SSH publickey not working on 11.3?

Greetings,
(moved here from internet/networking, was in the wrong foum)
I am having trouble getting ANY publickey to work against OpenSuse 11.3’s SSHd. I have tried generaating them on Fresh installs of 11.3 as well as on windows, Freebsd, Opensuse 11.1, OpenSuse 11.2, Mac OSX leopard (PPC), and Fedora. None of them work and it falls back to password authentication when trying to connect to a OpenSuse 11.3 SSHd.

sshd -ddd log output:

debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 926
debug2: parse_server_config: config /etc/ssh/sshd_config len 926
debug3: /etc/ssh/sshd_config:13 setting Port 22
debug3: /etc/ssh/sshd_config:14 setting AddressFamily any
debug3: /etc/ssh/sshd_config:19 setting Protocol 2,1
debug3: /etc/ssh/sshd_config:22 setting HostKey /etc/ssh/ssh_host_key
debug3: /etc/ssh/sshd_config:24 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:25 setting HostKey /etc/ssh/ssh_host_dsa_key
debug3: /etc/ssh/sshd_config:33 setting SyslogFacility AUTH
debug3: /etc/ssh/sshd_config:34 setting LogLevel INFO
debug3: /etc/ssh/sshd_config:38 setting LoginGraceTime 2m
debug3: /etc/ssh/sshd_config:39 setting PermitRootLogin no
debug3: /etc/ssh/sshd_config:41 setting MaxAuthTries 6
debug3: /etc/ssh/sshd_config:44 setting RSAAuthentication no
debug3: /etc/ssh/sshd_config:45 setting PubkeyAuthentication yes
debug3: /etc/ssh/sshd_config:46 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:49 setting RhostsRSAAuthentication no
debug3: /etc/ssh/sshd_config:51 setting HostbasedAuthentication no
debug3: /etc/ssh/sshd_config:54 setting IgnoreUserKnownHosts no
debug3: /etc/ssh/sshd_config:56 setting IgnoreRhosts yes
debug3: /etc/ssh/sshd_config:59 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:60 setting PermitEmptyPasswords no
debug3: /etc/ssh/sshd_config:63 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:91 setting UsePAM yes
debug3: /etc/ssh/sshd_config:94 setting AllowTcpForwarding yes
debug3: /etc/ssh/sshd_config:96 setting X11Forwarding no
debug3: /etc/ssh/sshd_config:99 setting PrintMotd yes
debug3: /etc/ssh/sshd_config:100 setting PrintLastLog yes
debug3: /etc/ssh/sshd_config:101 setting TCPKeepAlive yes
debug3: /etc/ssh/sshd_config:105 setting Compression yes
debug3: /etc/ssh/sshd_config:118 setting Subsystem sftp /usr/lib64/ssh/sftp-server
debug3: /etc/ssh/sshd_config:121 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: /etc/ssh/sshd_config:122 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: /etc/ssh/sshd_config:123 setting AcceptEnv LC_IDENTIFICATION LC_ALL
debug1: sshd version OpenSSH_5.4p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Forcing server key to 1152 bits to make it differ from host key.
debug1: rexec_argv[0]=’/usr/sbin/sshd’
debug1: rexec_argv[1]=’-ddd’
debug3: oom_adjust_setup
Set /proc/self/oom_adj from 0 to -17
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
Generating 1152 bit RSA key.
RSA key generation complete.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 926
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from <IP removed> port 59692
debug1: Client protocol version 2.0; client software version OpenSSH_5.4
debug1: match: OpenSSH_5.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_5.4
debug2: fd 3 setting O_NONBLOCK
debug2: Network child is on pid 4334
debug3: preauth child monitor started
debug3: mm_request_receive entering
debug3: privsep user:group 100:101
debug1: permanently_set_uid: 100/101
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug3: mm_request_send entering: type 0
debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
debug3: mm_request_receive_expect entering: type 1
debug3: mm_request_receive entering
debug3: monitor_read: checking request 0
debug3: mm_answer_moduli: got parameters: 1024 1024 8192
debug3: mm_request_send entering: type 1
debug2: monitor_read: 0 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_choose_dh: remaining 0
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug2: dh_gen_key: priv key bits set: 116/256
debug2: bits set: 518/1024
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 518/1024
debug3: mm_key_sign entering
debug3: mm_request_send entering: type 4
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
debug3: mm_request_receive_expect entering: type 5
debug3: mm_request_receive entering
debug3: monitor_read: checking request 4
debug3: mm_answer_sign
debug3: mm_answer_sign: signature 0x7f44ad17dff0(143)
debug3: mm_request_send entering: type 5
