SIDE
> > #############################################
> > [itadmin2@MyClient ~]$ ssh -v itadmin2@MyServer
> > OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
> > debug1: Reading configuration data /etc/ssh/ssh_config
> > debug1: Applying options for *
> > debug1: Rhosts Authentication disabled, originating port will not be
> > trusted.
> > debug1: ssh_connect: needpriv 0
> > debug1: Connecting to MyServer [192.168.2.171] port 22.
> > debug1: Connection established.
>
> I think there is something wrong with the keys or permissions
> on them that prevents their use (on the client at least).
> When the client reads your kesy we see:
>
> > debug1: identity file /home/itadmin2/.ssh/identity type -1
> > debug1: identity file /home/itadmin2/.ssh/id_rsa type -1
> > debug1: identity file /home/itadmin2/.ssh/id_dsa type -1
> > debug1: Remote protocol version 1.99, remote software version
OpenSSH_4.0
> > debug1: match: OpenSSH_4.0 pat OpenSSH*
>
> Yet what I think you should be seeing is:
>
> debug1: identity file /home/itadmin2/.ssh/identity type 0
> debug1: identity file /home/itadmin2/.ssh/id_rsa type 1
> debug1: identity file /home/itadmin2/.ssh/id_dsa type 2
> debug1: Remote protocol version 1.99, remote software version OpenSSH_4.0
>
> Note the different types!  I'd suggest hiding ALL the test user's
> existing keys, then as the test user use ssh-keygen to create
> a new RSA keypair, making sure to copy the public key to the
> test user's .ssh directory AND to the test user's authorized_keys
> files, and repeat using -vvv on client to get additional clues.
> I think the server worked correctly but was never presented
> the request for publickey authentication.
> Perms on the .ssh dir and the private keys must permit access
> to only the owner (test user).
>
> - Bob
>

Hi Robert,

Now, i can run remote command on the server by using ssh without ask me the
password ! :)
I just copy "id_rsa" on the .../<windows_client>/<user_env>/.ssh/

Well !!

But now, the server ignore the files .rhosts and .shosts.

I configured sshd_config with option : IgnoreRhosts no

I will try test with enabling debug.

Do you know why ?

ThankYou very much
NS

Here's my new log :

=================================
CLIENT SIDE
=================================
C:\Documents and Settings\user1\.ssh>ssh -v itadmin@MyServer date
OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to MyServer [192.168.2.171] port 22.
debug1: Connection established.
debug1: identity file /home/user1/.ssh/identity type -1
debug1: identity file /home/user1/.ssh/id_rsa type -1
debug1: identity file /home/user1/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.0
debug1: match: OpenSSH_4.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'MyServer' is known and matches the RSA host key.
debug1: Found key in /home/user1/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive,hostbased
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user1/.ssh/identity
debug1: Trying private key: /home/user1/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending command: date
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Thu Jun 16 12:57:10 MEST 2005
Environment:
  USER=itadmin
  LOGNAME=itadmin
  HOME=/u1/itadmin
  PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
  MAIL=/var/mail//itadmin
  SHELL=/bin/csh
  TZ=MET
  SSH_CLIENT=192.168.2.208 4347 22
  SSH_CONNECTION=192.168.2.208 4347 192.168.2.171 22
debug1: channel 0: free: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.2 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0

