SSH key authentication - can only login as root

Wed, 06 Sep 2006 10:56:26 -0700 

I have a problem with logging in using keys (on Debian).
Logging from machine CLIENT to SERVER works, but only, if we log in as user root.
Example 1 - login from CLIENT - "checkuser" on SERVER has uid != 0 - doesn't work. 
checkuser has UID 1001, just like /home/checkuser/*

$ ssh -l checkuser -i id_rsa 192.168.11.83 -v
(...)
[EMAIL PROTECTED]'s password:

Server log:
Sep 6 11:56:12 thecus sshd[18730]: debug1: Client protocol version 2.0; client software version OpenSSH_4.3 
Sep  6 11:56:12 thecus sshd[18730]: debug1: match: OpenSSH_4.3 pat OpenSSH*
Sep 6 11:56:12 thecus sshd[18730]: debug1: Enabling compatibility mode for protocol 2.0 Sep 6 11:56:12 thecus sshd[18730]: debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-3 Sep 6 11:56:13 thecus sshd[18730]: Failed none for checkuser from 192.168.11.81 port 54204 ssh2 Sep 6 11:56:13 thecus sshd[18730]: debug1: temporarily_use_uid: 1001/1001 (e=0/0) Sep 6 11:56:13 thecus sshd[18730]: debug1: trying public key file /home/checkuser/.ssh/authorized_keys 
Sep  6 11:56:13 thecus sshd[18730]: debug1: restore_uid: 0/0
Sep 6 11:56:13 thecus sshd[18730]: debug1: temporarily_use_uid: 1001/1001 (e=0/0) Sep 6 11:56:13 thecus sshd[18730]: debug1: trying public key file /home/checkuser/.ssh/authorized_keys2 
Sep  6 11:56:13 thecus sshd[18730]: debug1: restore_uid: 0/0


Example 2 - login from CLIENT - "checkuser" on SERVER has uid == 0 - works.
checkuser has UID 0, just like /home/checkuser/*

$ ssh -l checkuser -i id_rsa 192.168.11.83 -v
(...)
[EMAIL PROTECTED]:~#

Server log:
Sep 6 11:54:34 thecus sshd[18688]: debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-3 Sep 6 11:54:35 thecus sshd[18688]: Failed none for checkuser from 192.168.111.181 port 54164 ssh2 
Sep  6 11:54:35 thecus sshd[18688]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Sep 6 11:54:35 thecus sshd[18688]: debug1: trying public key file /home/checkuser/.ssh/authorized_keys Sep 6 11:54:35 thecus sshd[18688]: debug1: matching key found: file /home/checkuser/.ssh/authorized_keys, line 1 Sep 6 11:54:35 thecus sshd[18688]: Found matching RSA key: 70:a6:fc:89:e7:d8:f9:67:e6:86:27:6e:ee:63:61:5e 
Sep  6 11:54:35 thecus sshd[18688]: debug1: restore_uid: 0/0
Sep  6 11:54:35 thecus sshd[18688]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Sep 6 11:54:35 thecus sshd[18688]: debug1: trying public key file /home/checkuser/.ssh/authorized_keys Sep 6 11:54:35 thecus sshd[18688]: debug1: matching key found: file /home/checkuser/.ssh/authorized_keys, line 1 Sep 6 11:54:35 thecus sshd[18688]: Found matching RSA key: 70:a6:fc:89:e7:d8:f9:67:e6:86:27:6e:ee:63:61:5e 
Sep  6 11:54:35 thecus sshd[18688]: debug1: restore_uid: 0/0
Sep 6 11:54:35 thecus sshd[18688]: debug1: ssh_rsa_verify: signature correct Sep 6 11:54:35 thecus sshd[18688]: Accepted publickey for checkuser from 192.168.111.181 port 54164 ssh2 Sep 6 11:54:35 thecus sshd[18688]: debug1: monitor_child_preauth: checkuser has been authenticated by privileged process Sep 6 11:54:35 thecus sshd[18688]: debug1: Entering interactive session for SSH2. 


Unfortunately, I'm unable to debug the problem.
There are no entries in sshd_config which allow/disallow logging in of certain users. 


--
Tomasz Chmielewski
http://wpkg.org

Reply via email to