Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: SSH publickey not working on 11.3?

  1. #1

    Default SSH publickey not working on 11.3?

    Greetings,
    (moved here from internet/networking, was in the wrong foum)
    I am having trouble getting ANY publickey to work against OpenSuse 11.3's SSHd. I have tried generaating them on Fresh installs of 11.3 as well as on windows, Freebsd, Opensuse 11.1, OpenSuse 11.2, Mac OSX leopard (PPC), and Fedora. None of them work and it falls back to password authentication when trying to connect to a OpenSuse 11.3 SSHd.

    sshd -ddd log output:

    debug2: load_server_config: filename /etc/ssh/sshd_config
    debug2: load_server_config: done config len = 926
    debug2: parse_server_config: config /etc/ssh/sshd_config len 926
    debug3: /etc/ssh/sshd_config:13 setting Port 22
    debug3: /etc/ssh/sshd_config:14 setting AddressFamily any
    debug3: /etc/ssh/sshd_config:19 setting Protocol 2,1
    debug3: /etc/ssh/sshd_config:22 setting HostKey /etc/ssh/ssh_host_key
    debug3: /etc/ssh/sshd_config:24 setting HostKey /etc/ssh/ssh_host_rsa_key
    debug3: /etc/ssh/sshd_config:25 setting HostKey /etc/ssh/ssh_host_dsa_key
    debug3: /etc/ssh/sshd_config:33 setting SyslogFacility AUTH
    debug3: /etc/ssh/sshd_config:34 setting LogLevel INFO
    debug3: /etc/ssh/sshd_config:38 setting LoginGraceTime 2m
    debug3: /etc/ssh/sshd_config:39 setting PermitRootLogin no
    debug3: /etc/ssh/sshd_config:41 setting MaxAuthTries 6
    debug3: /etc/ssh/sshd_config:44 setting RSAAuthentication no
    debug3: /etc/ssh/sshd_config:45 setting PubkeyAuthentication yes
    debug3: /etc/ssh/sshd_config:46 setting AuthorizedKeysFile .ssh/authorized_keys
    debug3: /etc/ssh/sshd_config:49 setting RhostsRSAAuthentication no
    debug3: /etc/ssh/sshd_config:51 setting HostbasedAuthentication no
    debug3: /etc/ssh/sshd_config:54 setting IgnoreUserKnownHosts no
    debug3: /etc/ssh/sshd_config:56 setting IgnoreRhosts yes
    debug3: /etc/ssh/sshd_config:59 setting PasswordAuthentication yes
    debug3: /etc/ssh/sshd_config:60 setting PermitEmptyPasswords no
    debug3: /etc/ssh/sshd_config:63 setting ChallengeResponseAuthentication no
    debug3: /etc/ssh/sshd_config:91 setting UsePAM yes
    debug3: /etc/ssh/sshd_config:94 setting AllowTcpForwarding yes
    debug3: /etc/ssh/sshd_config:96 setting X11Forwarding no
    debug3: /etc/ssh/sshd_config:99 setting PrintMotd yes
    debug3: /etc/ssh/sshd_config:100 setting PrintLastLog yes
    debug3: /etc/ssh/sshd_config:101 setting TCPKeepAlive yes
    debug3: /etc/ssh/sshd_config:105 setting Compression yes
    debug3: /etc/ssh/sshd_config:118 setting Subsystem sftp /usr/lib64/ssh/sftp-server
    debug3: /etc/ssh/sshd_config:121 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
    debug3: /etc/ssh/sshd_config:122 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
    debug3: /etc/ssh/sshd_config:123 setting AcceptEnv LC_IDENTIFICATION LC_ALL
    debug1: sshd version OpenSSH_5.4p1
    debug1: private host key: #0 type 0 RSA1
    debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
    debug1: read PEM private key done: type RSA
    debug1: private host key: #1 type 1 RSA
    debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
    debug1: read PEM private key done: type DSA
    debug1: private host key: #2 type 2 DSA
    debug1: Forcing server key to 1152 bits to make it differ from host key.
    debug1: rexec_argv[0]='/usr/sbin/sshd'
    debug1: rexec_argv[1]='-ddd'
    debug3: oom_adjust_setup
    Set /proc/self/oom_adj from 0 to -17
    debug2: fd 3 setting O_NONBLOCK
    debug1: Bind to port 22 on 0.0.0.0.
    Server listening on 0.0.0.0 port 22.
    debug2: fd 4 setting O_NONBLOCK
    debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
    debug1: Bind to port 22 on ::.
    Server listening on :: port 22.
    Generating 1152 bit RSA key.
    RSA key generation complete.
    debug3: fd 5 is not O_NONBLOCK
    debug1: Server will not fork when running in debugging mode.
    debug3: send_rexec_state: entering fd = 8 config len 926
    debug3: ssh_msg_send: type 0
    debug3: send_rexec_state: done
    debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
    debug1: inetd sockets after dupping: 3, 3
    Connection from <IP removed> port 59692
    debug1: Client protocol version 2.0; client software version OpenSSH_5.4
    debug1: match: OpenSSH_5.4 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-1.99-OpenSSH_5.4
    debug2: fd 3 setting O_NONBLOCK
    debug2: Network child is on pid 4334
    debug3: preauth child monitor started
    debug3: mm_request_receive entering
    debug3: privsep user:group 100:101
    debug1: permanently_set_uid: 100/101
    debug1: list_hostkey_types: ssh-rsa,ssh-dss
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa-cert-v00@openssh.com,ssh-dss...00@openssh.com,ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_setup: found hmac-md5
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug2: mac_setup: found hmac-md5
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
    debug3: mm_request_send entering: type 0
    debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
    debug3: mm_request_receive_expect entering: type 1
    debug3: mm_request_receive entering
    debug3: monitor_read: checking request 0
    debug3: mm_answer_moduli: got parameters: 1024 1024 8192
    debug3: mm_request_send entering: type 1
    debug2: monitor_read: 0 used once, disabling now
    debug3: mm_request_receive entering
    debug3: mm_choose_dh: remaining 0
    debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
    debug2: dh_gen_key: priv key bits set: 116/256
    debug2: bits set: 518/1024
    debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
    debug2: bits set: 518/1024
    debug3: mm_key_sign entering
    debug3: mm_request_send entering: type 4
    debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
    debug3: mm_request_receive_expect entering: type 5
    debug3: mm_request_receive entering
    debug3: monitor_read: checking request 4
    debug3: mm_answer_sign
    debug3: mm_answer_sign: signature 0x7f44ad17dff0(143)
    debug3: mm_request_send entering: type 5
    debug2: monitor_read: 4 used once, disabling now
    debug3: mm_request_receive entering
    debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: KEX done
    debug1: userauth-request for user <username> service ssh-connection method none
    debug1: attempt 0 failures 0
    debug3: mm_getpwnamallow entering
    debug3: mm_request_send entering: type 6
    debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
    debug3: mm_request_receive_expect entering: type 7
    debug3: mm_request_receive entering
    debug3: monitor_read: checking request 6
    debug3: mm_answer_pwnamallow
    debug3: Trying to reverse map address <IP removed>.
    debug2: parse_server_config: config reprocess config len 926
    debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
    debug3: mm_request_send entering: type 7
    debug2: monitor_read: 6 used once, disabling now
    debug3: mm_request_receive entering
    debug2: input_userauth_request: setting up authctxt for <username>
    debug3: mm_start_pam entering
    debug3: mm_request_send entering: type 45
    debug3: mm_inform_authserv entering
    debug3: mm_request_send entering: type 3
    debug2: input_userauth_request: try method none
    debug1: PAM: initializing for "<username>"
    debug3: mm_request_send entering: type 10
    debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
    debug3: mm_request_receive_expect entering: type 11
    debug3: mm_request_receive entering
    debug1: PAM: setting PAM_RHOST to "<address removed>"
    debug1: PAM: setting PAM_TTY to "ssh"
    debug2: monitor_read: 45 used once, disabling now
    debug3: mm_request_receive entering
    debug3: monitor_read: checking request 3
    debug3: mm_answer_authserv: service=ssh-connection, style=
    debug2: monitor_read: 3 used once, disabling now
    debug3: mm_request_receive entering
    debug3: monitor_read: checking request 10
    debug3: mm_answer_authpassword: sending result 0
    debug3: mm_request_send entering: type 11
    Failed none for <username> from <IP removed> port 59692 ssh2
    debug3: mm_auth_password: user not authenticated
    debug3: mm_request_receive entering
    debug1: userauth-request for user <username> service ssh-connection method publickey
    debug1: attempt 1 failures 0
    debug2: input_userauth_request: try method publickey
    debug1: test whether pkalg/pkblob are acceptable
    debug3: mm_key_allowed entering
    debug3: mm_request_send entering: type 20
    debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
    debug3: mm_request_receive_expect entering: type 21
    debug3: mm_request_receive entering
    debug3: monitor_read: checking request 20
    debug3: mm_answer_keyallowed entering
    debug3: mm_answer_keyallowed: key_from_blob: 0x7f44ad18a6c0
    debug1: temporarily_use_uid: 1000/100 (e=0/0)
    debug1: trying public key file //.ssh/authorized_keys
    debug1: restore_uid: 0/0
    debug1: temporarily_use_uid: 1000/100 (e=0/0)
    debug1: trying public key file //.ssh/authorized_keys
    debug1: restore_uid: 0/0
    Failed publickey for <username> from <IP removed> port 59692 ssh2
    debug3: mm_answer_keyallowed: key 0x7f44ad18a6c0 is not allowed
    debug3: mm_request_send entering: type 21
    debug3: mm_request_receive entering
    debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
    debug1: userauth-request for user <username> service ssh-connection method publickey
    debug1: attempt 2 failures 1
    debug2: input_userauth_request: try method publickey
    debug1: test whether pkalg/pkblob are acceptable
    debug3: mm_key_allowed entering
    debug3: mm_request_send entering: type 20
    debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
    debug3: mm_request_receive_expect entering: type 21
    debug3: mm_request_receive entering
    debug3: monitor_read: checking request 20
    debug3: mm_answer_keyallowed entering
    debug3: mm_answer_keyallowed: key_from_blob: 0x7f44ad18f150
    debug1: temporarily_use_uid: 1000/100 (e=0/0)
    debug1: trying public key file //.ssh/authorized_keys
    debug1: restore_uid: 0/0
    debug1: temporarily_use_uid: 1000/100 (e=0/0)
    debug1: trying public key file //.ssh/authorized_keys
    debug1: restore_uid: 0/0
    Failed publickey for <username> from <IP removed> port 59692 ssh2
    debug3: mm_answer_keyallowed: key 0x7f44ad18f150 is not allowed
    debug3: mm_request_send entering: type 21
    debug3: mm_request_receive entering
    debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss
    debug1: userauth-request for user <username> service ssh-connection method password
    debug1: attempt 3 failures 2
    debug2: input_userauth_request: try method password
    debug3: mm_auth_password entering
    debug3: mm_request_send entering: type 10
    debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
    debug3: mm_request_receive_expect entering: type 11
    debug3: mm_request_receive entering
    debug3: monitor_read: checking request 10
    debug3: PAM: sshpam_passwd_conv called with 1 messages
    debug1: PAM: password authentication failed for <username>: Authentication failure
    debug3: mm_answer_authpassword: sending result 0
    debug3: mm_request_send entering: type 11

