From owner-freebsd-questions@FreeBSD.ORG Sat Oct 30 16:39:50 2010 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 39E221065675 for ; Sat, 30 Oct 2010 16:39:50 +0000 (UTC) (envelope-from peter.piggybox@virgin.net) Received: from mtaout02-winn.ispmail.ntl.com (mtaout02-winn.ispmail.ntl.com [81.103.221.48]) by mx1.freebsd.org (Postfix) with ESMTP id B7DA38FC1F for ; Sat, 30 Oct 2010 16:39:49 +0000 (UTC) Received: from know-smtpout-4.server.virginmedia.net ([62.254.123.4]) by mtaout02-winn.ispmail.ntl.com (InterMail vM.7.08.04.00 201-2186-134-20080326) with ESMTP id <20101030163948.KRBQ7723.mtaout02-winn.ispmail.ntl.com@know-smtpout-4.server.virginmedia.net>; Sat, 30 Oct 2010 17:39:48 +0100 Received: from [86.25.233.137] (helo=laptop.piggybox) by know-smtpout-4.server.virginmedia.net with esmtp (Exim 4.63) (envelope-from ) id 1PCET5-0006GA-T2; Sat, 30 Oct 2010 17:39:47 +0100 Received: from laptop.piggybox (localhost.piggybox [127.0.0.1]) by laptop.piggybox (8.14.4/8.14.3) with ESMTP id o9UGdmVQ001602; Sat, 30 Oct 2010 17:39:48 +0100 (BST) (envelope-from peter@laptop.piggybox) Received: (from peter@localhost) by laptop.piggybox (8.14.4/8.14.4/Submit) id o9UGdmbg001601; Sat, 30 Oct 2010 17:39:48 +0100 (BST) (envelope-from peter) Date: Sat, 30 Oct 2010 17:39:48 +0100 From: Peter Harrison To: Mikel King Message-ID: <20101030163948.GD1574@laptop.piggybox> References: <20101029021841.75c4f546@mail.olivent.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20101029021841.75c4f546@mail.olivent.com> User-Agent: Mutt/1.4.2.3i X-Cloudmark-Analysis: v=1.1 cv=DhNl2YeytwJssBBGe49HJX82LNDFEEVkpVB34RXKaPo= c=1 sm=0 a=t7WY7uOb184A:10 a=kj9zAlcOel0A:10 a=8RloEfZUAAAA:8 a=6I5d2MoRAAAA:8 a=aLbbBaIXQrm_4vzk6B0A:9 a=6xhALSOyc5w42OV5iSUA:7 a=qNN_9A8yvJ0kGQlywj-yfGNk3IcA:4 a=CjuIK1q_8ugA:10 a=O58u2wXj750A:10 a=SV7veod9ZcQA:10 a=HpAAvcLHHh0Zw7uRqdWCyQ==:117 Cc: questions@freebsd.org, Peter Harrison Subject: Re: ssh key authentication problem... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Oct 2010 16:39:50 -0000 On Thu, Oct 28, 2010 at 10:18:41PM -0400, Mikel King wrote: > Peter, > > Have you verified permissions of 700 on .ssh and 640 on authorized_keys and authorized_keys2? If you do not have an authorized_keys2 simply copy the former to that name and give it a go. > > Cheers, > Mikel King Mikel - you were right I didn't have the permission correct, but it doesn't work if I have it set to anything other than 0600 for authorized_keys? Thanks for the help. Peter Harrison. > > _____ > > From: Peter Harrison [mailto:peter.piggybox@virgin.net] > To: questions@freebsd.org > Sent: Thu, 28 Oct 2010 15:39:53 -0400 > Subject: ssh key authentication problem... > > Can anyone help me debug an ssh key-based authentication problem? > > I have an 8.1-R server running sshd, with one user account. On the server, I've used ssh-keygen to generate id_rsa and id_rsa.pub. > > On my laptop I then pulled the id_rsa.pub file over and: > > % cat id_rsa.pub >> .ssh/authorized_keys > > Now I try to login from the laptop (also 8.1-R) to the server. It pauses for a second and presents me with a 'Password:' prompt, so obviously the key authentication isn't working. > > He's a debugging chunk from sshd run with '-ddd' flags: > > debug1: PAM: initializing for "peter" > debug1: userauth-request for user peter service ssh-connection method publickey > debug1: attempt 1 failures 0 > debug2: input_userauth_request: try method publickey > debug1: test whether pkalg/pkblob are acceptable > debug3: mm_key_allowed entering > debug3: mm_request_send entering: type 20 > debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED > debug3: mm_request_receive_expect entering: type 21 > debug3: mm_request_receive entering > debug1: PAM: setting PAM_RHOST to "192.168.1.4" > debug2: monitor_read: 45 used once, disabling now > debug3: mm_request_receive entering > debug3: monitor_read: checking request 3 > debug3: mm_answer_authserv: service=ssh-connection, style= > debug2: monitor_read: 3 used once, disabling now > debug3: mm_request_receive entering > debug3: monitor_read: checking request 20 > debug3: mm_answer_keyallowed entering > debug3: mm_answer_keyallowed: key_from_blob: 0x286067c0 > debug1: trying public key file /home/peter/.ssh/authorized_keys > debug1: fd 4 clearing O_NONBLOCK > debug3: secure_filename: checking '/usr/home/peter/.ssh' > debug3: secure_filename: checking '/usr/home/peter' > debug3: secure_filename: terminating check at '/usr/home/peter' > debug2: key not found > debug1: trying public key file /home/peter/.ssh/authorized_keys2 > Failed publickey for peter from 192.168.1.4 port 43046 ssh2 > debug3: mm_answer_keyallowed: key 0x286067c0 is not allowed > debug3: mm_request_send entering: type 21 > debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa > debug3: mm_request_receive entering > debug1: userauth-request for user peter service ssh-connection method keyboard-interactive > debug1: attempt 2 failures 1 > debug2: input_userauth_request: try method keyboard-interactive > debug1: keyboard-interactive devs > > Anyone suggest what I'm doing wrong? > > TIA. > > > Peter Harrison. > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >