retitle 801150 PubkeyAuthentication not working when ~/.ssh/id_rsa.pub is present thanks
(I let you adjust the severity as you see fit) Hi Colin, thanks for your prompt answer! Colin Watson <[email protected]> wrote: > Do you have a good reason to still be using the RSAAuthentication > option? It's protocol 1 only, which has been obsolete for a decade or > so, and your -vv transcript shows that you're using protocol 2 so > RSAAuthentication cannot possibly work. Since you're communicating with > a server version that is substantially less than a decade old, there > should be no reason to try to use protocol 1 with it. The protocol 2 > equivalent is PubkeyAuthentication. Ah, right, then I meant PubkeyAuthentication, sorry for the confusion. > You will of course need to make sure that you aren't using an RSA1 key > (ssh-keygen -t rsa1 vs. -t rsa). I generated a new key with '-t rsa' but it doesn't change anything. After some trial and error, I determined that authentication works iff I rename ~/.ssh/id_rsa.pub to something else (e.g., 'disabled.pub', or moved to a different directory). This is on the client, of course. I got this idea because ssh-add(1) now says: After loading a private key, ssh-add will try to load corresponding certificate information from the filename obtained by appending -cert.pub to the name of the private key file. so I first tried id_rsa-cert.pub, then found out that anything other than ~/.ssh/id_rsa.pub appears to work. BTW, I have no idea what this new -cert.pub suffix is about. If you think this would be useful, I can send you logs of the sshd server in debug mode by private mail. Thanks for your support. -- Florent
