Re: ssh key authentication problem...
On Thu, Oct 28, 2010 at 10:18:41PM -0400, Mikel King wrote: > Peter, > > Have you verified permissions of 700 on .ssh and 640 on authorized_keys and > authorized_keys2? If you do not have an authorized_keys2 simply copy the > former to that name and give it a go. > > Cheers, > Mikel King Mikel - you were right I didn't have the permission correct, but it doesn't work if I have it set to anything other than 0600 for authorized_keys? Thanks for the help. Peter Harrison. > > _ > > From: Peter Harrison [mailto:peter.piggy...@virgin.net] > To: questi...@freebsd.org > Sent: Thu, 28 Oct 2010 15:39:53 -0400 > Subject: ssh key authentication problem... > > Can anyone help me debug an ssh key-based authentication problem? > > I have an 8.1-R server running sshd, with one user account. On the server, > I've used ssh-keygen to generate id_rsa and id_rsa.pub. > > On my laptop I then pulled the id_rsa.pub file over and: > > % cat id_rsa.pub >> .ssh/authorized_keys > > Now I try to login from the laptop (also 8.1-R) to the server. It pauses > for a second and presents me with a 'Password:' prompt, so obviously the key > authentication isn't working. > > He's a debugging chunk from sshd run with '-ddd' flags: > > debug1: PAM: initializing for "peter" > debug1: userauth-request for user peter service ssh-connection method > publickey > debug1: attempt 1 failures 0 > debug2: input_userauth_request: try method publickey > debug1: test whether pkalg/pkblob are acceptable > debug3: mm_key_allowed entering > debug3: mm_request_send entering: type 20 > debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED > debug3: mm_request_receive_expect entering: type 21 > debug3: mm_request_receive entering > debug1: PAM: setting PAM_RHOST to "192.168.1.4" > debug2: monitor_read: 45 used once, disabling now > debug3: mm_request_receive entering > debug3: monitor_read: checking request 3 > debug3: mm_answer_authserv: service=ssh-connection, style= > debug2: monitor_read: 3 used once, disabling now > debug3: mm_request_receive entering > debug3: monitor_read: checking request 20 > debug3: mm_answer_keyallowed entering > debug3: mm_answer_keyallowed: key_from_blob: 0x286067c0 > debug1: trying public key file /home/peter/.ssh/authorized_keys > debug1: fd 4 clearing O_NONBLOCK > debug3: secure_filename: checking '/usr/home/peter/.ssh' > debug3: secure_filename: checking '/usr/home/peter' > debug3: secure_filename: terminating check at '/usr/home/peter' > debug2: key not found > debug1: trying public key file /home/peter/.ssh/authorized_keys2 > Failed publickey for peter from 192.168.1.4 port 43046 ssh2 > debug3: mm_answer_keyallowed: key 0x286067c0 is not allowed > debug3: mm_request_send entering: type 21 > debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa > debug3: mm_request_receive entering > debug1: userauth-request for user peter service ssh-connection method > keyboard-interactive > debug1: attempt 2 failures 1 > debug2: input_userauth_request: try method keyboard-interactive > debug1: keyboard-interactive devs > > Anyone suggest what I'm doing wrong? > > TIA. > > > Peter Harrison. > > > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ssh key authentication problem...
On Thu, Oct 28, 2010 at 02:17:14PM -0700, Chuck Swiger wrote: > Hi-- > > On Oct 28, 2010, at 12:39 PM, Peter Harrison wrote: > > debug1: trying public key file /home/peter/.ssh/authorized_keys > > debug1: fd 4 clearing O_NONBLOCK > > debug3: secure_filename: checking '/usr/home/peter/.ssh' > > debug3: secure_filename: checking '/usr/home/peter' > > debug3: secure_filename: terminating check at '/usr/home/peter' > > debug2: key not found > > It's likely that the permissions to the private key are wrong somewhere in > the path. Something like "chmod go-w / /usr /usr/home /usr/home/peter > /usr/home/peter/.ssh /usr/home/peter/.ssh/id_rsa" is likely to help > > Regards, > -- > -Chuck > You were right that there was a permissions problem in there too. It's sorted now, thanks for the assist. Peter Harrison. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ssh key authentication problem...