  2. #2
    Join Date
    Jul 2010
    Location
    Saarland / Germany / Europe
    Posts
    162

    Default Re: SSH publickey not working on 11.3?

    Hi there,

    just in short,
    could you take a look at the directory the key is in?
    I know that it needs some **** permissions, but doesnt no exactly

    server$ mkdir ~/.ssh
    server$ chmod 700 ~/.ssh
    server$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
    server$ chmod 600 ~/.ssh/authorized_keys
    server$ rm ~/id_rsa.pub

    should work,

    just an idea :-)

    Greetz Joerg

  3. #3

    Default Re: SSH publickey not working on 11.3?

    I have checked permissions.

    IF you look at the debug output, there are several lines looking for the authorized_keys file in //.ssh/authorized_keys instead of /home/username/.ssh/authorized_leys . I do not know if this is the issue or not, but it seems to me to be related if nothing else.

  4. #4

    Default Re: SSH publickey not working on 11.3?

    Further testing shows that yes, the path to the authorized_keys file is the issue. I do not know how to fix it, but that is the issue.

    Debug shows path to file: //.ssh/authorized_keys

    It should be: /<path to homedir>/.ssh/authorized_keys
    Example: /home/username/.ssh/authorized_keys

    Any ideas on h ow to fix this?

  5. #5
    Join Date
    Jul 2010
    Location
    Saarland / Germany / Europe
    Posts
    162

    Default Re: SSH publickey not working on 11.3?

    Hi again,

    could you please post a verbose client output?
    I mean the debug output from your ssh user@host

  6. #6

    Default Re: SSH publickey not working on 11.3?

