I have what (to me at least) is a very odd ssh key problem. There are three systems, systemA, systemB and systemC. Two users each have an account on all three. Systems B and C both enforce the use of ssh keys (PasswordAuthentication and ChallengeResponseAuthentication both set to 'no').
>From SystemA, both users can "ssh -A systemB" and are logged in successfully via keys. Having logged into SystemB from SystemA as shown above, one user can "ssh -A systemC" and log in successfully; the other user, with the same command, gets "Permission denied (publickey)". >From SystemA, both users can "ssh -A systemC" and are logged in successfully via keys. I cannot understand why the second user cannot login SystemA - SystemB - SystemC while the other user can. I have set the loglevel to DEBUG3 on systemC. The first two lines of the successful login are: debug1: Forked child 5971. Connection from a.b.c.c port 49710 whereas the first two lines of the unsuccessful login are in the opposite order: Connection from a.b.c.c port 49711 debug1: Forked child 5980. Other than that, and the PIDs used, the two logs continue identically: debug1: Client protocol version 2.0; client software version OpenSSH_3.8.1p1 Debian-8.sarge.4 debug1: match: OpenSSH_3.8.1p1 Debian-8.sarge.4 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.4 debug2: Network child is on pid 5981 debug3: preauth child monitor started debug3: mm_request_receive entering debug3: monitor_read: checking request 0 debug3: mm_answer_moduli: got parameters: 1024 1024 8192 debug3: mm_request_send entering: type 1 debug2: monitor_read: 0 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: mm_answer_sign: signature 0x809d838(143) debug3: mm_request_send entering: type 5 debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 6 debug3: mm_answer_pwnamallow debug3: auth_shadow_acctexpired: today 13446 sp_expire -1 days left -13447 debug3: account expiration disabled debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 debug3: mm_request_send entering: type 7 debug2: monitor_read: 6 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 3 debug3: mm_answer_authserv: service=ssh-connection, style= debug2: monitor_read: 3 used once, disabling now debug3: mm_request_receive entering The next (and last) line of the failing login is: debug1: do_cleanup The successful login has many more lines; the next couple are: debug3: monitor_read: checking request 20 debug3: mm_answer_keyallowed entering Can anyone shed any light as to why one user cannot login to SystemC via SystemB? Or even offer any avenues to explore? Thanks, Keith
