Oh, also: set the permissions on id_rsa and authorized_keys to 600.
-wes On Mon, Oct 20, 2014 at 1:51 PM, wes <[email protected]> wrote: > Try removing the id_rsa.pub file from the source machine. > > Coincidentally, I ran into this just yesterday and banged my head on it > for over an hour before stumbling on this. > > -wes > > On Mon, Oct 20, 2014 at 1:45 PM, Daniel Herrington <[email protected]> > wrote: > >> All, >> >> I'm stuck with a ssh passwordless login problem. Source machine is a >> solaris 10 box behind a firewall and NAT. The remote machine is Mint 13 >> behind firewall and NAT. >> >> Source: >> debug1: using hostkeyalias: XXXXX >> debug3: check_host_in_hostfile: filename /u/XXX/.ssh/known_hosts >> debug3: check_host_in_hostfile: match line 2 >> debug3: check_host_in_hostfile: filename /u/XXX/.ssh/known_hosts >> debug3: check_host_in_hostfile: match line 1 >> debug1: Host 'XXXXX' is known and matches the RSA host key. >> debug1: Found key in /u/XXXXXX/.ssh/known_hosts:2 >> debug1: bits set: 1034/2048 >> debug1: ssh_rsa_verify: signature correct >> debug2: kex_derive_keys >> debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && >> !0 >> debug1: newkeys: mode 1 >> debug1: set_newkeys: setting new keys for 'out' mode >> debug3: aes-128-ctr NID found >> debug1: SSH2_MSG_NEWKEYS sent >> debug1: expecting SSH2_MSG_NEWKEYS >> debug1: newkeys: mode 0 >> debug1: set_newkeys: setting new keys for 'in' mode >> debug3: aes-128-ctr NID found >> debug1: SSH2_MSG_NEWKEYS received >> debug1: done: ssh_kex2. >> debug1: send SSH2_MSG_SERVICE_REQUEST >> debug2: service_accept: ssh-userauth >> debug1: got SSH2_MSG_SERVICE_ACCEPT >> debug1: Authentications that can continue: publickey,password >> debug3: start over, passed a different list publickey,password >> debug3: preferred >> gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password >> debug3: authmethod_lookup publickey >> debug3: remaining preferred: keyboard-interactive,password >> debug3: authmethod_is_enabled publickey >> debug1: Next authentication method: publickey >> debug1: Trying public key: /u/XXXX/.ssh/id_rsa.pub >> debug3: send_pubkey_test >> debug2: we sent a publickey packet, wait for reply >> debug1: Authentications that can continue: publickey,password >> debug2: we did not send a packet, disable method >> debug3: authmethod_lookup password >> debug3: remaining preferred: ,password >> debug3: authmethod_is_enabled password >> debug1: Next authentication method: password >> [email protected]'s password: >> >> Remote sshd log: >> Oct 20 13:36:56 XXXX sshd[31134]: Connection from ###.###.###.## port >> 12996 >> Oct 20 13:36:58 XXXX sshd[31134]: Failed publickey for XXX from >> ###.###.###.## port 12996 ssh2 >> >> This works from an internal Mac to the Mint machine with the same >> id_rsa.pub (I copied it over to the Solaris machine by using scp. >> Directory >> permissions: >> >> drwxr-xr-x 2 XX XXX 1024 Oct 20 16:34 . >> drwxr-xr-x 5 XX X 1024 Oct 20 14:21 .. >> -rw-r--r-- 1 XX XXX 392 Oct 20 15:47 authorized_keys >> -rw------- 1 XX XXX 392 Oct 20 15:35 authorized_keys.old >> -rw-r--r-- 1 XX XXX 246 Oct 20 16:35 config >> -rw-r--r-- 1 XX XXX 392 Oct 20 15:21 id_rsa >> -rw-r--r-- 1 XX XXX 392 Oct 20 16:34 id_rsa.pub >> -rw-r--r-- 1 XX XXX 805 Oct 20 15:12 known_hosts >> >> At this point I don't know where to look further. Is there a higher level >> of debug on sshd other than VERBOSE? >> >> The fact that it works from the Mac to ubuntu but not from Saolris to >> ubuntu, it seems to be something on the solaris machine... >> >> -- >> Daniel B. Herrington >> _______________________________________________ >> PLUG mailing list >> [email protected] >> http://lists.pdxlinux.org/mailman/listinfo/plug >> > > _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
