I've come across an interesting "feature" on the later Ubuntu's - ssh key-based authentication to a target box doesn't appear to work, unless I've logged onto the target box through the GUI (X).
Anyone come across this? Anyone know of a fix? Here's the target box: % cat /etc/issue.net Ubuntu 10.10 Here's me trying to logon to the target box, and I'm not logged on the GUI on the target box: % ssh -v cereza OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010 debug1: Reading configuration data /home/sonia/.ssh/config debug1: Applying options for cereza debug1: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to cereza [10.68.206.77] port 22. debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug1: identity file /home/sonia/.ssh/id_rsa type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: identity file /home/sonia/.ssh/id_rsa-cert type -1 debug1: identity file /home/sonia/.ssh/id_dsa type 2 debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 debug1: identity file /home/sonia/.ssh/id_dsa-cert type -1 debug1: identity file /home/sonia/.ssh/id_ecdsa type -1 debug1: identity file /home/sonia/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-4ubuntu5 debug1: match: OpenSSH_5.5p1 Debian-4ubuntu5 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-1ubuntu3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 [email protected] debug1: kex: client->server aes128-ctr hmac-md5 [email protected] debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA dc:f1:0d:ee:d0:56:b8:64:d5:64:c8:99:ef:00:3d:a7 debug1: Host 'cereza' is known and matches the RSA host key. debug1: Found key in /home/sonia/.ssh/known_hosts:148 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/sonia/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Offering DSA public key: /home/sonia/.ssh/id_dsa debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/sonia/.ssh/id_ecdsa debug1: Next authentication method: password sonia@cereza's password: Then I logon to the GUI of the target box, and hey presto ssh key-auth works from my source box: % ssh cereza Linux cereza 2.6.35-30-generic #56-Ubuntu SMP Mon Jul 11 20:00:22 UTC 2011 i686 GNU/Linux Ubuntu 10.10 Welcome to Ubuntu! * Documentation: https://help.ubuntu.com/ New release 'natty' available. Run 'do-release-upgrade' to upgrade to it. Last login: Tue Aug 23 09:50:38 2011 from zapote.local -- Sonia Hamilton http://soniahamilton.wordpress.com http://www.linkedin.com/in/soniahamilton -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
