From owner-freebsd-questions@FreeBSD.ORG Thu Oct 28 21:46:45 2010 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A5B9D106564A for ; Thu, 28 Oct 2010 21:46:45 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-qw0-f54.google.com (mail-qw0-f54.google.com [209.85.216.54]) by mx1.freebsd.org (Postfix) with ESMTP id 55CC18FC13 for ; Thu, 28 Oct 2010 21:46:44 +0000 (UTC) Received: by qwg8 with SMTP id 8so368518qwg.13 for ; Thu, 28 Oct 2010 14:46:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=RnqkF95odT7LfixAGBRg750vDQTfrXcDlCA7XiGzWTE=; b=UW98/FpXDV4FRpzzLagEAQZSQH/whDzariwn/acY0LgpqK/st96uGti21C2HLZP3Mw J0Fpeq4zar8flLGlWW/VjX5yQBoKGYa0D1EpNcIlG01vM+ls2n/EkT+v60mDYsHCLGwZ PAkdkzBGeJO6QUcAeeaqS8mHf5R9bEC3MUbjk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=n3LhJqJBXtbzgnQQ5iBdodkakkN5nnzPDrAXQG1PnVm3g+ySw9sjsD2rLioM46Gz0S l1EmUyvdJMpOSJhEAb8VZ6k7ARutBCHYumft/fpIb6IsJdcSjXRT93OvON56DL8gAFw9 fUREAjNzGvFsBtqLOG18m7fEBNsBpgywI5VpM= MIME-Version: 1.0 Received: by 10.229.35.5 with SMTP id n5mr10400880qcd.175.1288300556359; Thu, 28 Oct 2010 14:15:56 -0700 (PDT) Received: by 10.229.42.12 with HTTP; Thu, 28 Oct 2010 14:15:56 -0700 (PDT) In-Reply-To: References: <20101028193953.GA6922@laptop.piggybox> Date: Thu, 28 Oct 2010 22:15:56 +0100 Message-ID: From: krad To: Peter Harrison Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: questions@freebsd.org Subject: Re: ssh key authentication problem... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Oct 2010 21:46:45 -0000 On 28 October 2010 22:13, krad wrote: > > > On 28 October 2010 20:39, Peter Harrison wrote: > >> Can anyone help me debug an ssh key-based authentication problem? >> >> I have an 8.1-R server running sshd, with one user account. On the server, >> I've used ssh-keygen to generate id_rsa and id_rsa.pub. >> >> On my laptop I then pulled the id_rsa.pub file over and: >> >> % cat id_rsa.pub >> .ssh/authorized_keys >> >> Now I try to login from the laptop (also 8.1-R) to the server. It pauses >> for a second and presents me with a 'Password:' prompt, so obviously the key >> authentication isn't working. >> >> He's a debugging chunk from sshd run with '-ddd' flags: >> >> debug1: PAM: initializing for "peter" >> debug1: userauth-request for user peter service ssh-connection method >> publickey >> debug1: attempt 1 failures 0 >> debug2: input_userauth_request: try method publickey >> debug1: test whether pkalg/pkblob are acceptable >> debug3: mm_key_allowed entering >> debug3: mm_request_send entering: type 20 >> debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED >> debug3: mm_request_receive_expect entering: type 21 >> debug3: mm_request_receive entering >> debug1: PAM: setting PAM_RHOST to "192.168.1.4" >> debug2: monitor_read: 45 used once, disabling now >> debug3: mm_request_receive entering >> debug3: monitor_read: checking request 3 >> debug3: mm_answer_authserv: service=ssh-connection, style= >> debug2: monitor_read: 3 used once, disabling now >> debug3: mm_request_receive entering >> debug3: monitor_read: checking request 20 >> debug3: mm_answer_keyallowed entering >> debug3: mm_answer_keyallowed: key_from_blob: 0x286067c0 >> debug1: trying public key file /home/peter/.ssh/authorized_keys >> debug1: fd 4 clearing O_NONBLOCK >> debug3: secure_filename: checking '/usr/home/peter/.ssh' >> debug3: secure_filename: checking '/usr/home/peter' >> debug3: secure_filename: terminating check at '/usr/home/peter' >> debug2: key not found >> debug1: trying public key file /home/peter/.ssh/authorized_keys2 >> Failed publickey for peter from 192.168.1.4 port 43046 ssh2 >> debug3: mm_answer_keyallowed: key 0x286067c0 is not allowed >> debug3: mm_request_send entering: type 21 >> debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa >> debug3: mm_request_receive entering >> debug1: userauth-request for user peter service ssh-connection method >> keyboard-interactive >> debug1: attempt 2 failures 1 >> debug2: input_userauth_request: try method keyboard-interactive >> debug1: keyboard-interactive devs >> >> Anyone suggest what I'm doing wrong? >> >> TIA. >> >> >> Peter Harrison. >> >> >> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> > > > you have the setup the keys the wrong way around by the sound of it. The > ssh server should have the public keys only in the authorized_keys files, > and your client/desktop should have the private keys in your ~/.ssh > note the server does have private and public keys, but they are hosts keys not user ones and are stored in /etc/ssh/. You dont normally have to generate these as the rc scripts take card of that on the 1st invocation