ssh key authentication problem...

krad kraduk at gmail.com
Thu Oct 28 21:46:45 UTC 2010


On 28 October 2010 22:13, krad <kraduk at gmail.com> wrote:

>
>
> On 28 October 2010 20:39, Peter Harrison <peter.piggybox at virgin.net>wrote:
>
>> Can anyone help me debug an ssh key-based authentication problem?
>>
>> I have an 8.1-R server running sshd, with one user account. On the server,
>> I've used ssh-keygen to generate id_rsa  and id_rsa.pub.
>>
>> On my laptop I then pulled the id_rsa.pub file over and:
>>
>> % cat id_rsa.pub >> .ssh/authorized_keys
>>
>> Now I try to login from the laptop (also 8.1-R) to the server. It pauses
>> for a second and presents me with a 'Password:' prompt, so obviously the key
>> authentication isn't working.
>>
>> He's a debugging chunk from sshd run with '-ddd' flags:
>>
>> debug1: PAM: initializing for "peter"
>> debug1: userauth-request for user peter service ssh-connection method
>> publickey
>> debug1: attempt 1 failures 0
>> debug2: input_userauth_request: try method publickey
>> debug1: test whether pkalg/pkblob are acceptable
>> debug3: mm_key_allowed entering
>> debug3: mm_request_send entering: type 20
>> debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
>> debug3: mm_request_receive_expect entering: type 21
>> debug3: mm_request_receive entering
>> debug1: PAM: setting PAM_RHOST to "192.168.1.4"
>> debug2: monitor_read: 45 used once, disabling now
>> debug3: mm_request_receive entering
>> debug3: monitor_read: checking request 3
>> debug3: mm_answer_authserv: service=ssh-connection, style=
>> debug2: monitor_read: 3 used once, disabling now
>> debug3: mm_request_receive entering
>> debug3: monitor_read: checking request 20
>> debug3: mm_answer_keyallowed entering
>> debug3: mm_answer_keyallowed: key_from_blob: 0x286067c0
>> debug1: trying public key file /home/peter/.ssh/authorized_keys
>> debug1: fd 4 clearing O_NONBLOCK
>> debug3: secure_filename: checking '/usr/home/peter/.ssh'
>> debug3: secure_filename: checking '/usr/home/peter'
>> debug3: secure_filename: terminating check at '/usr/home/peter'
>> debug2: key not found
>> debug1: trying public key file /home/peter/.ssh/authorized_keys2
>> Failed publickey for peter from 192.168.1.4 port 43046 ssh2
>> debug3: mm_answer_keyallowed: key 0x286067c0 is not allowed
>> debug3: mm_request_send entering: type 21
>> debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
>> debug3: mm_request_receive entering
>> debug1: userauth-request for user peter service ssh-connection method
>> keyboard-interactive
>> debug1: attempt 2 failures 1
>> debug2: input_userauth_request: try method keyboard-interactive
>> debug1: keyboard-interactive devs
>>
>> Anyone suggest what I'm doing wrong?
>>
>> TIA.
>>
>>
>> Peter Harrison.
>>
>>
>>
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "
>> freebsd-questions-unsubscribe at freebsd.org"
>>
>
>
> you have the setup the keys the wrong way around by the sound of it. The
> ssh server should have the public keys only in the authorized_keys files,
> and your client/desktop should have the private keys in your ~/.ssh
>

note the server does have private and public keys, but they are hosts keys
not user ones and are stored in /etc/ssh/. You dont normally have to
generate these as the rc scripts take card of that on the 1st invocation


More information about the freebsd-questions mailing list