Date: Sat, 30 Oct 2010 17:36:28 +0100 From: Peter Harrison <peter.piggybox@virgin.net> To: krad <kraduk@gmail.com> Cc: questions@freebsd.org, Peter Harrison <peter.piggybox@virgin.net> Subject: Re: ssh key authentication problem... Message-ID: <20101030163628.GA1574@laptop.piggybox> In-Reply-To: <AANLkTinZR3F0GwATLHw7RCb6XzVETKT8VBd_oh-Q%2BdaY@mail.gmail.com> References: <20101028193953.GA6922@laptop.piggybox> <AANLkTinZR3F0GwATLHw7RCb6XzVETKT8VBd_oh-Q%2BdaY@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 28, 2010 at 10:13:12PM +0100, krad wrote: > On 28 October 2010 20:39, Peter Harrison <peter.piggybox@virgin.net> wrote: > > > Can anyone help me debug an ssh key-based authentication problem? > > > > I have an 8.1-R server running sshd, with one user account. On the server, > > I've used ssh-keygen to generate id_rsa and id_rsa.pub. > > > > On my laptop I then pulled the id_rsa.pub file over and: > > > > % cat id_rsa.pub >> .ssh/authorized_keys > > > > Now I try to login from the laptop (also 8.1-R) to the server. It pauses > > for a second and presents me with a 'Password:' prompt, so obviously the key > > authentication isn't working. > > > > He's a debugging chunk from sshd run with '-ddd' flags: > > > > debug1: PAM: initializing for "peter" > > debug1: userauth-request for user peter service ssh-connection method > > publickey > > debug1: attempt 1 failures 0 > > debug2: input_userauth_request: try method publickey > > debug1: test whether pkalg/pkblob are acceptable > > debug3: mm_key_allowed entering > > debug3: mm_request_send entering: type 20 > > debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED > > debug3: mm_request_receive_expect entering: type 21 > > debug3: mm_request_receive entering > > debug1: PAM: setting PAM_RHOST to "192.168.1.4" > > debug2: monitor_read: 45 used once, disabling now > > debug3: mm_request_receive entering > > debug3: monitor_read: checking request 3 > > debug3: mm_answer_authserv: service=ssh-connection, style= > > debug2: monitor_read: 3 used once, disabling now > > debug3: mm_request_receive entering > > debug3: monitor_read: checking request 20 > > debug3: mm_answer_keyallowed entering > > debug3: mm_answer_keyallowed: key_from_blob: 0x286067c0 > > debug1: trying public key file /home/peter/.ssh/authorized_keys > > debug1: fd 4 clearing O_NONBLOCK > > debug3: secure_filename: checking '/usr/home/peter/.ssh' > > debug3: secure_filename: checking '/usr/home/peter' > > debug3: secure_filename: terminating check at '/usr/home/peter' > > debug2: key not found > > debug1: trying public key file /home/peter/.ssh/authorized_keys2 > > Failed publickey for peter from 192.168.1.4 port 43046 ssh2 > > debug3: mm_answer_keyallowed: key 0x286067c0 is not allowed > > debug3: mm_request_send entering: type 21 > > debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa > > debug3: mm_request_receive entering > > debug1: userauth-request for user peter service ssh-connection method > > keyboard-interactive > > debug1: attempt 2 failures 1 > > debug2: input_userauth_request: try method keyboard-interactive > > debug1: keyboard-interactive devs > > > > Anyone suggest what I'm doing wrong? > > > > TIA. > > > > > > Peter Harrison. > > > > > > > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > > freebsd-questions-unsubscribe@freebsd.org" > > > > > you have the setup the keys the wrong way around by the sound of it. The ssh > server should have the public keys only in the authorized_keys files, and > your client/desktop should have the private keys in your ~/.ssh Now I feel like a right berk. Thanks for putting me on the right track, I have it working now. Regards, Peter Harrison. C C B D Now I feel like a right berk. Thanks I have it sorted and working now.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101030163628.GA1574>