On Thu, Oct 28, 2010 at 10:13:12PM +0100, krad wrote: > On 28 October 2010 20:39, Peter Harrison wrote: > > > Can anyone help me debug an ssh key-based authentication problem? > > > > I have an 8.1-R server running sshd, with one user account. On the server, > > I've used ssh-keygen to generate id_rsa and id_rsa.pub. > > > > On my laptop I then pulled the id_rsa.pub file over and: > > > > % cat id_rsa.pub >> .ssh/authorized_keys > > > > Now I try to login from the laptop (also 8.1-R) to the server. It pauses > > for a second and presents me with a 'Password:' prompt, so obviously the key > > authentication isn't working. > > > > He's a debugging chunk from sshd run with '-ddd' flags: > > > > debug1: PAM: initializing for "peter" > > debug1: userauth-request for user peter service ssh-connection method > > publickey > > debug1: attempt 1 failures 0 > > debug2: input_userauth_request: try method publickey > > debug1: test whether pkalg/pkblob are acceptable > > debug3: mm_key_allowed entering > > debug3: mm_request_send entering: type 20 > > debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED > > debug3: mm_request_receive_expect entering: type 21 > > debug3: mm_request_receive entering > > debug1: PAM: setting PAM_RHOST to "192.168.1.4" > > debug2: monitor_read: 45 used once, disabling now > > debug3: mm_request_receive entering > > debug3: monitor_read: checking request 3 > > debug3: mm_answer_authserv: service=ssh-connection, style= > > debug2: monitor_read: 3 used once, disabling now > > debug3: mm_request_receive entering > > debug3: monitor_read: checking request 20 > > debug3: mm_answer_keyallowed entering > > debug3: mm_answer_keyallowed: key_from_blob: 0x286067c0 > > debug1: trying public key file /home/peter/.ssh/authorized_keys > > debug1: fd 4 clearing O_NONBLOCK > > debug3: secure_filename: checking '/usr/home/peter/.ssh' > > debug3: secure_filename: checking '/usr/home/peter' > > debug3: secure_filename: terminating check at '/usr/home/peter' > > debug2: key not found > > debug1: trying public key file /home/peter/.ssh/authorized_keys2 > > Failed publickey for peter from 192.168.1.4 port 43046 ssh2 > > debug3: mm_answer_keyallowed: key 0x286067c0 is not allowed > > debug3: mm_request_send entering: type 21 > > debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa > > debug3: mm_request_receive entering > > debug1: userauth-request for user peter service ssh-connection method > > keyboard-interactive > > debug1: attempt 2 failures 1 > > debug2: input_userauth_request: try method keyboard-interactive > > debug1: keyboard-interactive devs > > > > Anyone suggest what I'm doing wrong? > > > > TIA. > > > > > > Peter Harrison. > > > > > > > > ___ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > > freebsd-questions-unsubscr...@freebsd.org" > > > > > you have the setup the keys the wrong way around by the sound of it. The ssh > server should have the public keys only in the authorized_keys files, and > your client/desktop should have the private keys in your ~/.ssh Now I feel like a right berk. Thanks for putting me on the right track, I have it working now. Regards, Peter Harrison. C C B D Now I feel like a right berk. Thanks I have it sorted and working now. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ssh key authentication problem...
Peter, Have you verified permissions of 700 on .ssh and 640 on authorized_keys and authorized_keys2? If you do not have an authorized_keys2 simply copy the former to that name and give it a go. Cheers, Mikel King _ From: Peter Harrison [mailto:peter.piggy...@virgin.net] To: questi...@freebsd.org Sent: Thu, 28 Oct 2010 15:39:53 -0400 Subject: ssh key authentication problem... Can anyone help me debug an ssh key-based authentication problem? I have an 8.1-R server running sshd, with one user account. On the server, I've used ssh-keygen to generate id_rsa and id_rsa.pub. On my laptop I then pulled the id_rsa.pub file over and: % cat id_rsa.pub >> .ssh/authorized_keys Now I try to login from the laptop (also 8.1-R) to the server. It pauses for a second and presents me with a 'Password:' prompt, so obviously the key authentication isn't working. He's a debugging chunk from sshd run with '-ddd' flags: debug1: PAM: initializing for "peter" debug1: userauth-request for user peter service ssh-connection method publickey debug1: attempt 1 failures 0 debug2: input_userauth_request: try method publickey debug1: test whether pkalg/pkblob are acceptable debug3: mm_key_allowed entering debug3: mm_request_send entering: type 20 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED debug3: mm_request_receive_expect entering: type 21 debug3: mm_request_receive entering debug1: PAM: setting PAM_RHOST to "192.168.1.4" debug2: monitor_read: 45 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 3 debug3: mm_answer_authserv: service=ssh-connection, style= debug2: monitor_read: 3 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 20 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 0x286067c0 debug1: trying public key file /home/peter/.ssh/authorized_keys debug1: fd 4 clearing O_NONBLOCK debug3: secure_filename: checking '/usr/home/peter/.ssh' debug3: secure_filename: checking '/usr/home/peter' debug3: secure_filename: terminating check at '/usr/home/peter' debug2: key not found debug1: trying public key file /home/peter/.ssh/authorized_keys2 Failed publickey for peter from 192.168.1.4 port 43046 ssh2 debug3: mm_answer_keyallowed: key 0x286067c0 is not allowed debug3: mm_request_send entering: type 21 debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa debug3: mm_request_receive entering debug1: userauth-request for user peter service ssh-connection method keyboard-interactive debug1: attempt 2 failures 1 debug2: input_userauth_request: try method keyboard-interactive debug1: keyboard-interactive devs Anyone suggest what I'm doing wrong? TIA. Peter Harrison. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ssh key authentication problem...
