ssh Public Keys Suddenly Stopped working for one account.

Sat Jun 14 18:43:59 UTC 2008

At 01:02 PM 6/14/2008, Martin McCormick wrote:
>         We have an account on several FreeBSD systems that is
>used for  automation. Several systems can talk to each other via
>ssh by using public keys so that scripts don't have to hold
>passwords.
>
>         Last night, an account that has been working for years
>suddenly won't let any of its cyber cohorts in without a
>password.
>
>         I bet I accidentally changed something sometime, but I
>can't figure out what.
>
>         The public keys hadn't changed since 2005 although
>today, I blew them all away and made new ones which still don't
>work on this one system but work on all others.
>
>         There is no password expiration timeout (the first thing
>I thought of) since the account is several years old.
>
>         All other accounts on this same system with public keys
>from their remote partners still work fine.
>
>         The ownership and permissions look right on the account
>directory.
>
>         Does this sound familiar and what else am I missing?
>
>         I can telnet in to the account on the localhost via the
>usual password which you can't do on an expired account.
>
>         I even did a stupid sort of measure which was to reset
>the password to itself and that didn't change anything.
>
>         Many thanks for other suggestions.
>
>Martin McCormick WB5AGZ  Stillwater, OK
>Systems Engineer
>OSU Information Technology Department Network Operations Group

If you upgraded one system to a new major version (sometimes point releases 
will cause a problem too) the system will regenerate its keys, so you need 
to then propagate the new keys.  Other than that, if you have a drive error 
causing the key files to not be readable is the only other time I've seen 
this problem.

         -Derek

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.