=================================
SERVER SIDE
=================================
[root@MyServer:>/usr/local/sbin/sshd -d -f /usr/local/etc/sshd_config
debug1: sshd version OpenSSH_4.0p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: rexec_argv[0]='/usr/local/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-f'
debug1: rexec_argv[3]='/usr/local/etc/sshd_config'
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: fd 6 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 11
debug1: inetd sockets after dupping: 4, 4
Connection from 192.168.2.208 port 4347
debug1: Client protocol version 2.0; client software version OpenSSH_3.8.1p1
debug1: match: OpenSSH_3.8.1p1 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_4.0
debug1: permanently_set_uid: 1004/103
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user itadmin service ssh-connection method none
debug1: attempt 0 failures 0
debug1: userauth_send_banner: sent
Failed none for itadmin from 192.168.2.208 port 4347 ssh2
Failed none for itadmin from 192.168.2.208 port 4347 ssh2
debug1: userauth-request for user itadmin service ssh-connection method
publickey
debug1: attempt 1 failures 1
debug1: temporarily_use_uid: 1002/0 (e=0/1)
debug1: trying public key file /u1/itadmin/.ssh/authorized_keys
debug1: matching key found: file /u1/itadmin/.ssh/authorized_keys, line 1
Found matching RSA key: ac:5e:65:2a:ba:61:d6:c5:36:c1:2d:90:e0:30:26:f2
debug1: restore_uid: 0/1
debug1: ssh_rsa_verify: signature correct
Accepted publickey for itadmin from 192.168.2.208 port 4347 ssh2
Accepted publickey for itadmin from 192.168.2.208 port 4347 ssh2
debug1: monitor_child_preauth: itadmin has been authenticated by privileged
process
debug1: permanently_set_uid: 1002/0
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 131072 max
32768
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request exec reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req exec
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 19078
debug1: session_exit_message: session 0 channel 0 pid 19078
debug1: session_exit_message: release channel 0
debug1: session_close: session 0 pid 19078
debug1: channel 0: free: server-session, nchannels 1
Connection closed by 192.168.2.208
debug1: do_cleanup
Closing connection to 192.168.2.208
[root@MyServer:>
=============================================================


"ns" <ns@none.ns> a �crit dans le message de
news:d8rkgm$e2s$1@reader1.imaginet.fr...
> Hi Robert,
>
> Now, i can run remote command on the server by using ssh without ask me
the
> password ! :)
> I just copy "id_rsa" on the .../<windows_client>/<user_env>/.ssh/
>
> Well !!
>
> But now, the server ignore the files .rhosts and .shosts.
>
> I configured sshd_config with option : IgnoreRhosts no
>
> I will try test with enabling debug.
>
> Do you know why ?
>
> ThankYou very much
> NS
>
>

ns wrote:
> Hi Robert,
> 
> Now, i can run remote command on the server by using ssh without ask me the
> password ! :)
> I just copy "id_rsa" on the .../<windows_client>/<user_env>/.ssh/
> 
> Well !!
> 
> But now, the server ignore the files .rhosts and .shosts.
> 
> I configured sshd_config with option : IgnoreRhosts no
> 
> I will try test with enabling debug.
> 
> Do you know why ?
> 
> ThankYou very much
> NS
> 
> 

..rhosts and .shosts have nothing to do with publickey
authentication.  Perhaps ssh-agent is what you are now looking
for, but what I think you should really do is some serious
research on your own, so that you understand "the big picture".
This book is an excellent reference:

	SSH, The Secure Shell: The Definitive Guide, Second Edition
	By Daniel J. Barrett, Richard Silverman, Robert G. Byrnes
	Second Edition May 2005
	ISBN: 0-596-00895-3

Good luck.
- Bob			

Thanks a lot Robert for the reference.

Have nice week

Best Regards
NS

"Robert Lawhead" <news0000.5.unixguru@spamgourmet.com> a �crit dans le
message de news:e_6dncm3QZPoJSzfRVn-oA@speakeasy.net...
> ns wrote:
> > Hi Robert,
> >
> > Now, i can run remote command on the server by using ssh without ask me
the
> > password ! :)
> > I just copy "id_rsa" on the .../<windows_client>/<user_env>/.ssh/
> >
> > Well !!
> >
> > But now, the server ignore the files .rhosts and .shosts.
> >
> > I configured sshd_config with option : IgnoreRhosts no
> >
> > I will try test with enabling debug.
> >
> > Do you know why ?
> >
> > ThankYou very much
> > NS
> >
> >
>
> .rhosts and .shosts have nothing to do with publickey
> authentication.  Perhaps ssh-agent is what you are now looking
> for, but what I think you should really do is some serious
> research on your own, so that you understand "the big picture".
> This book is an excellent reference:
>
> SSH, The Secure Shell: The Definitive Guide, Second Edition
> By Daniel J. Barrett, Richard Silverman, Robert G. Byrnes
> Second Edition May 2005
> ISBN: 0-596-00895-3
>
> Good luck.
> - Bob