login to server ok but cannot login to another server from the first

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

login to server ok but cannot login to another server from the first

Mark Barton-2
I have two servers A and B and I am able to login
to both servers from my client machine using key
pair. However if I log into server A then try to
login to server B from A, the authentication check
drops to password only. The same thing happens if
I log into server B and then try to login to A.
However if I use server B console, then I can
access server A with a key without any problem.
Server A is headless so I am unable to try the
same test from A to B. SSH log does not give much
information. This was working when server A was
running Ubuntu 16.04. I am now using 18.04.

My ultimate goal is to allow me to login to server
A and have Git access to the Git server on server
B using Gitolite.

Server A - Ubuntu 18.04

Server B - Ubuntu 14.04 (yes I am upgrading soon)

Client - Ubuntu 16.04

I thinking there must be a SSH configuration
option but I'm not sure where to start.

Thanks for any help

Mark




--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: login to server ok but cannot login to another server from the first

Colin Law
On Sat, 3 Nov 2018 at 13:23, Mark Barton <[hidden email]> wrote:
>
> I have two servers A and B and I am able to login
> to both servers from my client machine using key
> pair. However if I log into server A then try to
> login to server B from A, the authentication check
> drops to password only.  The same thing happens if
> I log into server B and then try to login to A.
> However if I use server B console, then I can
> access server A with a key without any problem.

Do you have the same username on all machines or are you logging in as
different users?

Colin

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: login to server ok but cannot login to another server from the first

Mark Barton-2
On 11/3/18 9:45 AM, Colin Law wrote:

> On Sat, 3 Nov 2018 at 13:23, Mark Barton <[hidden email]> wrote:
>> I have two servers A and B and I am able to login
>> to both servers from my client machine using key
>> pair. However if I log into server A then try to
>> login to server B from A, the authentication check
>> drops to password only.  The same thing happens if
>> I log into server B and then try to login to A.
>> However if I use server B console, then I can
>> access server A with a key without any problem.
> Do you have the same username on all machines or are you logging in as
> different users?
>
> Colin
>
The same user name but different keys.


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: login to server ok but cannot login to another server from the first

Colin Law
On Sat, 3 Nov 2018 at 13:52, Mark Barton <[hidden email]> wrote:
> ...
> The same user name but different keys.

That is odd, I do it all the time.  So just to recap, you can logon
directly on B and see
me@B:~$ ssh A
with no username specified and it works fine, but if you ssh to B from
C then you see the same thing
me@B:~$ ssh A
but this time it asks for a password?

Colin

>
>
> --
> ubuntu-users mailing list
> [hidden email]
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: login to server ok but cannot login to another server from the first

Peter Silva
how old are the keys?  The new version might have deprecated DSA keys or something?
Perhaps generate newish RSA keys.

2nd option: -oIdentitiesOnly=yes
sometimes the credential caching daemon causes the remote to say too many tries.
the above option may help.


On Sat, Nov 3, 2018 at 10:15 AM Colin Law <[hidden email]> wrote:
On Sat, 3 Nov 2018 at 13:52, Mark Barton <[hidden email]> wrote:
> ...
> The same user name but different keys.

That is odd, I do it all the time.  So just to recap, you can logon
directly on B and see
me@B:~$ ssh A
with no username specified and it works fine, but if you ssh to B from
C then you see the same thing
me@B:~$ ssh A
but this time it asks for a password?

Colin

>
>
> --
> ubuntu-users mailing list
> [hidden email]
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: login to server ok but cannot login to another server from the first

Colin Law
On Sat, 3 Nov 2018 at 14:34, Peter Silva <[hidden email]> wrote:
>
> how old are the keys?  The new version might have deprecated DSA keys or something?
> Perhaps generate newish RSA keys.
>
> 2nd option: -oIdentitiesOnly=yes
> sometimes the credential caching daemon causes the remote to say too many tries.
> the above option may help.

Would that explain why C->B works and B->A works but not C->B->A?

Colin

>
>
> On Sat, Nov 3, 2018 at 10:15 AM Colin Law <[hidden email]> wrote:
>>
>> On Sat, 3 Nov 2018 at 13:52, Mark Barton <[hidden email]> wrote:
>> > ...
>> > The same user name but different keys.
>>
>> That is odd, I do it all the time.  So just to recap, you can logon
>> directly on B and see
>> me@B:~$ ssh A
>> with no username specified and it works fine, but if you ssh to B from
>> C then you see the same thing
>> me@B:~$ ssh A
>> but this time it asks for a password?
>>
>> Colin
>>
>> >
>> >
>> > --
>> > ubuntu-users mailing list
>> > [hidden email]
>> > Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>>
>> --
>> ubuntu-users mailing list
>> [hidden email]
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
> --
> ubuntu-users mailing list
> [hidden email]
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: login to server ok but cannot login to another server from the first

Mark Barton-2
On 11/3/18 10:47 AM, Colin Law wrote:

> On Sat, 3 Nov 2018 at 14:34, Peter Silva <[hidden email]> wrote:
>> how old are the keys?  The new version might have deprecated DSA keys or something?
>> Perhaps generate newish RSA keys.
>>
>> 2nd option: -oIdentitiesOnly=yes
>> sometimes the credential caching daemon causes the remote to say too many tries.
>> the above option may help.
> Would that explain why C->B works and B->A works but not C->B->A?
>
> Colin
>
>>
>> On Sat, Nov 3, 2018 at 10:15 AM Colin Law <[hidden email]> wrote:
>>> On Sat, 3 Nov 2018 at 13:52, Mark Barton <[hidden email]> wrote:
>>>> ...
>>>> The same user name but different keys.
>>> That is odd, I do it all the time.  So just to recap, you can logon
>>> directly on B and see
>>> me@B:~$ ssh A
>>> with no username specified and it works fine, but if you ssh to B from
>>> C then you see the same thing
>>> me@B:~$ ssh A
>>> but this time it asks for a password?
>>>
>>> Colin
>>>
>>>>
>>>> --
>>>> ubuntu-users mailing list
>>>> [hidden email]
>>>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>>> --
>>> ubuntu-users mailing list
>>> [hidden email]
>>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>> --
>> ubuntu-users mailing list
>> [hidden email]
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

I was able to connect a monitor to that headless
server (server A) and I verified that I could
connect to server B using a key. I also tried it
with a raspberry Pi bypassing the 18.04 server.
The results where identical which tells me that is
not specific to the 18.04 install.

Thinking back I might have used a single key for
each client but I am not sure if that is true is
all cases.

Colin,

Yes the sequence you described is correct.

Peter,

The keys I'm using are RSA and have been freshly
generated on each client.





--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: login to server ok but cannot login to another server from the first

Colin Law
I believe you can get additional info out of sshd by specifying one or
more -d on the sshd command line.  I think the debug will then be in
auth.log.  I have not done that myself though so perhaps some googling
is required.

Colin
On Sat, 3 Nov 2018 at 15:28, Mark Barton <[hidden email]> wrote:

>
> On 11/3/18 10:47 AM, Colin Law wrote:
> > On Sat, 3 Nov 2018 at 14:34, Peter Silva <[hidden email]> wrote:
> >> how old are the keys?  The new version might have deprecated DSA keys or something?
> >> Perhaps generate newish RSA keys.
> >>
> >> 2nd option: -oIdentitiesOnly=yes
> >> sometimes the credential caching daemon causes the remote to say too many tries.
> >> the above option may help.
> > Would that explain why C->B works and B->A works but not C->B->A?
> >
> > Colin
> >
> >>
> >> On Sat, Nov 3, 2018 at 10:15 AM Colin Law <[hidden email]> wrote:
> >>> On Sat, 3 Nov 2018 at 13:52, Mark Barton <[hidden email]> wrote:
> >>>> ...
> >>>> The same user name but different keys.
> >>> That is odd, I do it all the time.  So just to recap, you can logon
> >>> directly on B and see
> >>> me@B:~$ ssh A
> >>> with no username specified and it works fine, but if you ssh to B from
> >>> C then you see the same thing
> >>> me@B:~$ ssh A
> >>> but this time it asks for a password?
> >>>
> >>> Colin
> >>>
> >>>>
> >>>> --
> >>>> ubuntu-users mailing list
> >>>> [hidden email]
> >>>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> >>> --
> >>> ubuntu-users mailing list
> >>> [hidden email]
> >>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> >> --
> >> ubuntu-users mailing list
> >> [hidden email]
> >> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
> I was able to connect a monitor to that headless
> server (server A) and I verified that I could
> connect to server B using a key. I also tried it
> with a raspberry Pi bypassing the 18.04 server.
> The results where identical which tells me that is
> not specific to the 18.04 install.
>
> Thinking back I might have used a single key for
> each client but I am not sure if that is true is
> all cases.
>
> Colin,
>
> Yes the sequence you described is correct.
>
> Peter,
>
> The keys I'm using are RSA and have been freshly
> generated on each client.
>
>
>
>
>
> --
> ubuntu-users mailing list
> [hidden email]
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

[solved]Re: login to server ok but cannot login to another server from the first

Mark Barton-2
On 11/3/18 11:43 AM, Colin Law wrote:

> I believe you can get additional info out of sshd by specifying one or
> more -d on the sshd command line.  I think the debug will then be in
> auth.log.  I have not done that myself though so perhaps some googling
> is required.
>
> Colin
> On Sat, 3 Nov 2018 at 15:28, Mark Barton <[hidden email]> wrote:
>> On 11/3/18 10:47 AM, Colin Law wrote:
>>> On Sat, 3 Nov 2018 at 14:34, Peter Silva <[hidden email]> wrote:
>>>> how old are the keys?  The new version might have deprecated DSA keys or something?
>>>> Perhaps generate newish RSA keys.
>>>>
>>>> 2nd option: -oIdentitiesOnly=yes
>>>> sometimes the credential caching daemon causes the remote to say too many tries.
>>>> the above option may help.
>>> Would that explain why C->B works and B->A works but not C->B->A?
>>>
>>> Colin
>>>
>>>> On Sat, Nov 3, 2018 at 10:15 AM Colin Law <[hidden email]> wrote:
>>>>> On Sat, 3 Nov 2018 at 13:52, Mark Barton <[hidden email]> wrote:
>>>>>> ...
>>>>>> The same user name but different keys.
>>>>> That is odd, I do it all the time.  So just to recap, you can logon
>>>>> directly on B and see
>>>>> me@B:~$ ssh A
>>>>> with no username specified and it works fine, but if you ssh to B from
>>>>> C then you see the same thing
>>>>> me@B:~$ ssh A
>>>>> but this time it asks for a password?
>>>>>
>>>>> Colin
>>>>>
>>>>>> --
>>>>>> ubuntu-users mailing list
>>>>>> [hidden email]
>>>>>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>>>>> --
>>>>> ubuntu-users mailing list
>>>>> [hidden email]
>>>>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>>>> --
>>>> ubuntu-users mailing list
>>>> [hidden email]
>>>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>> I was able to connect a monitor to that headless
>> server (server A) and I verified that I could
>> connect to server B using a key. I also tried it
>> with a raspberry Pi bypassing the 18.04 server.
>> The results where identical which tells me that is
>> not specific to the 18.04 install.
>>
>> Thinking back I might have used a single key for
>> each client but I am not sure if that is true is
>> all cases.
>>
>> Colin,
>>
>> Yes the sequence you described is correct.
>>
>> Peter,
>>
>> The keys I'm using are RSA and have been freshly
>> generated on each client.
>>
>>
>>
>>
>>
>> --
>> ubuntu-users mailing list
>> [hidden email]
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

The issue turned out to be with the key names. I
prefix the id_rsa and is_rsa.pub files with a name
to help me identify what was generated where. To
fix the login problem I ended up changing the
IdentityFile keyword in ssh_config for the ssh
client to find the correct private key. This work
for my login from A to server B and from B to A,
but I don't know why I was able to login to either
A or B to start with. The IdentityFile is
commented out on that client. I guess the behavior
is somehow different for a shell and secure shell.

Colin, thank you for the debug hint. It really
help in tracking this down. I really should have
mentioned the name change it my original post. Now
to get Git working.







--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users