Hi-- On Oct 28, 2010, at 12:39 PM, Peter Harrison wrote: > debug1: trying public key file /home/peter/.ssh/authorized_keys > debug1: fd 4 clearing O_NONBLOCK > debug3: secure_filename: checking '/usr/home/peter/.ssh' > debug3: secure_filename: checking '/usr/home/peter' > debug3: secure_filename: terminating check at '/usr/home/peter' > debug2: key not found It's likely that the permissions to the private key are wrong somewhere in the path. Something like "chmod go-w / /usr /usr/home /usr/home/peter /usr/home/peter/.ssh /usr/home/peter/.ssh/id_rsa" is likely to help Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ssh key authentication problem...
On Thu, Oct 28, 2010 at 12:39 PM, Peter Harrison wrote: > Can anyone help me debug an ssh key-based authentication problem? > > I have an 8.1-R server running sshd, with one user account. On the server, > I've used ssh-keygen to generate id_rsa and id_rsa.pub. > > On my laptop I then pulled the id_rsa.pub file over and: > > % cat id_rsa.pub >> .ssh/authorized_keys > i assume you copied it to ~/.ssh/authorized_keys or $HOME/.ssh/authorized_keys? other things worth checking are permissions of ~/.ssh and the files contained in there? man 1 ssh details permissions, but briefly: ~/.ssh/authorized_keys Lists the public keys (RSA/DSA) that can be used for logging in as this user. The format of this file is described in the sshd(8) manual page. This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. it also covers other files as well. HTH -pete -- pete wright www.nycbug.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ssh key authentication problem...
On 28 October 2010 22:13, krad wrote: > > > On 28 October 2010 20:39, Peter Harrison wrote: > >> Can anyone help me debug an ssh key-based authentication problem? >> >> I have an 8.1-R server running sshd, with one user account. On the server, >> I've used ssh-keygen to generate id_rsa and id_rsa.pub. >> >> On my laptop I then pulled the id_rsa.pub file over and: >> >> % cat id_rsa.pub >> .ssh/authorized_keys >> >> Now I try to login from the laptop (also 8.1-R) to the server. It pauses >> for a second and presents me with a 'Password:' prompt, so obviously the key >> authentication isn't working. >> >> He's a debugging chunk from sshd run with '-ddd' flags: >> >> debug1: PAM: initializing for "peter" >> debug1: userauth-request for user peter service ssh-connection method >> publickey >> debug1: attempt 1 failures 0 >> debug2: input_userauth_request: try method publickey >> debug1: test whether pkalg/pkblob are acceptable >> debug3: mm_key_allowed entering >> debug3: mm_request_send entering: type 20 >> debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED >> debug3: mm_request_receive_expect entering: type 21 >> debug3: mm_request_receive entering >> debug1: PAM: setting PAM_RHOST to "192.168.1.4" >> debug2: monitor_read: 45 used once, disabling now >> debug3: mm_request_receive entering >> debug3: monitor_read: checking request 3 >> debug3: mm_answer_authserv: service=ssh-connection, style= >> debug2: monitor_read: 3 used once, disabling now >> debug3: mm_request_receive entering >> debug3: monitor_read: checking request 20 >> debug3: mm_answer_keyallowed entering >> debug3: mm_answer_keyallowed: key_from_blob: 0x286067c0 >> debug1: trying public key file /home/peter/.ssh/authorized_keys >> debug1: fd 4 clearing O_NONBLOCK >> debug3: secure_filename: checking '/usr/home/peter/.ssh' >> debug3: secure_filename: checking '/usr/home/peter' >> debug3: secure_filename: terminating check at '/usr/home/peter' >> debug2: key not found >> debug1: trying public key file /home/peter/.ssh/authorized_keys2 >> Failed publickey for peter from 192.168.1.4 port 43046 ssh2 >> debug3: mm_answer_keyallowed: key 0x286067c0 is not allowed >> debug3: mm_request_send entering: type 21 >> debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa >> debug3: mm_request_receive entering >> debug1: userauth-request for user peter service ssh-connection method >> keyboard-interactive >> debug1: attempt 2 failures 1 >> debug2: input_userauth_request: try method keyboard-interactive >> debug1: keyboard-interactive devs >> >> Anyone suggest what I'm doing wrong? >> >> TIA. >> >> >> Peter Harrison. >> >> >> >> ___ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscr...@freebsd.org" >> > > > you have the setup the keys the wrong way around by the sound of it. The > ssh server should have the public keys only in the authorized_keys files, > and your client/desktop should have the private keys in your ~/.ssh > note the server does have private and public keys, but they are hosts keys not user ones and are stored in /etc/ssh/. You dont normally have to generate these as the rc scripts take card of that on the 1st invocation ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ssh key authentication problem...
