failed root login with shared ssh key

Dave [Hawk-Systems] dave at hawk-systems.com
Tue Aug 26 15:19:54 PDT 2003 

have several FreeBSD servers around all with varrying installs, 4.3 with a
number of patches, up to a 4.7 that is relatively new.

Some maintenance on the servers that requires root is run from a master server
which connects to run the command(s) via SSH.  The public key for
root at master_server has been distributed out to the ~root/.ssh/authorized_keys
file.

I am having problems with the 4.7 box in that it will not accept the key
authentication, and bounces back to asking for a password to login as root.  I
cannot log in as root over ssh with a password, but that fine, i don't want or
need to.  I do need to allow this server to log in using the shared public key
to this (and all the servers.

Have checked /etc/ssh/sshd_config, and "AllowRootLogin yes" is present, and it
pretty much matches the other 4.3 to 4.5 installs.
Have checked /etc/ttys, and while all the ttyps do not specifically state
secure, neither doe they on the servers that this works fine on.

I am sure I am forgetting something stupid, just have not been able to google
anything that is pointing me in the right direction.

Thanks

Dave

debug from SSH session (and no, df -k is not the command that requires root)
///
server# ssh -v target "df -k"
SSH Version OpenSSH_2.3.0 green at FreeBSD.org 20010321, protocol versions 1.5/2.0.
Compiled with SSL (0x0090600f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to target.domain.com [123.456.789.2] port 22.
debug: Allocated local port 921.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
FreeBSD-20020702
debug: no match: OpenSSH_3.4p1 FreeBSD-20020702
debug: Local version string SSH-1.5-OpenSSH_2.3.0 green at FreeBSD.org 20010321
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host 'target' is known and matches the RSA host key.
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Trying RSA authentication with key 'root at server.domain.com'
debug: Received RSA challenge from server.
debug: Sending response to host key RSA challenge.
debug: Remote: RSA authentication accepted.
debug: RSA authentication refused.
debug: Doing password authentication.
root at target's password:
Permission denied, please try again.
root at target's password:

More information about the freebsd-questions mailing list