ssh key authentication problem...
Peter Harrison
peter.piggybox at virgin.net
Sat Oct 30 16:39:50 UTC 2010
On Thu, Oct 28, 2010 at 10:18:41PM -0400, Mikel King wrote:
> Peter,
>
> Have you verified permissions of 700 on .ssh and 640 on authorized_keys and authorized_keys2? If you do not have an authorized_keys2 simply copy the former to that name and give it a go.
>
> Cheers,
> Mikel King
Mikel - you were right I didn't have the permission correct, but it doesn't work if I have it set to anything other than 0600 for authorized_keys? Thanks for the help.
Peter Harrison.
>
> _____
>
> From: Peter Harrison [mailto:peter.piggybox at virgin.net]
> To: questions at freebsd.org
> Sent: Thu, 28 Oct 2010 15:39:53 -0400
> Subject: ssh key authentication problem...
>
> Can anyone help me debug an ssh key-based authentication problem?
>
> I have an 8.1-R server running sshd, with one user account. On the server, I've used ssh-keygen to generate id_rsa and id_rsa.pub.
>
> On my laptop I then pulled the id_rsa.pub file over and:
>
> % cat id_rsa.pub >> .ssh/authorized_keys
>
> Now I try to login from the laptop (also 8.1-R) to the server. It pauses for a second and presents me with a 'Password:' prompt, so obviously the key authentication isn't working.
>
> He's a debugging chunk from sshd run with '-ddd' flags:
>
> debug1: PAM: initializing for "peter"
> debug1: userauth-request for user peter service ssh-connection method publickey
> debug1: attempt 1 failures 0
> debug2: input_userauth_request: try method publickey
> debug1: test whether pkalg/pkblob are acceptable
> debug3: mm_key_allowed entering
> debug3: mm_request_send entering: type 20
> debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
> debug3: mm_request_receive_expect entering: type 21
> debug3: mm_request_receive entering
> debug1: PAM: setting PAM_RHOST to "192.168.1.4"
> debug2: monitor_read: 45 used once, disabling now
> debug3: mm_request_receive entering
> debug3: monitor_read: checking request 3
> debug3: mm_answer_authserv: service=ssh-connection, style=
> debug2: monitor_read: 3 used once, disabling now
> debug3: mm_request_receive entering
> debug3: monitor_read: checking request 20
> debug3: mm_answer_keyallowed entering
> debug3: mm_answer_keyallowed: key_from_blob: 0x286067c0
> debug1: trying public key file /home/peter/.ssh/authorized_keys
> debug1: fd 4 clearing O_NONBLOCK
> debug3: secure_filename: checking '/usr/home/peter/.ssh'
> debug3: secure_filename: checking '/usr/home/peter'
> debug3: secure_filename: terminating check at '/usr/home/peter'
> debug2: key not found
> debug1: trying public key file /home/peter/.ssh/authorized_keys2
> Failed publickey for peter from 192.168.1.4 port 43046 ssh2
> debug3: mm_answer_keyallowed: key 0x286067c0 is not allowed
> debug3: mm_request_send entering: type 21
> debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
> debug3: mm_request_receive entering
> debug1: userauth-request for user peter service ssh-connection method keyboard-interactive
> debug1: attempt 2 failures 1
> debug2: input_userauth_request: try method keyboard-interactive
> debug1: keyboard-interactive devs
>
> Anyone suggest what I'm doing wrong?
>
> TIA.
>
>
> Peter Harrison.
>
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list