Hi,
I've been trying to setup openssh to authenticate with keys and no
passwords to back up user mail folders on a linux machine, but haven't
been able to get rid of the password prompt. I've put the backuppc user
key from the backup server on the mail server, but no luck so far.
Here's my ssh daemon config:
Port 22
ListenAddress 0.0.0.0
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_rsa_key
KeyRegenerationInterval 3600
LoginGraceTime 600
ServerKeyBits 768
ChallengeResponseAuthentication yes
Compression yes
IgnoreRhosts yes
KbdInteractiveAuthentication no
MaxStartups 10:30:60
PasswordAuthentication no
PermitEmptyPasswords no
PermitRootLogin yes
RSAAuthentication yes
RhostsRSAAuthentication no
StrictModes yes
UsePrivilegeSeparation yes
Subsystem sftp /usr/libexec/openssh/sftp-serverOct 24 08:08:54
mail sshd[18340]: debug1: Client protocol version 2.0; client software
version OpenSSH_4.0
X11DisplayOffset 10
X11Forwarding no
KeepAlive yes
PrintMotd yes
SyslogFacility AUTH
LogLevel DEBUG3
Which gives me this:
Oct 24 08:08:54 mail sshd[18340]: debug1: match: OpenSSH_4.0 pat OpenSSH*
Oct 24 08:08:54 mail sshd[18340]: debug1: Enabling compatibility mode
for protocol 2.0
Oct 24 08:08:54 mail sshd[18340]: debug1: Local version string
SSH-1.99-OpenSSH_3.7.1p1
Oct 24 08:08:54 mail sshd[18340]: debug2: Network child is on pid 18341
Oct 24 08:08:54 mail sshd[18340]: debug3: preauth child monitor started
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_receive entering
Oct 24 08:08:54 mail sshd[18340]: debug3: monitor_read: checking request 0
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_answer_moduli: got
parameters: 1024 1024 8192
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_send entering: type 1
Oct 24 08:08:54 mail sshd[18340]: debug2: monitor_read: 0 used once,
disabling now
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_receive entering
Oct 24 08:08:54 mail sshd[18340]: debug3: monitor_read: checking request 4
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_answer_sign
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_answer_sign: signature
0x80a48d8(143)
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_send entering: type 5
Oct 24 08:08:54 mail sshd[18340]: debug2: monitor_read: 4 used once,
disabling now
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_receive entering
Oct 24 08:08:54 mail sshd[18340]: debug3: monitor_read: checking request 6
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_answer_pwnamallow
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_answer_pwnamallow: sending
MONITOR_ANS_PWNAM: 1
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_send entering: type 7
Oct 24 08:08:54 mail sshd[18340]: debug2: monitor_read: 6 used once,
disabling now
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_receive entering
Oct 24 08:08:54 mail sshd[18340]: debug3: monitor_read: checking request 43
Oct 24 08:08:54 mail sshd[18340]: debug1: PAM: initializing for "root"
Oct 24 08:08:54 mail sshd[18340]: debug3: Trying to reverse map address
10.1.1.161.
Oct 24 08:08:54 mail sshd[18340]: debug1: PAM: setting PAM_RHOST to
"backup.quicksoftware.co.za"
Oct 24 08:08:54 mail sshd[18340]: debug1: PAM: setting PAM_TTY to "ssh"
Oct 24 08:08:54 mail sshd[18340]: debug2: monitor_read: 43 used once,
disabling now
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_receive entering
Oct 24 08:08:54 mail sshd[18340]: debug3: monitor_read: checking request 3
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_answer_authserv:
service=ssh-connection, style=
Oct 24 08:08:54 mail sshd[18340]: debug2: monitor_read: 3 used once,
disabling now
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_receive entering
Oct 24 08:08:54 mail sshd[18340]: debug3: monitor_read: checking request 20
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_answer_keyallowed entering
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_answer_keyallowed:
key_from_blob: 0x80a8040
Oct 24 08:08:54 mail sshd[18340]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Oct 24 08:08:54 mail sshd[18340]: debug1: trying public key file
/root/.ssh/authorized_keys
Oct 24 08:08:54 mail sshd[18340]: debug1: restore_uid: 0/0
Oct 24 08:08:54 mail sshd[18340]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Oct 24 08:08:54 mail sshd[18340]: debug1: trying public key file
/root/.ssh/authorized_keys2
Oct 24 08:08:54 mail sshd[18340]: debug1: restore_uid: 0/0
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_answer_keyallowed: key
0x80a8040 is disallowed
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_send entering: type 21
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_receive entering
Oct 24 08:08:54 mail sshd[18340]: debug3: monitor_read: checking request 46
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_answer_pam_init_ctx
Oct 24 08:08:54 mail sshd[18342]: debug3: ssh_msg_send: type 1
Oct 24 08:08:54 mail sshd[18342]: debug3: ssh_msg_recv entering
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_send entering: type 47
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_receive entering
Oct 24 08:08:54 mail sshd[18340]: debug3: monitor_read: checking request 48
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_answer_pam_query
Oct 24 08:08:54 mail sshd[18340]: debug3: ssh_msg_recv entering
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_send entering: type 49
Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_receive entering
I get the following on the backup server:
debug1: Host 'mail' is known and matches the RSA host key.
debug1: Found key in /home/backuppc/.ssh/known_hosts:1
debug2: bits set: 520/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/backuppc/.ssh/identity ((nil))
debug2: key: /home/backuppc/.ssh/id_rsa (0x9d67848)
debug2: key: /home/backuppc/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,keyboard-interactive
debug3: start over, passed a different list publickey,keyboard-interactive
debug3: preferred gssapi-with-mic,hostbased,publickey,keyboard-interactive
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/backuppc/.ssh/identity
debug3: no such identity: /home/backuppc/.ssh/identity
debug1: Offering public key: /home/backuppc/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /home/backuppc/.ssh/id_dsa
debug3: no such identity: /home/backuppc/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred:
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
Any fundi's out there that can help me?
Alex
-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
_______________________________________________
BackupPC-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/