debug2: monitor_read: 4 used once, disabling now
debug3: mm_request_receive entering
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user <username> service ssh-connection method none
debug1: attempt 0 failures 0
debug3: mm_getpwnamallow entering
debug3: mm_request_send entering: type 6
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
debug3: mm_request_receive_expect entering: type 7
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_pwnamallow
debug3: Trying to reverse map address <IP removed>.
debug2: parse_server_config: config reprocess config len 926
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: mm_request_receive entering
debug2: input_userauth_request: setting up authctxt for <username>
debug3: mm_start_pam entering
debug3: mm_request_send entering: type 45
debug3: mm_inform_authserv entering
debug3: mm_request_send entering: type 3
debug2: input_userauth_request: try method none
debug1: PAM: initializing for “<username>”
debug3: mm_request_send entering: type 10
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
debug3: mm_request_receive_expect entering: type 11
debug3: mm_request_receive entering
debug1: PAM: setting PAM_RHOST to “<address removed>”
debug1: PAM: setting PAM_TTY to “ssh”
debug2: monitor_read: 45 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 3
debug3: mm_answer_authserv: service=ssh-connection, style=
debug2: monitor_read: 3 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 10
debug3: mm_answer_authpassword: sending result 0
debug3: mm_request_send entering: type 11
Failed none for <username> from <IP removed> port 59692 ssh2
debug3: mm_auth_password: user not authenticated
debug3: mm_request_receive entering
debug1: userauth-request for user <username> service ssh-connection method publickey
debug1: attempt 1 failures 0
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 20
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 21
debug3: mm_request_receive entering
debug3: monitor_read: checking request 20
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x7f44ad18a6c0
debug1: temporarily_use_uid: 1000/100 (e=0/0)
debug1: trying public key file //.ssh/authorized_keys
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 1000/100 (e=0/0)
debug1: trying public key file //.ssh/authorized_keys
debug1: restore_uid: 0/0
Failed publickey for <username> from <IP removed> port 59692 ssh2
debug3: mm_answer_keyallowed: key 0x7f44ad18a6c0 is not allowed
debug3: mm_request_send entering: type 21
debug3: mm_request_receive entering
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
debug1: userauth-request for user <username> service ssh-connection method publickey
debug1: attempt 2 failures 1
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 20
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 21
debug3: mm_request_receive entering
debug3: monitor_read: checking request 20
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x7f44ad18f150
debug1: temporarily_use_uid: 1000/100 (e=0/0)
debug1: trying public key file //.ssh/authorized_keys
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 1000/100 (e=0/0)
debug1: trying public key file //.ssh/authorized_keys
debug1: restore_uid: 0/0
Failed publickey for <username> from <IP removed> port 59692 ssh2
debug3: mm_answer_keyallowed: key 0x7f44ad18f150 is not allowed
debug3: mm_request_send entering: type 21
debug3: mm_request_receive entering
debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss
debug1: userauth-request for user <username> service ssh-connection method password
debug1: attempt 3 failures 2
debug2: input_userauth_request: try method password
debug3: mm_auth_password entering
debug3: mm_request_send entering: type 10
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
debug3: mm_request_receive_expect entering: type 11
debug3: mm_request_receive entering
debug3: monitor_read: checking request 10
debug3: PAM: sshpam_passwd_conv called with 1 messages
debug1: PAM: password authentication failed for <username>: Authentication failure
debug3: mm_answer_authpassword: sending result 0
debug3: mm_request_send entering: type 11

Hi there,

just in short,
could you take a look at the directory the key is in?
I know that it needs some **** permissions, but doesnt no exactly

server$ mkdir ~/.ssh
server$ chmod 700 ~/.ssh
server$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
server$ chmod 600 ~/.ssh/authorized_keys
server$ rm ~/id_rsa.pub

should work,

just an idea :slight_smile:

Greetz Joerg

I have checked permissions.

