From owner-freebsd-questions@FreeBSD.ORG Sat Jun 14 19:01:12 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 514E71065673 for ; Sat, 14 Jun 2008 19:01:12 +0000 (UTC) (envelope-from peo@intersonic.se) Received: from neonpark.inter-sonic.com (neonpark.inter-sonic.com [212.247.8.98]) by mx1.freebsd.org (Postfix) with ESMTP id 173A18FC17 for ; Sat, 14 Jun 2008 19:01:12 +0000 (UTC) (envelope-from peo@intersonic.se) X-Virus-Scanned: amavisd-new at inter-sonic.com Message-ID: <485412BD.9050403@intersonic.se> Date: Sat, 14 Jun 2008 20:49:33 +0200 From: Per olof Ljungmark Organization: Intersonic AB User-Agent: Thunderbird 2.0.0.12 (X11/20080427) MIME-Version: 1.0 To: Martin McCormick References: <200806141802.m5EI27GF020260@dc.cis.okstate.edu> In-Reply-To: <200806141802.m5EI27GF020260@dc.cis.okstate.edu> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: ssh Public Keys Suddenly Stopped working for one account. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Jun 2008 19:01:12 -0000 Martin McCormick wrote: > We have an account on several FreeBSD systems that is > used for automation. Several systems can talk to each other via > ssh by using public keys so that scripts don't have to hold > passwords. > > Last night, an account that has been working for years > suddenly won't let any of its cyber cohorts in without a > password. > > I bet I accidentally changed something sometime, but I > can't figure out what. > > The public keys hadn't changed since 2005 although > today, I blew them all away and made new ones which still don't > work on this one system but work on all others. > > There is no password expiration timeout (the first thing > I thought of) since the account is several years old. > > All other accounts on this same system with public keys > from their remote partners still work fine. > > The ownership and permissions look right on the account > directory. > > Does this sound familiar and what else am I missing? > > I can telnet in to the account on the localhost via the > usual password which you can't do on an expired account. > > I even did a stupid sort of measure which was to reset > the password to itself and that didn't change anything. > > Many thanks for other suggestions. cat /var/log/auth.log ? --per