Hi all, After spending several hours trying to get unattended ssh to work, I have run into a brick wall and would like to know if anybody can help me out. I think the solution is just a configuration setting, but its got me quite stumped (even after Googling around).
Scenario - ultimately, would like to use SSH from a unix box (Solaris 9) to run a script on a Windows Server 2003 box with Cygwin (1.5.10) installed. I am able to ssh and execute a script (runme.sh) on the win box from the unix box with *password* authentication, no problem. However, when I try public key authentication (putting private key file in the ~/.ssh directory on the unix box and adding the corresponding public key in the ~/.ssh/authorized_keys file on the Windows/Cygwin box), the script does not execute on the win box. According to the debug (attached), there does not appear to be anything wrong with with private/public key authentication - and in fact, the runme.sh script does apparently get called. The only tell tale sign seems to be an exit code of 255 (rather than 0). Has anybody experienced this before and know how to fix it? I have included the following attachments: 1) debug from password authentication (this works fine) 2) debug from public key authentication (note the exit code) 3) sshd_config file on Windows/Cygwin box (pretty much out-of-the-box) 4) various directory/file permissions (I've read widely that these can be a problem) Any help is greatly appreciated! TIA, Ken 1) Password Authentication debug # ssh -v -v -v -l myLogin winServerName ". runme.sh" SSH Version Sun_SSH_1.0, protocol versions 1.5/2.0. debug1: Reading configuration data /etc/ssh/ssh_config debug1: ssh_connect: getuid 0 geteuid 0 anon 0 debug1: Connecting to winServerName [winServerIP] port 22. debug1: Allocated local port 964. debug1: Connection established. debug1: identity file //.ssh/identity type 3 debug1: identity file //.ssh/id_rsa type 3 debug1: identity file //.ssh/id_dsa type 3 debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8.1p1 debug1: match: OpenSSH_3.8.1p1 pat ^OpenSSH Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-Sun_SSH_1.0 debug1: sent kexinit: diffie-hellman-group1-sha1 debug1: sent kexinit: ssh-rsa,ssh-dss debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc debug1: sent kexinit: hmac-sha1,hmac-md5 debug1: sent kexinit: hmac-sha1,hmac-md5 debug1: sent kexinit: none debug1: sent kexinit: none debug1: sent kexinit: /en_AU.ISO8859-1/en_AU.ISO8859-1/en_AU.ISO8859-1/en_AU.ISO 8859-1/en_AU.ISO8859-1/C debug1: sent kexinit: /en_AU.ISO8859-1/en_AU.ISO8859-1/en_AU.ISO8859-1/en_AU.ISO 8859-1/en_AU.ISO8859-1/C debug1: send KEXINIT debug1: done debug1: wait KEXINIT debug1: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sh a1 debug1: got kexinit: ssh-rsa,ssh-dss debug1: got kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192 -cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug1: got kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192 -cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug1: got kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED] m,hmac-sha1-96,hmac-md5-96 debug1: got kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED] m,hmac-sha1-96,hmac-md5-96 debug1: got kexinit: none,zlib debug1: got kexinit: none,zlib debug1: got kexinit: debug1: got kexinit: debug1: first kex follow: 0 debug1: reserved: 0 debug1: done debug2: mac_init: found hmac-sha1 debug1: kex: server->client unable to decide common locale debug1: kex: server->client aes128-cbc hmac-sha1 none debug2: mac_init: found hmac-sha1 debug1: kex: client->server unable to decide common locale debug1: kex: client->server aes128-cbc hmac-sha1 none debug1: Sending SSH2_MSG_KEXDH_INIT. debug1: bits set: 519/1024 debug1: Wait SSH2_MSG_KEXDH_REPLY. debug1: Got SSH2_MSG_KEXDH_REPLY. debug1: Host 'winServerName' is known and matches the RSA host key. debug1: Found key in //.ssh/known_hosts:1 debug1: bits set: 522/1024 debug1: ssh_rsa_verify: signature correct debug1: Wait SSH2_MSG_NEWKEYS. debug1: GOT SSH2_MSG_NEWKEYS. debug1: send SSH2_MSG_NEWKEYS. debug1: done: send SSH2_MSG_NEWKEYS. debug1: done: