Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 14 Jun 2008 13:43:28 -0500
From:      Derek Ragona <derek@computinginnovations.com>
To:        Martin McCormick <martin@dc.cis.okstate.edu>, freebsd-questions@freebsd.org
Subject:   Re: ssh Public Keys Suddenly Stopped working for one account.
Message-ID:  <6.0.0.22.2.20080614134055.024997f0@mail.computinginnovations.com>
In-Reply-To: <200806141802.m5EI27GF020260@dc.cis.okstate.edu>
References:  <200806141802.m5EI27GF020260@dc.cis.okstate.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 

At 01:02 PM 6/14/2008, Martin McCormick wrote:
>         We have an account on several FreeBSD systems that is
>used for  automation. Several systems can talk to each other via
>ssh by using public keys so that scripts don't have to hold
>passwords.
>
>         Last night, an account that has been working for years
>suddenly won't let any of its cyber cohorts in without a
>password.
>
>         I bet I accidentally changed something sometime, but I
>can't figure out what.
>
>         The public keys hadn't changed since 2005 although
>today, I blew them all away and made new ones which still don't
>work on this one system but work on all others.
>
>         There is no password expiration timeout (the first thing
>I thought of) since the account is several years old.
>
>         All other accounts on this same system with public keys
>from their remote partners still work fine.
>
>         The ownership and permissions look right on the account
>directory.
>
>         Does this sound familiar and what else am I missing?
>
>         I can telnet in to the account on the localhost via the
>usual password which you can't do on an expired account.
>
>         I even did a stupid sort of measure which was to reset
>the password to itself and that didn't change anything.
>
>         Many thanks for other suggestions.
>
>Martin McCormick WB5AGZ  Stillwater, OK
>Systems Engineer
>OSU Information Technology Department Network Operations Group

If you upgraded one system to a new major version (sometimes point releases 
will cause a problem too) the system will regenerate its keys, so you need 
to then propagate the new keys.  Other than that, if you have a drive error 
causing the key files to not be readable is the only other time I've seen 
this problem.

         -Derek

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.0.22.2.20080614134055.024997f0>