>>> On Thu, Jan 26, 2006 at 11:07 am, in message <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote: > Owen Berry wrote: > >>You need to have the private key in the correct place on the local >>machine, or look at using the - i option when calling ssh. If you call >>ssh- keygen without - f it will create the keys in the correct place with >>the correct file names. Or copy the files so it matches: >> >>$ ls ~/.ssh >>authorized_keys config id_dsa id_dsa.pub known_hosts >> >>Also note that the .ssh directory and contents should all only be >>readable by the owner. >> > SSH is actually very picky about that last part. Ensure that on your > local machine, your .ssh/id_dsa is 600 or 400, otherwise ssh will wig > out. Also, make sure that no one has write permissions to the > directory, it should be at most 755. 2755 (setgid on the dir) will > cause it to fail, I've had this bite me more than once. > > You should also know that from the client, if you're unsure what's going > on, you can do `ssh - v remotehost` which will give you some very handy > debugging information. You can also add additional v's, up to 3, but > for debugging authentication method problems the first level of > verbosity is usually sufficient. Also probably overkill for your > situation, but it's sometimes helpful to kill sshd on the remote host, > and run it with the - d flag for debugging. This can help troubleshoot > permissions problems and invalid authentication methods on the server side. > > Good luck with getting things set up! > Aaron S. Joyner
I recreated the public and private keys and named them id_dsa. I verified that they are in the ~/.ssh directory of the local host. I verified perms on the file was 600 and the directory was 750. I copied the .pub key to the remote host and added it to the authorized_keys file. I then did the ssh -v remotehost and was still prompted for a password. This is what I saw in the debug: debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /home/bblater/.ssh/identity debug1: Trying private key: /home/bblater/.ssh/id_rsa debug1: Offering public key: /home/bblater/.ssh/id_dsa debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: keyboard-interactive Password: So, it looks like it is finding the private key and offering it, but I still end up with the password prompt. So, I looked at the /var/log/messages file on the remote host and I'm getting the following: Authentication refused: bad ownership or modes for directory /home/bblater. Checked the perms here and the ~/.ssh directory was set to 750 owner=username, group=username. I changed perms to 700, same problem. So, a little google groups search and I find the option StrictModes no. Set that, restart sshd and it works. If I look at the perms on the remotehost ~/.ssh directory they are as follows: drwx------ 2 bblater bblater 144 2006-01-26 13:04 ./ drwxrwx--- 30 bblater bblater 1408 2006-01-26 13:04 ../ -rw------- 1 bblater bblater 1115 2006-01-26 13:04 authorized_keys -rw-r--r-- 1 bblater bblater 1115 2006-01-26 13:02 id_dsa.pub -rw------- 1 bblater bblater 934 2006-01-12 13:35 known_hosts I guess I'm not sure where the ownership or modes problem is on the directory. Thanks, Brian -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