IF you look at the debug output, there are several lines looking for the authorized_keys file in //.ssh/authorized_keys instead of /home/username/.ssh/authorized_leys . I do not know if this is the issue or not, but it seems to me to be related if nothing else.

Further testing shows that yes, the path to the authorized_keys file is the issue. I do not know how to fix it, but that is the issue.

Debug shows path to file: //.ssh/authorized_keys

It should be: /<path to homedir>/.ssh/authorized_keys
Example: /home/username/.ssh/authorized_keys

Any ideas on h ow to fix this?

Hi again,

could you please post a verbose client output?
I mean the debug output from your ssh user@host

Client side log: ssh -vvv <username>@<hostname>
OpenSSH_5.4p1, OpenSSL 1.0.0 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to <hostname> <ipaddress>] port 22.
debug1: Connection established.
debug3: Not a RSA1 key file /home/<username>/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type ‘-----BEGIN’
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type ‘-----END’
debug3: key_read: missing keytype
debug1: identity file /home/<username>/.ssh/id_rsa type 1
debug1: identity file /home/<username>/.ssh/id_rsa-cert type -1
debug3: Not a RSA1 key file /home/<username>/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type ‘-----BEGIN’
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type ‘-----END’
debug3: key_read: missing keytype
debug1: identity file /home/<username>/.ssh/id_dsa type 2
debug1: identity file /home/<username>/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_5.4
debug1: match: OpenSSH_5.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.4
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 136/256
debug2: bits set: 480/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: host <hostname> filename /home/<username>/.ssh/known_hosts
debug3: check_host_in_hostfile: host <hostname> filename /home/<username>/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 17
debug3: check_host_in_hostfile: host <ipaddress> filename /home/<username>/.ssh/known_hosts
debug3: check_host_in_hostfile: host <ipaddress> filename /home/<username>/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 18
debug1: Host ‘<hostname>’ is known and matches the RSA host key.
debug1: Found key in /home/<username>/.ssh/known_hosts:17
debug2: bits set: 521/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/<username>/.ssh/id_rsa (0xb78680a8)
debug2: key: /home/<username>/.ssh/id_dsa (0xb7862f58)
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/<username>/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/<username>/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password

so, lets summarite a bit

i take a look at the needed permissions
chmod 700 .ssh
chmod 644 .ssh/*
should do it, but i think you already set it,

on the server itself the user path is not taken the right way? But the Client looks in the /home/<user> directory,
i’am pretty sure its just because of the permissions,
there are some strange things in both outputs like

debug1: identity file /home/<username>/.ssh/id_rsa type 1
debug1: identity file /home/<username>/.ssh/id_rsa-cert type -1
debug3: Not a RSA1 key file /home/<username>/.ssh/id_dsa.

or the roaming stuff,

sorry for that but i’am out of ideas

First, the client side works fine to any machine that is NOT running OpenSUSE 11.3. This includes several servers running Opensuse 11.2, as well as Fedora, unbuntu, freebsd, and beos.

I have tried it with a fresh install of Opensuse 11.3 on the server side, and as an upgrade from 11.2. I have tried fresh install of the client side as well. Generated new keys just in case it was a library incompatibility. My old windows workstation won’t even publickey into the opensuse 11.3. Each and every attempt comes up with similar output to my original post. The “SERVER” is not looking for the authorized_keys file in the right place. I have verified this by copying the ~/.ssh directory to /.ssh and things work fine (for one user, due to permissions). It is an issue with the ssh daemon. For some reason it is not seeing/using the username info from the password file to get/use the home directory path.

SOLUTION!

Afterl talking with several people on my local LUG they suggested changing one fo the config options in /etc/ssh/sshd_config.


AuthorizedKeysFile /home/%u/.ssh/authorized_keys  

I don’t know if this is a good solution or not, but it does work.

Oh, ****,
thats something i totally forgotten :slight_smile:

After reading the man pages some more… %h/.ssh/authorized_keys is the correct way.

:slight_smile:

I guess this is stress point to put additional remark in the /etc/ssh/sshd_config
for ex redhat users.
ofcoz, in case that in the error concerning the uncommenting path is fixed.