Skip to Main Content
Forums

Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

ssh between Solaris 11 servers as root with no password

User_HUBX6Dec 29 2017 — edited Jan 3 2018

I am unable to ssh between Solaris 11 servers as root with no password.  I set up public/private SSH keys between the servers with the /root/.ssh/authorized_keys file containing the public key of the ssh client.  I have tried changing PermitRootLogin = yes and PermitRootLogin = without-password and restarted sshd.    I have tried changing /etc/default/login to from console=/dev/console and tried commenting this entry out.   If I copy the same /root/.ssh directory to my user account home directory /export/home/mmoore/.ssh, then when logged in as mmoore I can ssh between the servers without a password.   If I sudo su - root, using the same .ssh files, trying to ssh requires a password.  When I ssh -vvv serverA, the debug output gets down to "debug1: read PEM private key done: type RSA" and then jumps to the next authentication method, showing no reason why RSA authentication did not work.  I have tried with both rsa and dsa keys.  What could be causing the public/private SSH keys from authenticating?

Excerpt from ssh -vvv serverA:

debug1: Trying public key: /root/.ssh/id_rsa

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: Server accepts key: pkalg ssh-rsa blen 277 lastkey 863dd0 hint 1

debug3: Pubkey type from SSH_MSG_USERAUTH_PK_OK is ssh-rsa.

debug1: ssh_kmf_key_from_blob: blob length is 277.

debug2: input_userauth_pk_ok: fp ea:f8:f6:d9:be:43:12:63:63:33:34:f9:7e:a7:d1:9c

debug3: sign_and_send_pubkey

debug1: ssh_kmf_check_uri: /root/.ssh/id_rsa

debug1: read PEM private key done: type RSA

debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive

debug1: Trying private key: /root/.ssh/id_dsa

debug1: ssh_kmf_check_uri: /root/.ssh/id_dsa

debug3: no such identity: /root/.ssh/id_dsa

debug2: we did not send a packet, disable method

debug3: authmethod_lookup keyboard-interactive

debug3: remaining preferred: password

debug3: authmethod_is_enabled keyboard-interactive

debug1: Next authentication method: keyboard-interactive

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug2: input_userauth_info_req

debug2: input_userauth_info_req: num_prompts 1

Password:
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jan 31 2018
Added on Dec 29 2017
#oracle-solaris, #solaris-11
3 comments
1,557 views