1

I'm trying to set a no-password connection throw two servers, the first (A) runs Win server with Cygwin and the second runs Debian Linux. I followed this guide: http://troy.jdmz.net/rsync/index.html, so:

1.DEB server

1.a. created keys:

ssh-keygen -t rsa -b 2048 -f /home/deb-user/cron/deb-rsync-key

1.b copied deb-rsync-key.pub on the Win server using scp & authentication

2.Win server

2.a entered the Win server using ssh and authentication and moved deb-rsync-key.pub in the .ssh folder and then copied the content in the authorized_keys file, that I created

2.b made sure that .ssh folder had 700 permission and authorized_keys file 600.

2.c made sure that RSAAuthentication and PubkeyAuthentication keys in /etc/sshd/sshd_config were both uncommented and yes

2.d Tried to set the AuthorizedKeysFile as absolute path pointing to the autorized_keys file in the user's home folder (changed from .ssh/autorized_keys to /home/win-user/.ssh/autorized_keys)

2.e restarted sshd server (net stop sshd, net start sshd)

3.Deb server

Trying to access the win server using the key:

ssh -i /home/deb-user/cron/deb-rsync-key win-user@win-host

all I get is

Connection closed by win-host

Nothing is logged in DEB: /var/logs/auth.log

Nothing is logged in WIN: /var/logs/sshd.log

Any help will be much appreciated!

UPDATE: adding -v option in ssh command returns this:

OpenSSH_5.5p1 Debian-6+squeeze3, OpenSSL 0.9.8o 01 Jun 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to win-host [win-host] port 22. debug1: Connection established. debug1: identity file /home/deb-user/cron/deb-rsync-key.pub type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: identity file /home/deb-user/cron/deb-rsync-key.pub-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0 debug1: match: OpenSSH_6.0 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'win-host' is known and matches the RSA host key. debug1: Found key in /home/deb-host/.ssh/known_hosts:2 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering public key: /home/deb-host/cron/deb-rsync-key.pub Connection closed by win-host

UPDATE2 win server .ssh folder permissions are as follows:

$ ls -la .ssh total 6 drwx------+ 1 win-user Domain Users 0 Mar 12 10:26 . drwxr-xr-x+ 1 win-user Domain Users 0 Mar 12 10:25 .. -rw------- 1 win-user Domain Users 396 Mar 12 10:26 authorized_keys -rw------- 1 win-user Domain Users 396 Mar 12 10:24 deb-rsync-key.pub

UPDATE3: folder permissions in DEB server are as follows:

$ ls -la /home/ total 16 drwxr-xr-x 4 root root 4096 31 gen 11.19 . drwxr-xr-x 22 root root 4096 28 gen 11.59 .. drwx------ 18 deb-user deb-user 4096 12 mar 11.15 deb-user

And folder permissions in Win server as follows:

$ ls -la /home/ total 8 drwxrwxrwt+ 1 jbogdani root 0 Oct 20 2011 . drwxr-xr-x+ 1 jbogdani root 0 Nov 1 00:44 .. drwx------+ 1 win-user Domain Users 0 Mar 12 10:25 win-user

UPDATE4 More verbose:

$ ssh -vvv -i /home/de-user/cron/deb-rsync-key win-user@win-host OpenSSH_5.5p1 Debian-6+squeeze3, OpenSSL 0.9.8o 01 Jun 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to win-host [win-host] port 22. debug1: Connection established. debug3: Not a RSA1 key file /home/deb-user/cron/deb-rsync-key. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /home/deb-user/cron/deb-rsync-key type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: identity file /home/deb-user/cron/deb-rsync-key-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0 debug1: match: OpenSSH_6.0 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze3 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: [email protected],[email protected],ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected],zlib debug2: kex_parse_kexinit: none,[email protected],zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 139/256 debug2: bits set: 528/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: host win-host filename /home/deb-user/.ssh/known_hosts debug3: check_host_in_hostfile: host win-host filename /home/deb-user/.ssh/known_hosts debug3: check_host_in_hostfile: match line 2 debug1: Host 'win-host' is known and matches the RSA host key. debug1: Found key in /home/deb-user/.ssh/known_hosts:2 debug2: bits set: 506/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/deb-user/cron/deb-rsync-key (0xb8f465c0) debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/deb-user/cron/deb-rsync-key debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply Connection closed by win-host
Improve this question
4
  • Try ssh'ing with the -v argument, for added verbosity Commented Mar 12, 2013 at 9:58
  • Updated with verbose result of ssh command Commented Mar 12, 2013 at 10:12
  • If you wouldn't mind, the output for "ls -la /home/win-user/.ssh", so we can see if you have the right permissions Commented Mar 12, 2013 at 10:15
  • @brian Updated! Commented Mar 12, 2013 at 10:21

1 Answer 1

Reset to default
0

I would think the problem is in your authorized_keys, or possibly that you don't have rsync installed on the server.

Check if rsync is installed first, then let's try to solve the problem in steps:

First, let's get rid for from= and command=, that way we can see if it can connect using the key at all.

The resulting line in should look like this:

ssh-dss AAAAB3NzaC1kc3MAAAEBA ..

Then let's see if we can connect using ssh directly.

ssh -i [path-to-key] win-user@win-host

If that works, let's add ip=, make sure it's the IP of the client connecting.

ip="[client-ip]" ssh-dss AAAAB3NzaC1kc3MAAAEBA ..

Try to connect again using the ssh command above.

Lastly, let's add our validate-rsync.

ip="[client-ip]",command="/home/remoteuser/cron/validate-rsync" ssh-dss AAAAB3NzaC1kc3MAAAEBA ..

Now, with the use of /home/remoteuser/cron/validate-rsync, you won't be able to use ssh directly, as it's the script prevents the default shell (defined in /etc/passwd).

validate-rsync is used to prevent all commands except rsync --server. Instead, you should try a simple rsync from client to server.

touch test && rsync -vv -e "ssh -i path-to-key" test win-user@win-host

It can also be cygwin-related, please check out this message:

http://cygwin.com/ml/cygwin/2008-08/msg00155.html.

Improve this answer
10
  • Hello, in the tutorial I quoted I've not gone further the steps I described above. Rsync is installed and works correctly using password. I've not added filters (from= or command+) in the authorized_keys files. I can ssh correctly using password, but I get the errors i described if I try to ssh using the key file. It means I'm not able to get ssh -i [path-to-key] win-user@win-host work at all. Double checked files and folders permission in Win and Deb servers: everything seems to be OK.... Commented Mar 12, 2013 at 13:05
  • Please check for details UPDATE3 in my question. Commented Mar 12, 2013 at 13:11
  • Check authorized_keys and see if it's valid. Make sure there are no newlines in the middle of the public key (happens easily when you copy-paste between two terminals), and make sure you got the whole public key. Commented Mar 12, 2013 at 13:12
  • Public key is identical in both server: same content, no newlines, etc... I just double-checked..... Commented Mar 12, 2013 at 13:22
  • Try ssh again, using -vvv for even more verbosity =) Commented Mar 12, 2013 at 13:27

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.