    Client side log: ssh -vvv <username>@<hostname>
    OpenSSH_5.4p1, OpenSSL 1.0.0 29 Mar 2010
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to <hostname> [<ipaddress>] port 22.
    debug1: Connection established.
    debug3: Not a RSA1 key file /home/<username>/.ssh/id_rsa.
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug3: key_read: missing keytype
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug2: key_type_from_name: unknown key type '-----END'
    debug3: key_read: missing keytype
    debug1: identity file /home/<username>/.ssh/id_rsa type 1
    debug1: identity file /home/<username>/.ssh/id_rsa-cert type -1
    debug3: Not a RSA1 key file /home/<username>/.ssh/id_dsa.
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug3: key_read: missing keytype
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug2: key_type_from_name: unknown key type '-----END'
    debug3: key_read: missing keytype
    debug1: identity file /home/<username>/.ssh/id_dsa type 2
    debug1: identity file /home/<username>/.ssh/id_dsa-cert type -1
    debug1: Remote protocol version 1.99, remote software version OpenSSH_5.4
    debug1: match: OpenSSH_5.4 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.4
    debug2: fd 3 setting O_NONBLOCK
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa-cert-v00@openssh.com,ssh-dss...00@openssh.com,ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_setup: found hmac-md5
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug2: mac_setup: found hmac-md5
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug2: dh_gen_key: priv key bits set: 136/256
    debug2: bits set: 480/1024
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug3: check_host_in_hostfile: host <hostname> filename /home/<username>/.ssh/known_hosts
    debug3: check_host_in_hostfile: host <hostname> filename /home/<username>/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 17
    debug3: check_host_in_hostfile: host <ipaddress> filename /home/<username>/.ssh/known_hosts
    debug3: check_host_in_hostfile: host <ipaddress> filename /home/<username>/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 18
    debug1: Host '<hostname>' is known and matches the RSA host key.
    debug1: Found key in /home/<username>/.ssh/known_hosts:17
    debug2: bits set: 521/1024
    debug1: ssh_rsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: Roaming not allowed by server
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /home/<username>/.ssh/id_rsa (0xb78680a8)
    debug2: key: /home/<username>/.ssh/id_dsa (0xb7862f58)
    debug1: Authentications that can continue: publickey,password
    debug3: start over, passed a different list publickey,password
    debug3: preferred publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Offering public key: /home/<username>/.ssh/id_rsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue: publickey,password
    debug1: Offering public key: /home/<username>/.ssh/id_dsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue: publickey,password
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup password
    debug3: remaining preferred: ,password
    debug3: authmethod_is_enabled password
    debug1: Next authentication method: password

  7. #7
    Join Date
    Jul 2010
    Location
    Saarland / Germany / Europe
    Posts
    162

    Default Re: SSH publickey not working on 11.3?

    so, lets summarite a bit

    i take a look at the needed permissions
    chmod 700 .ssh
    chmod 644 .ssh/*
    should do it, but i think you already set it,

    on the server itself the user path is not taken the right way? But the Client looks in the /home/<user> directory,
    i'am pretty sure its just because of the permissions,
    there are some strange things in both outputs like

    debug1: identity file /home/<username>/.ssh/id_rsa type 1
    debug1: identity file /home/<username>/.ssh/id_rsa-cert type -1
    debug3: Not a RSA1 key file /home/<username>/.ssh/id_dsa.

    or the roaming stuff,

    sorry for that but i'am out of ideas

  8. #8

    Default Re: SSH publickey not working on 11.3?

    Quote Originally Posted by johest View Post
    so, lets summarite a bit

    i take a look at the needed permissions
    chmod 700 .ssh
    chmod 644 .ssh/*
    should do it, but i think you already set it,

    on the server itself the user path is not taken the right way? But the Client looks in the /home/<user> directory,
    i'am pretty sure its just because of the permissions,
    there are some strange things in both outputs like

    debug1: identity file /home/<username>/.ssh/id_rsa type 1
    debug1: identity file /home/<username>/.ssh/id_rsa-cert type -1
    debug3: Not a RSA1 key file /home/<username>/.ssh/id_dsa.

    or the roaming stuff,

    sorry for that but i'am out of ideas
    First, the client side works fine to any machine that is NOT running OpenSUSE 11.3. This includes several servers running Opensuse 11.2, as well as Fedora, unbuntu, freebsd, and beos.

    I have tried it with a fresh install of Opensuse 11.3 on the server side, and as an upgrade from 11.2. I have tried fresh install of the client side as well. Generated new keys just in case it was a library incompatibility. My old windows workstation won't even publickey into the opensuse 11.3. Each and every attempt comes up with similar output to my original post. The "SERVER" is not looking for the authorized_keys file in the right place. I have verified this by copying the ~/.ssh directory to /.ssh and things work fine (for one user, due to permissions). It is an issue with the ssh daemon. For some reason it is not seeing/using the username info from the password file to get/use the home directory path.

  9. #9

    Default Re: SSH publickey not working on 11.3?

    SOLUTION!

    Afterl talking with several people on my local LUG they suggested changing one fo the config options in /etc/ssh/sshd_config.

    Code:
    AuthorizedKeysFile /home/%u/.ssh/authorized_keys
    I don't know if this is a good solution or not, but it does work.

  10. #10
    Join Date
    Jul 2010
    Location
    Saarland / Germany / Europe
    Posts
    162

    Default Re: SSH publickey not working on 11.3?

    Oh, ****,
    thats something i totally forgotten :-)

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •