Hi, On Sat, Jan 27, 2024 at 09:55:16AM +0000, Michael Kjörling wrote: > On 27 Jan 2024 08:12 +0000, from a...@strugglers.net (Andy Smith): > > This only happens when I log in as root using a public key, i.e. > > > > ssh -i /path/to/pubkey r...@t.example.com > > According to https://access.redhat.com/solutions/20057 this can happen > in cases where multiple authentication methods are tried. You should > be able to confirm this by adding -v to your ssh command line and > looking for authentication methods that are not your presumably > intended publickey.
The only authentication methods that are tried are publickey, it's just that it seems it tries several public keys that won't work first: debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/andy/.ssh/id_rsa debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Offering ED25519 public key: andy@jameson debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Offering RSA public key: /home/andy/.ssh/id_rsa debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Offering RSA public key: /home/andy/.ssh/foo_rsa debug1: Server accepts key: pkalg rsa-sha2-512 blen 535 debug1: Authentication succeeded (publickey). Authenticated to t.example.com ([2001:db8:0:1f1::13]:922). (/home/andy/.ssh/foo_rsa being what was specified on the ssh command line with -i) Presumably if there WERE no working public keys then it would get around to trying another method, but publickey is offered first. If I do: $ ssh -o IdentitiesOnly=yes -i ~/.ssh/foo_rsa r...@t.example.com then only that single public key is offered and there is no message about publickey being postponed, so that must be it. Though I still wonder why it bopthers to log anything about publickey being postponed in the first place. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting