Date: Tue, 26 Aug 2003 18:19:47 -0400 From: "Dave [Hawk-Systems]" <dave@hawk-systems.com> To: <freebsd-questions@freebsd.org> Subject: failed root login with shared ssh key Message-ID: <DBEIKNMKGOBGNDHAAKGNOENADNAC.dave@hawk-systems.com>
next in thread | raw e-mail | index | archive | help
have several FreeBSD servers around all with varrying installs, 4.3 with a number of patches, up to a 4.7 that is relatively new. Some maintenance on the servers that requires root is run from a master server which connects to run the command(s) via SSH. The public key for root@master_server has been distributed out to the ~root/.ssh/authorized_keys file. I am having problems with the 4.7 box in that it will not accept the key authentication, and bounces back to asking for a password to login as root. I cannot log in as root over ssh with a password, but that fine, i don't want or need to. I do need to allow this server to log in using the shared public key to this (and all the servers. Have checked /etc/ssh/sshd_config, and "AllowRootLogin yes" is present, and it pretty much matches the other 4.3 to 4.5 installs. Have checked /etc/ttys, and while all the ttyps do not specifically state secure, neither doe they on the servers that this works fine on. I am sure I am forgetting something stupid, just have not been able to google anything that is pointing me in the right direction. Thanks Dave debug from SSH session (and no, df -k is not the command that requires root) /// server# ssh -v target "df -k" SSH Version OpenSSH_2.3.0 green@FreeBSD.org 20010321, protocol versions 1.5/2.0. Compiled with SSL (0x0090600f). debug: Reading configuration data /etc/ssh/ssh_config debug: ssh_connect: getuid 0 geteuid 0 anon 0 debug: Connecting to target.domain.com [123.456.789.2] port 22. debug: Allocated local port 921. debug: Connection established. debug: Remote protocol version 1.99, remote software version OpenSSH_3.4p1 FreeBSD-20020702 debug: no match: OpenSSH_3.4p1 FreeBSD-20020702 debug: Local version string SSH-1.5-OpenSSH_2.3.0 green@FreeBSD.org 20010321 debug: Waiting for server public key. debug: Received server public key (768 bits) and host key (1024 bits). debug: Host 'target' is known and matches the RSA host key. debug: Encryption type: 3des debug: Sent encrypted session key. debug: Installing crc compensation attack detector. debug: Received encrypted confirmation. debug: Trying RSA authentication with key 'root@server.domain.com' debug: Received RSA challenge from server. debug: Sending response to host key RSA challenge. debug: Remote: RSA authentication accepted. debug: RSA authentication refused. debug: Doing password authentication. root@target's password: Permission denied, please try again. root@target's password:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DBEIKNMKGOBGNDHAAKGNOENADNAC.dave>