Date: Thu, 28 Oct 2010 22:15:56 +0100 From: krad <kraduk@gmail.com> To: Peter Harrison <peter.piggybox@virgin.net> Cc: questions@freebsd.org Subject: Re: ssh key authentication problem... Message-ID: <AANLkTi=kL2m96t-wRJ4o5GEZzt%2BEdQukS5T7u=f8fFxy@mail.gmail.com> In-Reply-To: <AANLkTinZR3F0GwATLHw7RCb6XzVETKT8VBd_oh-Q%2BdaY@mail.gmail.com> References: <20101028193953.GA6922@laptop.piggybox> <AANLkTinZR3F0GwATLHw7RCb6XzVETKT8VBd_oh-Q%2BdaY@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 28 October 2010 22:13, krad <kraduk@gmail.com> wrote: > > > On 28 October 2010 20:39, Peter Harrison <peter.piggybox@virgin.net>wrote: > >> Can anyone help me debug an ssh key-based authentication problem? >> >> I have an 8.1-R server running sshd, with one user account. On the server, >> I've used ssh-keygen to generate id_rsa and id_rsa.pub. >> >> On my laptop I then pulled the id_rsa.pub file over and: >> >> % cat id_rsa.pub >> .ssh/authorized_keys >> >> Now I try to login from the laptop (also 8.1-R) to the server. It pauses >> for a second and presents me with a 'Password:' prompt, so obviously the key >> authentication isn't working. >> >> He's a debugging chunk from sshd run with '-ddd' flags: >> >> debug1: PAM: initializing for "peter" >> debug1: userauth-request for user peter service ssh-connection method >> publickey >> debug1: attempt 1 failures 0 >> debug2: input_userauth_request: try method publickey >> debug1: test whether pkalg/pkblob are acceptable >> debug3: mm_key_allowed entering >> debug3: mm_request_send entering: type 20 >> debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED >> debug3: mm_request_receive_expect entering: type 21 >> debug3: mm_request_receive entering >> debug1: PAM: setting PAM_RHOST to "192.168.1.4" >> debug2: monitor_read: 45 used once, disabling now >> debug3: mm_request_receive entering >> debug3: monitor_read: checking request 3 >> debug3: mm_answer_authserv: service=ssh-connection, style= >> debug2: monitor_read: 3 used once, disabling now >> debug3: mm_request_receive entering >> debug3: monitor_read: checking request 20 >> debug3: mm_answer_keyallowed entering >> debug3: mm_answer_keyallowed: key_from_blob: 0x286067c0 >> debug1: trying public key file /home/peter/.ssh/authorized_keys >> debug1: fd 4 clearing O_NONBLOCK >> debug3: secure_filename: checking '/usr/home/peter/.ssh' >> debug3: secure_filename: checking '/usr/home/peter' >> debug3: secure_filename: terminating check at '/usr/home/peter' >> debug2: key not found >> debug1: trying public key file /home/peter/.ssh/authorized_keys2 >> Failed publickey for peter from 192.168.1.4 port 43046 ssh2 >> debug3: mm_answer_keyallowed: key 0x286067c0 is not allowed >> debug3: mm_request_send entering: type 21 >> debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa >> debug3: mm_request_receive entering >> debug1: userauth-request for user peter service ssh-connection method >> keyboard-interactive >> debug1: attempt 2 failures 1 >> debug2: input_userauth_request: try method keyboard-interactive >> debug1: keyboard-interactive devs >> >> Anyone suggest what I'm doing wrong? >> >> TIA. >> >> >> Peter Harrison. >> >> >> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> > > > you have the setup the keys the wrong way around by the sound of it. The > ssh server should have the public keys only in the authorized_keys files, > and your client/desktop should have the private keys in your ~/.ssh > note the server does have private and public keys, but they are hosts keys not user ones and are stored in /etc/ssh/. You dont normally have to generate these as the rc scripts take card of that on the 1st invocation
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTi=kL2m96t-wRJ4o5GEZzt%2BEdQukS5T7u=f8fFxy>