SSH without password
5 views
Skip to first unread message
robw
Jun 14, 2010, 2:44:49 AM6/14/10
to TouchTerm
I've purchased TouchTerm but am having trouble connecting using SSH
without password
I've generated a keypair and added the public key to .authorized_keys
on my server.
When I try to connect, the log suggests that authentication has
succeeded (debug1: Authentication succeeded (publickey). However,
TouchTerm quits saying connection has failed.
Enabling PasswordAuthentication in my sshd_config allows me to connect
from TouchTerm but I don't want to enable cleartext passwords on my
server.
Can anybody help me to connect just using SSH keys?
thanks
without password
I've generated a keypair and added the public key to .authorized_keys
on my server.
When I try to connect, the log suggests that authentication has
succeeded (debug1: Authentication succeeded (publickey). However,
TouchTerm quits saying connection has failed.
Enabling PasswordAuthentication in my sshd_config allows me to connect
from TouchTerm but I don't want to enable cleartext passwords on my
server.
Can anybody help me to connect just using SSH keys?
thanks
sor
Jul 13, 2010, 4:25:08 PM7/13/10
to TouchTerm
I'm having this same problem. It seems to have some relationship to
newly-generated keys, because I have an old one generated in TouchTerm
(not pro and probably generated at least eight months ago, i.e. with a
previous version of TT (?)) that will bring me to the passphrase
prompt (I, of course, cannot remember the passphrase). New keys I make
in either TT or TT Pro always result in this error. Connecting via ssh
to this server works fine everywhere else and, obviously, with the old
TT-generated key whose passphrase I forget.
It'd be nice to have a level of debugging output greater than debug1,
since that might actually tell me what the problem is, such as the
ability to manually enter ssh -v -v -v. Telling me that authentication
"succeeded" yet failing with an error before I'm ever asked for the
passphrase is pretty uninformative. Here's the output:
debug1: Connecting to example.com [xxx.xxx.xxx.xxx] port 22.
debug1: fd 16 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /var/mobile/Applications/ [censored]/Documents/
keys/examplekey type 1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'example.com' is known and matches the RSA host key.
debug1: Found key in /var/mobile/Applications/ [censored]/Documents/
keys/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Offering public key: /var/mobile/Applications/ [censored]/
Documents/keys/examplekey
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: No more authentication methods to try.
debug1: Authentication succeeded (publickey).
newly-generated keys, because I have an old one generated in TouchTerm
(not pro and probably generated at least eight months ago, i.e. with a
previous version of TT (?)) that will bring me to the passphrase
prompt (I, of course, cannot remember the passphrase). New keys I make
in either TT or TT Pro always result in this error. Connecting via ssh
to this server works fine everywhere else and, obviously, with the old
TT-generated key whose passphrase I forget.
It'd be nice to have a level of debugging output greater than debug1,
since that might actually tell me what the problem is, such as the
ability to manually enter ssh -v -v -v. Telling me that authentication
"succeeded" yet failing with an error before I'm ever asked for the
passphrase is pretty uninformative. Here's the output:
debug1: Connecting to example.com [xxx.xxx.xxx.xxx] port 22.
debug1: fd 16 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /var/mobile/Applications/ [censored]/Documents/
keys/examplekey type 1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'example.com' is known and matches the RSA host key.
debug1: Found key in /var/mobile/Applications/ [censored]/Documents/
keys/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Offering public key: /var/mobile/Applications/ [censored]/
Documents/keys/examplekey
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: No more authentication methods to try.
debug1: Authentication succeeded (publickey).
sor
Jul 13, 2010, 5:25:09 PM7/13/10
to TouchTerm
Update, there were line breaks in the public key that emailing the key
to one provider introduced. I switched to sending them to a Gmail
account, from which I could copy them easily from the web UI without
that problem.
I note that it seems that TT doesn't use the same clipboard as the
iPhone, making "exporting" the key to that clipboard of limited
utility, hence having to email it. (Every time I pasted into another
app, my key wasn't there—the last thing I'd copied from some other app
was.)
to one provider introduced. I switched to sending them to a Gmail
account, from which I could copy them easily from the web UI without
that problem.
I note that it seems that TT doesn't use the same clipboard as the
iPhone, making "exporting" the key to that clipboard of limited
utility, hence having to email it. (Every time I pasted into another
app, my key wasn't there—the last thing I'd copied from some other app
was.)
Reply all
Reply to author
Forward
0 new messages