ssh2 login with public key - not working
Hi, I have to boxes, both are FreeBSD 6.2 -p7. I did this: [EMAIL PROTECTED]: ssh-keygen -t dsa mv ~/.ssh/id_dsa.pub ~/.ssh/authorized_keys chmod 640 ~/.ssh/authorized_keys scp ~/.ssh/id_dsa [EMAIL PROTECTED]:~/.ssh [EMAIL PROTECTED]: mkdir .ssh cat .ssh/config host mybox hostname box1 identityfile /home/user2/.ssh/id_dsa compression yes cipher blowfish protocol 2 ^D Then I try this: ssh -l user1 mybox but it asks for a password. I also tried this: ssh -v -v -v -l user1 mybox This is what I see (just a part of it): debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /usr/user2/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug1: Host 'box1' is known and matches the DSA host key. debug1: Found key in /usr/user2/.ssh/known_hosts:1 debug2: bits set: 526/1024 debug1: ssh_dss_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /usr/user2/.ssh/id_dsa (0x8032410) debug1: Authentications that can continue: publickey,keyboard-interactive debug3: start over, passed a different list publickey,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /usr/user2/.ssh/id_dsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,keyboard-interactive debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 1 Password: What is the problem? I could do the same with other computers/users without problem. I'm sure that I do something wrong. Thanks, Laszlo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ssh2 login with public key - not working
Laszlo Nagy wrote: Hi, I have to boxes, both are FreeBSD 6.2 -p7. I did this: snip What is the problem? I could do the same with other computers/users without problem. I'm sure that I do something wrong. Thanks, Laszlo Hi Laszlo. Isn't it just a matter of adding PasswordAuthentication no to /etc/ssh/sshd_config? [At the server end, Captain Obvious prompts me.] I'll check one of my old systems later but I think that's it... HtH, Adam J Richardson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ssh2 login with public key - not working
Hi Laszlo. Isn't it just a matter of adding PasswordAuthentication no to /etc/ssh/sshd_config? [At the server end, Captain Obvious prompts me.] I'll check one of my old systems later but I think that's it... Well, I have other users using public keys for logging in so the sshd config must be correct. This is the only user that doesn't work. I can login by typing in the password but I need to login automatically. Best, Laszlo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ssh2 login with public key - not working
Laszlo Nagy wrote: Well, I have other users using public keys for logging in so the sshd config must be correct. This is the only user that doesn't work. I can login by typing in the password but I need to login automatically. Best, Laszlo Well, then perhaps the user is wrongly configured. IIRC, you need to have the file ~/.ssh/authorized_users with your public key in it, so sshd can match it to the private key when you log in. If the file's there on the server, perhaps the client end is misconfigured. Apparently there's no way to feed the key to SSH via command line, you have to be using some sort of key agent. Which is highly annoying IMO, but then you can always use PuTTY instead of ssh. HtH, Adam J Richardson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ssh2 login with public key - not working
On Thu, 30 Aug 2007, Adam J Richardson wrote: Laszlo Nagy wrote: Well, I have other users using public keys for logging in so the sshd config must be correct. This is the only user that doesn't work. I can login by typing in the password but I need to login automatically. Best, Laszlo Well, then perhaps the user is wrongly configured. IIRC, you need to have the file ~/.ssh/authorized_users with your public key in it, so sshd can match it to the private key when you log in. If the file's there on the server, perhaps the client end is misconfigured. Apparently there's no way to feed the key to SSH via command line, you have to be using some sort of key agent. Which is highly annoying IMO, but then you can always use PuTTY instead of ssh. HtH, Adam J Richardson Try using ssh -vv to root-cause the issue. ssh's pretty good about telling you what's wrong with a config. -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ssh2 login with public key - not working
On Thu, Aug 30, 2007 at 06:57:54PM +0200, Laszlo Nagy wrote: Hi Laszlo. Isn't it just a matter of adding PasswordAuthentication no to /etc/ssh/sshd_config? [At the server end, Captain Obvious prompts me.] I'll check one of my old systems later but I think that's it... Well, I have other users using public keys for logging in so the sshd config must be correct. This is the only user that doesn't work. I can login by typing in the password but I need to login automatically. Best, Laszlo Have you checked /var/log/auth.log on machine to which you are trying to connect? Yuri pgpMfGKGptc8S.pgp Description: PGP signature
Re: ssh2 login with public key - not working
Have you checked /var/log/auth.log on machine to which you are trying to connect? It contains nothing except: Aug 30 13:54:19 box1 sshd[8199]: Accepted publickey for user2 from 81.1.19.245 port 54369 ssh2 Now here is what I did: 1. I deleted user2 with rmuser user2, but I did not delete its home directory 2. I re-created the user Now it is working! It was so confusing that I tried another thing. Then I tried this with [EMAIL PROTECTED]: rm -fr /root/.ssh cp ~user2/.ssh /root chown -R root:wheel /root/.ssh chmod 700 /root/.ssh chmod 600 /root/.ssh/* chmod 700 /root ssh -l user1 mybox Same problem - not working. Unfortunately, auth.log on box1 only prints a line when it accepts a public key. There are no auth failures because the problem occurs when ssh tries to determine the type of the authentication. Do you have any idea why the recreation of the user solved the problem? And how it is possible that using exactly the same ssh config, the root user cannot login with a public key? (Obviously, I cannot recreate the root user) Thanks, Laszlo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ssh2 login with public key - not working
Laszlo Nagy wrote: Have you checked /var/log/auth.log on machine to which you are trying to connect? It contains nothing except: Aug 30 13:54:19 box1 sshd[8199]: Accepted publickey for user2 from 81.1.19.245 port 54369 ssh2 Sorry it was: Aug 30 13:54:19 box1 sshd[8199]: Accepted publickey for user1 from 81.1.19.245 port 54369 ssh2 I cannot use real user and host names and I made a mistake here. L ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ssh2 login with public key - not working (solved)
rm -fr /root/.ssh cp ~user2/.ssh /root chown -R root:wheel /root/.ssh chmod 700 /root/.ssh chmod 600 /root/.ssh/* chmod 700 /root ssh -l user1 mybox Problem solved. I forgot to edit /root/.ssh/config I still not sure why user recreation worked, but I don't care anymore. Thank you for all your help! Laszlo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
