ssh key authentication problem...

Peter Harrison peter.piggybox at virgin.net
Sat Oct 30 16:39:50 UTC 2010


On Thu, Oct 28, 2010 at 10:18:41PM -0400, Mikel King wrote:
> Peter,
> 
> Have you verified permissions of 700 on .ssh and 640 on authorized_keys and authorized_keys2? If you do not have an authorized_keys2 simply copy the former to that name and give it a go.
> 
> Cheers,
> Mikel King

Mikel - you were right I didn't have the permission correct, but it doesn't work if I have it set to anything other than 0600 for authorized_keys? Thanks for the help.


Peter Harrison.

> 
>   _____  
> 
> From: Peter Harrison [mailto:peter.piggybox at virgin.net]
> To: questions at freebsd.org
> Sent: Thu, 28 Oct 2010 15:39:53 -0400
> Subject: ssh key authentication problem...
> 
> Can anyone help me debug an ssh key-based authentication problem?
>   
>   I have an 8.1-R server running sshd, with one user account. On the server, I've used ssh-keygen to generate id_rsa  and id_rsa.pub.
>   
>   On my laptop I then pulled the id_rsa.pub file over and:
>   
>   % cat id_rsa.pub >> .ssh/authorized_keys
>   
>   Now I try to login from the laptop (also 8.1-R) to the server. It pauses for a second and presents me with a 'Password:' prompt, so obviously the key authentication isn't working.
>   
>   He's a debugging chunk from sshd run with '-ddd' flags:
>   
>   debug1: PAM: initializing for "peter"
>   debug1: userauth-request for user peter service ssh-connection method publickey
>   debug1: attempt 1 failures 0
>   debug2: input_userauth_request: try method publickey
>   debug1: test whether pkalg/pkblob are acceptable
>   debug3: mm_key_allowed entering
>   debug3: mm_request_send entering: type 20
>   debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
>   debug3: mm_request_receive_expect entering: type 21
>   debug3: mm_request_receive entering
>   debug1: PAM: setting PAM_RHOST to "192.168.1.4"
>   debug2: monitor_read: 45 used once, disabling now
>   debug3: mm_request_receive entering
>   debug3: monitor_read: checking request 3
>   debug3: mm_answer_authserv: service=ssh-connection, style=
>   debug2: monitor_read: 3 used once, disabling now
>   debug3: mm_request_receive entering
>   debug3: monitor_read: checking request 20
>   debug3: mm_answer_keyallowed entering
>   debug3: mm_answer_keyallowed: key_from_blob: 0x286067c0
>   debug1: trying public key file /home/peter/.ssh/authorized_keys
>   debug1: fd 4 clearing O_NONBLOCK
>   debug3: secure_filename: checking '/usr/home/peter/.ssh'
>   debug3: secure_filename: checking '/usr/home/peter'
>   debug3: secure_filename: terminating check at '/usr/home/peter'
>   debug2: key not found
>   debug1: trying public key file /home/peter/.ssh/authorized_keys2
>   Failed publickey for peter from 192.168.1.4 port 43046 ssh2
>   debug3: mm_answer_keyallowed: key 0x286067c0 is not allowed
>   debug3: mm_request_send entering: type 21
>   debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
>   debug3: mm_request_receive entering
>   debug1: userauth-request for user peter service ssh-connection method keyboard-interactive
>   debug1: attempt 2 failures 1
>   debug2: input_userauth_request: try method keyboard-interactive
>   debug1: keyboard-interactive devs 
>   
>   Anyone suggest what I'm doing wrong?
>   
>   TIA.
>   
>   
>   Peter Harrison.
>   
>   
>   
>   _______________________________________________
>   freebsd-questions at freebsd.org mailing list
>   http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>   To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>     


More information about the freebsd-questions mailing list