KEX2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug3: input_userauth_banner Hello from winServerName! debug1: authentications that can continue: publickey,password,keyboard-interacti ve debug3: start over, passed a different list debug3: authmethod_lookup publickey debug3: authmethod_is_enabled publickey debug1: next auth method to try is publickey debug1: key does not exist: //.ssh/identity debug1: key does not exist: //.ssh/id_rsa debug1: key does not exist: //.ssh/id_dsa debug2: we did not send a packet, disable method debug3: authmethod_lookup publickey debug3: authmethod_lookup password debug3: authmethod_is_enabled password debug1: next auth method to try is password [EMAIL PROTECTED]'s password: debug2: we sent a password packet, wait for reply debug1: ssh-userauth2 successfull: method password debug1: channel 0: new [client-session] debug1: send channel open 0 debug1: Entering interactive session. debug2: callback start debug1: client_init id 0 arg 0 debug1: Sending command: . runme.sh debug2: callback done debug1: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel 0: rcvd adjust 131072 debug1: channel: 0 rcvd request for exit-status debug1: cb_fn 267a4 cb_event 91 debug1: channel 0: rcvd eof debug1: channel 0: output open->drain debug1: channel 0: rcvd close debug1: channel 0: input open->closed debug1: channel 0: close_read debug1: channel 0: obuf empty debug1: channel 0: output drain->closed debug1: channel 0: close_write debug1: channel 0: send close debug1: channel 0: full closed2 debug1: channel_free: channel 0: status: The following connections are open: #0 client-session (t4 r0 i8/0 o128/0 fd -1/-1) debug1: channel_free: channel 0: dettaching channel user debug2: !channel_still_open. debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.2 seconds debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0 debug1: Exit status 0 2) Public Key authentication debug # ssh -v -v -v -l myLogin winServerName ". runme.sh" SSH Version Sun_SSH_1.0, protocol versions 1.5/2.0. debug1: Reading configuration data /etc/ssh/ssh_config debug1: ssh_connect: getuid 0 geteuid 0 anon 0 debug1: Connecting to winServerName [winServerIP] port 22. debug1: Allocated local port 965. debug1: Connection established. debug1: identity file //.ssh/identity type 3 debug1: Bad RSA1 key file //.ssh/id_rsa. debug1: identity file //.ssh/id_rsa type 3 debug1: identity file //.ssh/id_dsa type 3 debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8.1p1 debug1: match: OpenSSH_3.8.1p1 pat ^OpenSSH Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-Sun_SSH_1.0 debug1: sent kexinit: diffie-hellman-group1-sha1 debug1: sent kexinit: ssh-rsa,ssh-dss debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc debug1: sent kexinit: hmac-sha1,hmac-md5 debug1: sent kexinit: hmac-sha1,hmac-md5 debug1: sent kexinit: none debug1: sent kexinit: none debug1: sent kexinit: /en_AU.ISO8859-1/en_AU.ISO8859-1/en_AU.ISO8859-1/en_AU.ISO 8859-1/en_AU.ISO8859-1/C debug1: sent kexinit: /en_AU.ISO8859-1/en_AU.ISO8859-1/en_AU.ISO8859-1/en_AU.ISO 8859-1/en_AU.ISO8859-1/C debug1: send KEXINIT debug1: done debug1: wait KEXINIT debug1: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sh a1 debug1: got kexinit: ssh-rsa,ssh-dss debug1: got kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192 -cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug1: got kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192 -cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug1: got kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED] m,hmac-sha1-96,hmac-md5-96 debug1: got kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED] m,hmac-sha1-96,hmac-md5-96 debug1: got kexinit: none,zlib debug1: got kexinit: none,zlib debug1: got kexinit: debug1: got kexinit: debug1: first kex follow: 0 debug1: reserved: 0 debug1: done debug2: mac_init: found hmac-sha1 debug1: kex: server->client unable to decide common locale debug1: kex: server->client aes128-cbc hmac-sha1 none debug2: mac_init: found hmac-sha1 debug1: kex: client->server unable to decide common locale debug1: kex: client->server aes128-cbc hmac-sha1 none debug1: Sending SSH2_MSG_KEXDH_INIT. debug1: bits set: 476/1024 debug1: Wait SSH2_MSG_KEXDH_REPLY. debug1: Got SSH2_MSG_KEXDH_REPLY. debug1: Host 'winServerName' is known and matches the RSA host key. debug1: Found key in //.ssh/known_hosts:1 debug1: bits set: 519/1024 debug1: ssh_rsa_verify: signature correct debug1: Wait SSH2_MSG_NEWKEYS. debug1: GOT SSH2_MSG_NEWKEYS. debug1: send SSH2_MSG_NEWKEYS. debug1: done: send SSH2_MSG_NEWKEYS. debug1: done: KEX2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug3: input_userauth_banner Hello from winServerName! debug1: authentications that can continue: publickey,password,keyboard-interacti ve debug3: start over, passed a different list debug3: authmethod_lookup publickey debug3: authmethod_is_enabled publickey debug1: next auth method to try is publickey debug1: key does not exist: //.ssh/identity debug1: try pubkey: //.ssh/id_rsa debug1: read SSH2 private key done: name rsa w/o comment success 1 debug3: sign_and_send_pubkey debug2: ssh_rsa_sign: done debug2: we sent a publickey packet, wait for reply debug1: ssh-userauth2 successfull: method publickey debug1: channel 0: new [client-session] debug1: send channel open 0 debug1: Entering interactive session. debug2: callback start debug1: client_init id 0 arg 0 debug1: Sending command: . runme.sh debug2: callback done debug1: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel 0: rcvd adjust 131072 debug1: channel 0: rcvd eof debug1: channel 0: output open->drain debug1: channel 0: obuf empty debug1: channel 0: output drain->closed debug1: channel 0: close_write debug1: channel: 0 rcvd request for exit-status debug1: cb_fn 267a4 cb_event 91 debug1: channel 0: rcvd close debug1: channel 0: input open->closed debug1: channel 0: close_read debug1: channel 0: send close debug1: channel 0: full closed2 debug1: channel_free: channel 0: status: The following connections are open: #0 client-session (t4 r0 i8/0 o128/0 fd -1/-1) debug1: channel_free: channel 0: dettaching channel user debug2: !channel_still_open. debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.2 seconds debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0 debug1: Exit status 255 3) contents of sshd_config file # $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/bin:/usr/sbin:/sbin:/usr/bin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /etc/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh_host_rsa_key #HostKey /etc/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 768 # Logging #obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin yes StrictModes no #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication IgnoreUserKnownHosts yes # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication (via challenge-response) # and session processing. Depending on your PAM configuration, this may # bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords' #UsePAM no #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression yes #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 # no default banner path Banner /etc/banner.txt # override default of no subsystems #Subsystem sftp /usr/sbin/sftp-server 4) various file/directory permissions [EMAIL PROTECTED] /home $ ls -la total 0 drwxrwxrwx+ 3 Administ Domain U 0 Jul 29 11:08 . drwxrwx---+ 9 Administ Users 0 Jul 29 14:11 .. drwxr-xr-x+ 3 Administ Domain U 0 Aug 9 15:33 myLogin [EMAIL PROTECTED] ~ $ ls -la total 6 drwxr-xr-x+ 3 Administ Domain U 0 Aug 9 15:33 . drwxrwxrwx+ 3 Administ Domain U 0 Jul 29 11:08 .. -rw------- 1 Administ Domain U 638 Aug 9 16:09 .bash_history -rwxr-xr-x 1 Administ Domain U 533 Jul 29 11:08 .bash_profile -rwxr-xr-x 1 Administ Domain U 625 Jul 29 11:08 .bashrc -rwxr-xr-x 1 Administ Domain U 267 Jul 29 11:08 .inputrc drwxr-xr-x+ 2 Administ Domain U 0 Aug 9 15:33 .ssh -rwxr-xr-x 1 Administ Domain U 15 Aug 9 11:00 runme.sh -rw-r--r-- 1 Administ Domain U 6 Aug 9 16:10 test.txt [EMAIL PROTECTED] ~/.ssh $ ls -la total 1 drwxr-xr-x+ 2 Administ Domain U 0 Aug 9 15:33 . drwxr-xr-x+ 3 Administ Domain U 0 Aug 9 15:33 .. -rw-r--r-- 1 Administ Domain U 222 Aug 9 09:59 authorized_keys -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
