That was a typo in the message. Actually, it looks like the problem might be shadow passwords, but I thought I should be able to connect as myself only. Here's a section from "sshd -d5":
sshd: SSH Secure Shell 3.2.9 on sparc-sun-solaris2.9 debug[29882]: SshHostKeyIO/sshhostkeyio.c:154: Reading private host key from /export/home/jburelba/.ssh2/hostkey debug[29885]: SshUserFile/sshuserfile.c:740: uid = 14823, euid = 14823 debug[29882]: SshUserFiles/sshkeyblob2.c:573: key blob magic = 0x00000000 debug[29886]: SshUserFile/sshuserfile.c:740: uid = 14823, euid = 14823 debug[29882]: SshHostKeyIO/sshhostkeyio.c:165: Key comment: 1024-bit dsa hostkey debug[29882]: SshHostKeyIO/sshhostkeyio.c:194: Reading public host key from /export/home/jburelba/.ssh2/hostkey.pub debug[29882]: SshUserFiles/sshkeyblob2.c:573: key blob magic = 0x00000000 debug[29882]: SshHostKeyIO/sshhostkeyio.c:279: Host key algorithms (from disk): ssh-dss debug[29887]: SshUserFile/sshuserfile.c:740: uid = 14823, euid = 14823 debug[29888debug[]: SshUserFile/sshuserfile.c:740: uid = 14823, euid = 14823 29882]: SshCertEdb/cmi-edb.c:265: EDB: Adding database: ssh.http debug[29882]: SshCertEdb/cmi-edb.c:298: EDB: Removing database: ssh.ldap debug[29882]: SshCertEdb/cmi-edb.c:265: EDB: Adding database: ssh.ldap debug[29882]: SshCertEdb/cmi-edb.c:298: EDB: Removing database: ssh.ldap debug[29882]: SshCertEdb/cmi-edb.c:265: EDB: Adding database: ssh.ldap debug[29882]: SshCertEdb/cmi-edb.c:265: EDB: Adding database: ssh.http debug[29882]: Becoming server. debug[29882]: Creating listener debug[29882]: SshUnixTcp/sshunixtcp.c:800: Making TCP listener debug[29882]: SshUnixTcp/sshunixtcp.c:837: Making IPv4 and IPv6 TCP listeners debug[29882]: Listener created debug[29882]: no udp listener created. debug[29882]: Sshd2/sshd2.c:3300: Trying to create pidfile /var/run/sshd2_2022.pid debug[29882]: Sshd2/sshd2.c:3307: Trying to create pidfile /etc/ssh2/sshd2_2022.pid debug[29882]: Running event loop debug[29882]: SshEventLoop/sshunixeloop.c:934: Starting the event loop. debug[29882]: SshSigChld/sigchld.c:130: SIGCHLD received. debug[29882]: SshSigChld/sigchld.c:130: SIGCHLD received. debug[29882]: Sshd2/sshd2.c:2007: new_connection_callback debug[29882]: Sshd2/sshd2.c:1855: remote hostname is "barcelona". debug[29882]: Sshd2/sshd2.c:1934: Wrapping stream with ssh_server_wrap... debug[29882]: ssh_server_wrap: creating transport protocol debug[29882]: Ssh2Transport/trcommon.c:1968: Setting new keys and algorithms debug[29882]: Ssh2Transport/trcommon.c:1988: Allocating cipher: name: none, key_len: 16. debug[29882]: Ssh2Transport/trcommon.c:1968: Setting new keys and algorithms debug[29882]: Ssh2Transport/trcommon.c:1988: Allocating cipher: name: none, key_len: 16. debug[29882]: Ssh2Transport/trcommon.c:3676: My version: SSH-2.0-3.2.9 SSH Secure Shell debug[29882]: SshAuthMethodServer/sshauthmethods.c:73: Added method "publickey" to candidates. debug[29882]: SshAuthMethodServer/sshauthmethods.c:73: Added "publickey" to usable methods. debug[29882]: SshAuthMethodServer/sshauthmethods.c:73: Added "hostbased" to usable methods. debug[29882]: SshAuthMethodServer/sshauthmethods.c:73: Added "[EMAIL PROTECTED]" to usable methods. debug[29882]: SshAuthMethodServer/sshauthmethods.c:73: Added "password" to usable methods. debug[29882]: SshAuthMethodServer/sshauthmethods.c:73: Added "keyboard-interactive" to usable methods. debug[29882]: ssh_server_wrap: creating userauth protocol debug[29882]: Ssh2Common/sshcommon.c:455: creating SshCommon object debug[29882]: Ssh2Common/sshcommon.c:537: local ip = 165.112.22.230, local port = 2022 debug[29882]: Ssh2Common/sshcommon.c:539: remote ip = 165.112.22.230, remote port = 63548 debug[29882]: Ssh2Common/sshcommon.c:541: initializing channel types and requests debug[29882]: Ssh2Common/sshcommon.c:630: Creating connection protocol. debug[29882]: SshConnection/sshconn.c:1945: Wrapping... debug[29882]: Ssh2Common/sshcommon.c:639: connection protocol created debug[29882]: Sshd2/sshd2.c:1972: done. debug[29882]: new_connection_callback returning debug[29882]: Ssh2Transport/trcommon.c:641: Reading version number. debug[29882]: Remote version: SSH-1.99-3.2.9 SSH Secure Shell debug[29882]: Major: 3 Minor: 2 Revision: 9 debug[29882]: Ssh2Transport/trcommon.c:1045: Constructing the first key exchange packet. debug[29882]: Ssh2Transport/trcommon.c:2578: local kexinit: kex algs = diffie-hellman-group1-sha1 debug[29882]: Ssh2Transport/trcommon.c:2588: local kexinit: host key algs = ssh-dss debug[29882]: Ssh2Transport/trcommon.c:2596: local kexinit: ciphers c to s = aes128-cbc,3des-cbc,twofish128-cbc,cast128-cbc,twofish-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc,arcfour debug[29882]: Ssh2Transport/trcommon.c:2604: local kexinit: ciphers s to c = aes128-cbc,3des-cbc,twofish128-cbc,cast128-cbc,twofish-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc,arcfour debug[29882]: Ssh2Transport/trcommon.c:2610: local kexinit: macs c to s = hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96 debug[29882]: Ssh2Transport/trcommon.c:2616: local kexinit: macs s to c = hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96 debug[29882]: Ssh2Transport/trcommon.c:2622: local kexinit: compressions c to s = none,zlib debug[29882]: Ssh2Transport/trcommon.c:2628: local kexinit: compressions s to c = none,zlib debug[29882]: Ssh2Transport/trcommon.c:2639: local kexinit: first_packet_follows = FALSE debug[29882]: Ssh2Transport/trcommon.c:555: Outgoing empty, sending empty ignore packet. debug[29882]: Ssh2Transport/trcommon.c:1908: Getting a SSH_MSG_KEXINIT packet from connection. debug[29882]: Ssh2Transport/trcommon.c:1908: Getting a SSH_MSG_KEXINIT packet from connection. debug[29882]: Ssh2Transport/trcommon.c:1842: Processing received SSH_MSG_KEXINIT. debug[29882]: Ssh2Transport/trcommon.c:1169: Computing algorithms from key exchange. debug[29882]: Ssh2Transport/trcommon.c:1216: client: kex = diffie-hellman-group1-sha1, hk_alg = ssh-dss,ssh-rsa,x509v3-sign-dss,x509v3-sign-rsa debug[29882]: Ssh2Transport/trcommon.c:1218: server: kex = diffie-hellman-group1-sha1, hk_alg = ssh-dss debug[29882]: Ssh2Transport/trcommon.c:1367: lang s to c: `', lang c to s: `' debug[29882]: Ssh2Transport/trcommon.c:1378: first_kex_packet_follows: TRUE debug[29882]: Ssh2Transport/trcommon.c:1433: c_to_s: cipher aes128-cbc, mac hmac-sha1, compression none debug[29882]: Ssh2Transport/trcommon.c:1436: s_to_c: cipher aes128-cbc, mac hmac-sha1, compression none debug[29882]: Ssh2Transport/trcommon.c:1466: Chosen host key algorithm: ssh-dss, Chosen kex algorithm: diffie-hellman-group1-sha1, Guessed right debug[29882]: Ssh2Transport/trcommon.c:2119: Receiving first key exchange packet. debug[29882]: Ssh2Transport/trcommon.c:2048: Key check finalized. Key is accepted. debug[29882]: Ssh2Transport/trcommon.c:1077: Constructing the second key exchange packet. debug[29882]: Ssh2Compat/ssh2compat.c:89: Private key is not an RSA key, so nothing needs to be done. (type = 'dl-modp') debug[29882]: Ssh2Transport/trcommon.c:555: Outgoing empty, sending empty ignore packet. debug[29882]: Ssh2Transport/trcommon.c:555: Outgoing empty, sending empty ignore packet. debug[29882]: Ssh2Transport/trcommon.c:1968: Setting new keys and algorithms debug[29882]: Ssh2Transport/trcommon.c:1988: Allocating cipher: name: aes128-cbc, key_len: 16. debug[29882]: Ssh2Transport/trcommon.c:2254: Receiving SSH_MSG_NEWKEYS. debug[29882]: Ssh2Transport/trcommon.c:2254: Receiving SSH_MSG_NEWKEYS. debug[29882]: Ssh2Transport/trcommon.c:2254: Receiving SSH_MSG_NEWKEYS. debug[29882]: Ssh2Transport/trcommon.c:1968: Setting new keys and algorithms debug[29882]: Ssh2Transport/trcommon.c:1988: Allocating cipher: name: aes128-cbc, key_len: 16. debug[29882]: Ssh2Transport/trcommon.c:2393: Waiting for a service request packet. debug[29882]: Ssh2Transport/trcommon.c:2393: Waiting for a service request packet. debug[29882]: Ssh2Transport/trcommon.c:2884: BLOCKING: up service accept wait debug[29882]: Ssh2Transport/trcommon.c:555: Outgoing empty, sending empty ignore packet. debug[29882]: Ssh2Transport/trcommon.c:2304: Sending startup packet to application layer. debug[29882]: Ssh2Transport/trcommon.c:2343: Sending algorithms to application layer. debug[29882]: SshUnixUser/sshunixuser.c:408: Can't find jburelba's shadow - access denied. debug[29882]: Sshd2/sshd2.c:1142: user 'jburelba' service 'ssh-connection' client_ip '165.112.22.230' client_port '63548' completed '' debug[29882]: Sshd2/sshd2.c:1195: Number of groups: 2. debug[29882]: Sshd2/sshd2.c:1200: Adding group: eos, 100. debug[29882]: Sshd2/sshd2.c:1200: Adding group: sysadmin, 14. debug[29882]: Sshd2/sshd2.c:1572: output: publickey debug[29882]: Ssh2AuthCommonServer/auths-common.c:414: User jburelba's login is not allowed due to system policy debug[29882]: Ssh2AuthCommonServer/auths-common.c:41: publickey authentication failed. Login to account jburelba not allowed or account non-existent. debug[29882]: Sshd2/sshd2.c:1142: user 'jburelba' service 'ssh-connection' client_ip '165.112.22.230' client_port '63548' completed '' debug[29882]: Sshd2/sshd2.c:1572: output: debug[29882]: Ssh2Transport/trcommon.c:1511: Processing received SSH_MSG_DISCONNECT debug[29882]: Ssh2Transport/trcommon.c:595: Disconnecting: reason code: 14 message: 'No further authentication methods available.' On Mon, Jul 24, 2006 at 11:24:02AM +0200, Nathan Jackson-Eeles scribbled: > Jonathan, > > Don't know whether you fixed this or not, but I've just got round to > reading this post. > > The server is reporting the following to the client: > debug: server offers auth methods ''. > > I would check the syntax of your AllowedAuthentications in your > sshd2_config. > > I'm not sure whether it's just a typo in your mail, but it should > begin with a capital "A": > > AllowedAuthentications publickey > > HTH, > > Nathan > > > > On 5/30/06, Jonathan Burelbach <[EMAIL PROTECTED]> wrote: > >I am trying to setup sshd to run as a non-root user to limit connections > >to and from certain hosts. I'm running ssh.com v3.2.9 on Solaris 9 > >on an e25k and I am able to start sshd as myself, but login using keys > >doesn't work. I've got "allowedAuthentications" set to just "publickey" > >since passwd won't work and authorization and identification files are > >correct since I can login remotely using keys. Any one have any clues? > > > >TIA. > > > >The daemon tells me: > > > > [EMAIL PROTECTED]: ~ 323 -> /usr/local/sbin/sshd -v > > debug[23292]: SshConfig/sshconfig.c:2838: Metaconfig parsing stopped at > > line 3. > > debug[23292]: SshConfig/sshconfig.c:3130: Read 10 params from config > > file. > > sshd: SSH Secure Shell 3.2.9 on sparc-sun-solaris2.9 > > debug[23292]: SshHostKeyIO/sshhostkeyio.c:194: Reading public host key > > from /export/home/jburelba/.ssh2/hostkey.pub > > debug[23292]: SshHostKeyIO/sshhostkeyio.c:279: Host key algorithms (from > > disk): ssh-dss > > debug[23292]: Becoming server. > > debug[23292]: Creating listener > > debug[23292]: Listener created > > debug[23292]: no udp listener created. > > debug[23292]: Running event loop > > debug[23292]: Sshd2/sshd2.c:2007: new_connection_callback > > debug[23292]: Sshd2/sshd2.c:1934: Wrapping stream with ssh_server_wrap... > > debug[23292]: ssh_server_wrap: creating transport protocol > > debug[23292]: Ssh2Transport/trcommon.c:3676: My version: SSH-2.0-3.2.9 > > SSH Secure Shell > > debug[23292]: ssh_server_wrap: creating userauth protocol > > debug[23292]: Ssh2Common/sshcommon.c:537: local ip = 127.0.0.1, local > > port = 2022 > > debug[23292]: Ssh2Common/sshcommon.c:539: remote ip = 127.0.0.1, remote > > port = 58829 > > debug[23292]: SshConnection/sshconn.c:1945: Wrapping... > > debug[23292]: Sshd2/sshd2.c:1972: done. > > debug[23292]: new_connection_callback returning > > debug[23292]: Remote version: SSH-1.99-3.2.9 SSH Secure Shell > > debug[23292]: Major: 3 Minor: 2 Revision: 9 > > debug[23292]: Ssh2Transport/trcommon.c:1367: lang s to c: `', lang c to > > s: `' > > debug[23292]: Ssh2Transport/trcommon.c:1433: c_to_s: cipher aes128-cbc, > > mac hmac-sha1, compression none > > debug[23292]: Ssh2Transport/trcommon.c:1436: s_to_c: cipher aes128-cbc, > > mac hmac-sha1, compression none > > debug[23292]: SshUnixUser/sshunixuser.c:408: Can't find jburelba's > > shadow - access denied. > > debug[23292]: Sshd2/sshd2.c:1142: user 'jburelba' service > > 'ssh-connection' client_ip '127.0.0.1' client_port '58829' completed '' > > debug[23292]: Sshd2/sshd2.c:1195: Number of groups: 2. > > debug[23292]: Sshd2/sshd2.c:1200: Adding group: eos, 100. > > debug[23292]: Sshd2/sshd2.c:1200: Adding group: sysadmin, 14. > > debug[23292]: Sshd2/sshd2.c:1572: output: publickey > > debug[23292]: Ssh2AuthCommonServer/auths-common.c:414: User jburelba's > > login is not allowed due to system policy > > debug[23292]: Ssh2AuthCommonServer/auths-common.c:41: publickey > > authentication failed. Login to account jburelba not allowed or account > > non-existent. > > debug[23292]: Sshd2/sshd2.c:1142: user 'jburelba' service > > 'ssh-connection' client_ip '127.0.0.1' client_port '58829' completed '' > > debug[23292]: Sshd2/sshd2.c:1572: output: > > debug[23292]: Ssh2Common/sshcommon.c:169: DISCONNECT received: No > > further authentication methods available. > > debug[23292]: Sshd2/sshd2.c:366: locally_generated = FALSE > > debug[23292]: Ssh2Common/sshcommon.c:662: Destroying SshCommon object. > > debug[23292]: SshConnection/sshconn.c:1997: Destroying SshConn object. > > > > > >And the client says: > > > > [EMAIL PROTECTED]: ~ 341 -> /usr/local/bin/ssh -v localhost -p 2022 > > debug: SshConfig/sshconfig.c:2838: Metaconfig parsing stopped at line 3. > > debug: SshConfig/sshconfig.c:3130: Read 0 params from config file. > > debug: Ssh2/ssh2.c:1707: User config file not found, using defaults. > > (Looked for '/export/home/jburelba/.ssh2/ssh2_config') > > debug: Connecting to localhost, port 2022... (SOCKS not used) > > debug: Ssh2Transport/trcommon.c:3676: My version: SSH-1.99-3.2.9 SSH > > Secure Shell > > debug: client supports 3 auth methods: > > 'publickey,keyboard-interactive,password' > > debug: Ssh2Common/sshcommon.c:537: local ip = 127.0.0.1, local port = > > 58829 > > debug: Ssh2Common/sshcommon.c:539: remote ip = 127.0.0.1, remote port = > > 2022 > > debug: SshConnection/sshconn.c:1945: Wrapping... > > debug: SshReadLine/sshreadline.c:2427: Initializing ReadLine... > > debug: Remote version: SSH-2.0-3.2.9 SSH Secure Shell > > debug: Major: 3 Minor: 2 Revision: 9 > > debug: Ssh2Transport/trcommon.c:1367: lang s to c: `', lang c to s: `' > > debug: Ssh2Transport/trcommon.c:1433: c_to_s: cipher aes128-cbc, mac > > hmac-sha1, compression none > > debug: Ssh2Transport/trcommon.c:1436: s_to_c: cipher aes128-cbc, mac > > hmac-sha1, compression none > > debug: SshKeyFile/sshkeyfile.c:373: file > > /export/home/jburelba/.ssh2/hostkeys/key_2022_localhost.pub does not > > exist. > > debug: SshKeyFile/sshkeyfile.c:373: file > > /etc/ssh2/hostkeys/key_2022_localhost.pub does not exist. > > Host key not found from database. > > Key fingerprint: > > xuzil-vunov-migug-becur-kehib-zyfob-zedyn-kemeg-kahor-sysyf-muxux > > You can get a public key's fingerprint by running > > % ssh-keygen -F publickey.pub > > on the keyfile. > > Are you sure you want to continue connecting (yes/no)? yes > > Host key saved to > > /export/home/jburelba/.ssh2/hostkeys/key_2022_localhost.pub > > host key for localhost, accepted by jburelba Tue May 30 2006 14:53:05 > > -0500 > > debug: Ssh2Common/sshcommon.c:332: Received SSH_CROSS_STARTUP packet > > from connection protocol. > > debug: Ssh2Common/sshcommon.c:382: Received SSH_CROSS_ALGORITHMS packet > > from connection protocol. > > WARNING ** WARNING ** WARNING ** WARNING ** WARNING > > > > This is a U.S. Government computer system, which may be accessed and used > > only for authorized Government business by authorized personnel. > > Unauthorized access or use of this computer system may subject violators > > to > > criminal, civil, and/or administrative action. All information on this > > computer system may be intercepted, recorded, read, copied, and > > disclosed by > > and to authorized personnel for official purposes, including criminal > > investigations. Such information includes sensitive data encrypted to > > comply > > with confidentiality and privacy requirements. Access or use of this > > computer > > system by any person, whether authorized or unauthorized, constitutes > > consent > > to these terms. There is no right of privacy in this system. > > > > WARNING ** WARNING ** WARNING ** WARNING ** WARNING > > > > > > debug: server offers auth methods 'publickey'. > > debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1794: Starting pubkey auth... > > debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1739: Agent is running, > > asking keys... > > debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1549: Got 3 keys from the > > agent. > > debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1666: adding keyfile > > "/export/home/jburelba/.ssh2/id_dsa_1024_b" to candidates > > debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1666: adding keyfile > > "/export/home/jburelba/.ssh2/id_rsa_2048_a" to candidates > > debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1666: adding keyfile > > "/export/home/jburelba/.ssh2/id_dsa_2048_a" to candidates > > debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1529: Trying 6 key candidates. > > debug: server offers auth methods ''. > > debug: Ssh2Common/sshcommon.c:169: DISCONNECT received: No further > > authentication methods available. > > debug: SshReadLine/sshreadline.c:2485: Uninitializing ReadLine... > > warning: Authentication failed. > > Disconnected; no more authentication methods available (No further > > authentication methods available.). > > debug: Ssh2Common/sshcommon.c:662: Destroying SshCommon object. > > debug: SshConnection/sshconn.c:1997: Destroying SshConn object. > > Exit 78 > > > > > > > >-- > >=========+=========+=========+=========+=========+=========+=========+ > >Jonathan Burelbach [EMAIL PROTECTED] > >Unix Systems Administrator [EMAIL PROTECTED] > >NIH/CIT/DCSS/SOSB;12 South Dr.;Bldg 12B/2N207;Bethesda (301) 496-7372 > > -- =========+=========+=========+=========+=========+=========+=========+ Jonathan Burelbach [EMAIL PROTECTED] Unix Systems Administrator [EMAIL PROTECTED] NIH/CIT/DCSS/SOSB;12 South Dr.;Bldg 12B/2N207;Bethesda (301) 496-7372
