On Tue, Oct 21, 2014 at 12:34 PM, Daniel Herrington <[email protected]> wrote: > All, > > I have permissions set to 600 on id_rsa.pub. I hvae explicitly set > IdentityFile in config, so it's using id_rsa.pub.
Just to be clear here, you're _not_ saying you set IdentityFile to id_rsa.pub, right? Because that would be wrong. As I noted before, it seems clear from the logs that your client is successfully offering a public key for acceptance (ruling out permissions problems, unless it's finding another way to offer a key - are you using an ssh-agent on either client machine?), and that this public key doesn't match what the server is accepting. As you said in your original message, the problem would seem to be on the Solaris machine, given that the Mac can sign in no problem. So I'd make, really, extra, double-trouble-quadruple sure that the id_rsa.pub really matches the exact value you had for the Mac one. Use md5sum to make sure both files are completely identical. Although, it's also remotely conceivable there's a line ending problem - make sure the line/lines in id_rsa.pub ends in \n, and contains no \r (use "cat -t" and make sure you don't see ^M). But while Mac traditionally uses \r as the line ending, that's not the case in its "Unixy" files that you use from the terminal, so it seems unlikely to be a line ending problem. You said you removed the id_rsa file. I assume you mean from the server, right? Because if you remove it from the client system, it'll never be able to actually establish a session, though I believe it'll be able to authenticate. I'm assuming you meant from the server, where it's not actually needed (but then, neither is the id_rsa.pub, as all that's really used is the authorized_keys file). If they really do match, then there's something non-obvious that's ultimately resulting in the problem, but the bottom line is that from the information we have, for whatever reason, there is a public key being offered, and it doesn't match the one the server's expecting (and therefore, the one being offered by the Mac's client). Which is why I suspect the id_rsa.pub is wrong (yes, even though you carefully scp'd it). ...I don't think the HostKeyAlias thing can be the problem, because it would fail differently from the logs you originally posted (unless you are, in fact, getting different logs now than you were before). > Can I increase logging in sshd above VERBOSE? You could run sshd -d (debug mode, no fork, single session), which is what I'd suggest. Of course, you don't want to use that to replace the session you're signed in with for testing... :) ...you might make a copy of the sshd_config file somewhere, change the port it listens on, and use -f /path/to/new/sshd_config. Of course, the different port-use might interfere with your custom firewalling...? HTH, -mjc _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