You have to do the other way generate at laptop, put in authorized_key at server the public key and then you will be able to ssh to server from laptop using key authorization On Thu, 28 Oct 2010 20:39:53 +0100 Peter Harrison wrote: > Can anyone help me debug an ssh key-based authentication problem? > > I have an 8.1-R server running sshd, with one user account. On the > server, I've used ssh-keygen to generate id_rsa and id_rsa.pub. > > On my laptop I then pulled the id_rsa.pub file over and: > > % cat id_rsa.pub >> .ssh/authorized_keys > > Now I try to login from the laptop (also 8.1-R) to the server. It > pauses for a second and presents me with a 'Password:' prompt, so > obviously the key authentication isn't working. > > He's a debugging chunk from sshd run with '-ddd' flags: > > debug1: PAM: initializing for "peter" > debug1: userauth-request for user peter service ssh-connection method > publickey debug1: attempt 1 failures 0 > debug2: input_userauth_request: try method publickey > debug1: test whether pkalg/pkblob are acceptable > debug3: mm_key_allowed entering > debug3: mm_request_send entering: type 20 > debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED > debug3: mm_request_receive_expect entering: type 21 > debug3: mm_request_receive entering > debug1: PAM: setting PAM_RHOST to "192.168.1.4" > debug2: monitor_read: 45 used once, disabling now > debug3: mm_request_receive entering > debug3: monitor_read: checking request 3 > debug3: mm_answer_authserv: service=ssh-connection, style= > debug2: monitor_read: 3 used once, disabling now > debug3: mm_request_receive entering > debug3: monitor_read: checking request 20 > debug3: mm_answer_keyallowed entering > debug3: mm_answer_keyallowed: key_from_blob: 0x286067c0 > debug1: trying public key file /home/peter/.ssh/authorized_keys > debug1: fd 4 clearing O_NONBLOCK > debug3: secure_filename: checking '/usr/home/peter/.ssh' > debug3: secure_filename: checking '/usr/home/peter' > debug3: secure_filename: terminating check at '/usr/home/peter' > debug2: key not found > debug1: trying public key file /home/peter/.ssh/authorized_keys2 > Failed publickey for peter from 192.168.1.4 port 43046 ssh2 > debug3: mm_answer_keyallowed: key 0x286067c0 is not allowed > debug3: mm_request_send entering: type 21 > debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa > debug3: mm_request_receive entering > debug1: userauth-request for user peter service ssh-connection method > keyboard-interactive debug1: attempt 2 failures 1 > debug2: input_userauth_request: try method keyboard-interactive > debug1: keyboard-interactive devs > > Anyone suggest what I'm doing wrong? > > TIA. > > > Peter Harrison. > > > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ssh key authentication problem...
On 28 October 2010 20:39, Peter Harrison wrote: > Can anyone help me debug an ssh key-based authentication problem? > > I have an 8.1-R server running sshd, with one user account. On the server, > I've used ssh-keygen to generate id_rsa and id_rsa.pub. > > On my laptop I then pulled the id_rsa.pub file over and: > > % cat id_rsa.pub >> .ssh/authorized_keys > > Now I try to login from the laptop (also 8.1-R) to the server. It pauses > for a second and presents me with a 'Password:' prompt, so obviously the key > authentication isn't working. > > He's a debugging chunk from sshd run with '-ddd' flags: > > debug1: PAM: initializing for "peter" > debug1: userauth-request for user peter service ssh-connection method > publickey > debug1: attempt 1 failures 0 > debug2: input_userauth_request: try method publickey > debug1: test whether pkalg/pkblob are acceptable > debug3: mm_key_allowed entering > debug3: mm_request_send entering: type 20 > debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED > debug3: mm_request_receive_expect entering: type 21 > debug3: mm_request_receive entering > debug1: PAM: setting PAM_RHOST to "192.168.1.4" > debug2: monitor_read: 45 used once, disabling now > debug3: mm_request_receive entering > debug3: monitor_read: checking request 3 > debug3: mm_answer_authserv: service=ssh-connection, style= > debug2: monitor_read: 3 used once, disabling now > debug3: mm_request_receive entering > debug3: monitor_read: checking request 20 > debug3: mm_answer_keyallowed entering > debug3: mm_answer_keyallowed: key_from_blob: 0x286067c0 > debug1: trying public key file /home/peter/.ssh/authorized_keys > debug1: fd 4 clearing O_NONBLOCK > debug3: secure_filename: checking '/usr/home/peter/.ssh' > debug3: secure_filename: checking '/usr/home/peter' > debug3: secure_filename: terminating check at '/usr/home/peter' > debug2: key not found > debug1: trying public key file /home/peter/.ssh/authorized_keys2 > Failed publickey for peter from 192.168.1.4 port 43046 ssh2 > debug3: mm_answer_keyallowed: key 0x286067c0 is not allowed > debug3: mm_request_send entering: type 21 > debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa > debug3: mm_request_receive entering > debug1: userauth-request for user peter service ssh-connection method > keyboard-interactive > debug1: attempt 2 failures 1 > debug2: input_userauth_request: try method keyboard-interactive > debug1: keyboard-interactive devs > > Anyone suggest what I'm doing wrong? > > TIA. > > > Peter Harrison. > > > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscr...@freebsd.org" > you have the setup the keys the wrong way around by the sound of it. The ssh server should have the public keys only in the authorized_keys files, and your client/desktop should have the private keys in your ~/.ssh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ssh key authentication problem...
On 10/28/10 3:39 PM, Peter Harrison wrote: Can anyone help me debug an ssh key-based authentication problem? I have an 8.1-R server running sshd, with one user account. On the server, I've used ssh-keygen to generate id_rsa and id_rsa.pub. On my laptop I then pulled the id_rsa.pub file over and: % cat id_rsa.pub>> .ssh/authorized_keys Either I'm having reading comprehension problems, or you've got things backwards. If you're trying to login into the server across the network, the id_rsa.pub file goes into .ssh/authorized_keys file on the server, and the id_rsa file lives on your laptop, all nicely secured with a passphrase in case somebody steals your laptop. --Jon Radel j...@radel.com
ssh key authentication problem...
Can anyone help me debug an ssh key-based authentication problem? I have an 8.1-R server running sshd, with one user account. On the server, I've used ssh-keygen to generate id_rsa and id_rsa.pub. On my laptop I then pulled the id_rsa.pub file over and: % cat id_rsa.pub >> .ssh/authorized_keys Now I try to login from the laptop (also 8.1-R) to the server. It pauses for a second and presents me with a 'Password:' prompt, so obviously the key authentication isn't working. He's a debugging chunk from sshd run with '-ddd' flags: debug1: PAM: initializing for "peter" debug1: userauth-request for user peter service ssh-connection method publickey debug1: attempt 1 failures 0 debug2: input_userauth_request: try method publickey debug1: test whether pkalg/pkblob are acceptable debug3: mm_key_allowed entering debug3: mm_request_send entering: type 20 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED debug3: mm_request_receive_expect entering: type 21 debug3: mm_request_receive entering debug1: PAM: setting PAM_RHOST to "192.168.1.4" debug2: monitor_read: 45 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 3 debug3: mm_answer_authserv: service=ssh-connection, style= debug2: monitor_read: 3 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 20 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 0x286067c0 debug1: trying public key file /home/peter/.ssh/authorized_keys debug1: fd 4 clearing O_NONBLOCK debug3: secure_filename: checking '/usr/home/peter/.ssh' debug3: secure_filename: checking '/usr/home/peter' debug3: secure_filename: terminating check at '/usr/home/peter' debug2: key not found debug1: trying public key file /home/peter/.ssh/authorized_keys2 Failed publickey for peter from 192.168.1.4 port 43046 ssh2 debug3: mm_answer_keyallowed: key 0x286067c0 is not allowed debug3: mm_request_send entering: type 21 debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa debug3: mm_request_receive entering debug1: userauth-request for user peter service ssh-connection method keyboard-interactive debug1: attempt 2 failures 1 debug2: input_userauth_request: try method keyboard-interactive debug1: keyboard-interactive devs Anyone suggest what I'm doing wrong? TIA. Peter Harrison. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"