I think you might be copying the keys backward. The keys should be
generated on the _client_ box. the .pub file should be copied to the
server and installed in the authorized_keys file there.
It sounds like you are doing the opposite (putting the public key on the
client, and adding it to the client's authorized_keys file) which is
Since the client is where you're running the commands, you're already
authenticated (signed-on) before you run SSH there. You don't need to
authenticate to the client... so that's why you must install the public
key into the "authorized keys" file on the server.
On 6/16/2014 2:13 PM, Keith McCully wrote:
This is part of a proof of concept exercise aimed transferring a file from
the IBM i to a windows server via SSH (SFTP). However, as a first stage, I
want to run some SSH tests between 2 IBM i LPARS residing in the same
enclosure so as to avoid firewall issues for now.
So far I’ve done the following:
1. Created 2 user profiles: one on the client and the other on the
server – both 6 characters in length.
2. Created /home/UserProfile/.ssh folders on both client and server
using profile name in each case
3. Amended permissions on UserProfile and .ssh folders to exclude public
4. Set home directories to /home/UserProfile for client and server user
5. Within Qshell, generate an RSA key pair using: : ssh-keygen -t rsa -N
6. Copy the public key, id_rsa.pub, from server to client .ssh directory
7. On the client, add the public key to the authorized_keys file in .ssh
directory using: using: cat /home/userprofile/.ssh/id_rsa.pub >>
Next I attempt to authenticate the public key which is where it fails …
Within Qshell on the client and logged on as the ClientUser
ssh –T ServerUser@serverHost
I get the first-time enquiry message regarding the authenticity of the host
but when I respond ‘yes’, I get prompted for the password indicating that
the key authentication has failed.
If I key the password, the known_hosts file gets created and I can log on
via SSH ok but I want to use certificates instead of passwords.
Also, I get the following SFTP log (part displayed below) :
sftp -vvv sshxxx@xxxxxxxxxxxxx
Connecting to xx.xx.xxx.xxx
debug1: Connecting to xxx.xxx.xxx.xxx ^xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /home/sshxxx/.ssh/id_rsa type 1
debug2: key: /home/sshxxx/.ssh/id_rsa
debug2: key: /home/sshxxx/.ssh/id_dsa
debug1: Authentications that can continue:
debug3: start over, passed a different list
debug3: remaining preferred:
debug1: Next authentication method:
debug1: Offering public key:
debug2: we sent a publickey packet, wait for
Connection closed by