Secure Shell
Public key authentication works for one account, but NOT other account... Mar 20 2010 12:50AM
Jon Price (jonelwoodprice gmail com) (3 replies)
Re: Public key authentication works for one account, but NOT other account... Mar 22 2010 06:20PM
Zack Payton (zpayton gmail com) (2 replies)
Re: Public key authentication works for one account, but NOT other account... Mar 23 2010 12:18PM
Greg Wooledge (wooledg eeg ccf org)
Re: Public key authentication works for one account, but NOT other account... Mar 22 2010 06:21PM
Zack Payton (zpayton gmail com)
Re: Public key authentication works for one account, but NOT other account... Mar 22 2010 05:26PM
Dirk H. Schulz (dirk schulz kinzesberg de)
The server seems not to accept the public key it receives in the first
scenario.

You can find out why if you start the sshd with debug level logging
(similar to the -vvv for the client).

One reason could be that the permissions on the home directory of jon2
are wrong; sshd checks if they are safe and if not refuses to read
.ssh/* in that home dir.

Or did you copy authorized_keys from one account to the other and forget
to chown it? I have done so quite a few times. :-(

Dirk

Am 20.03.10 01:50, schrieb Jon Price:
> Hi,
>
> Public key authentication seems to work for one account but does NOT
> work (prompts for password) for another account.
> Why might this be?
>
> I have a problem with public key authentication. This all happens on
> the same server ("server1") which runs Solaris 10 and OpenSSH 5.3p1.
> There are two scenarios. Neither scenario should prompt for password
> because I added "jon" account's public key into the
> .ssh/authorized_keys file's for both the ndio account and the jon2
> account. However, Scenario 1 prompts for password (problem) and
> Scenario 2 does NOT prompt for password (good).
>
> Scenario 1 -- prompts for password (problem)
> Start as user "jon". Run ssh -v -v -v -Y ndio@server1
> this prompts for password
>
> Scenario 2 -- does NOT prompt for password (good)
> Start as user "jon". Run ssh -v -v -v -Y jon2@server1
> Goes right to command prompt for user jon2
>
> Below is debug output for both cases.
> It is clear that public key authentication worked for scenario 2 and
> that it did NOT work for scenario 1
>
> But what could be the cause of the problem for scenario 1?
>
> ------------------------------------------------------------
> Scenario1 - Problem (prompts for password)
>
> <snip>
>
> These messages are identical to the "success" case below..
>
> debug1: Next authentication method: publickey
> debug1: Trying private key: /export/home/jon/.ssh/identity
> debug3: no such identity: /export/home/jon/.ssh/identity
> debug1: Offering public key: /export/home/jon/.ssh/id_rsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug3: Wrote 368 bytes for a total of 1477
>
> This is where messages become different than the success case below...
> Note that NO messages are left out here. debug3: Wrote 368 ..... msg
> is followed by the debug1: Authentications that can continue .... msg.
>
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: Trying private key: /export/home/jon/.ssh/id_dsa
> debug3: no such identity: /export/home/jon/.ssh/id_dsa
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup keyboard-interactive
> debug3: remaining preferred: password
> debug3: authmethod_is_enabled keyboard-interactive
>
>
> ----------------------------------------------------------
> Scenario 2 - Good (No prompt for password)
>
> These messages are identical to the failure case above..
> <snip>
> debug1: Next authentication method: publickey
> debug1: Trying private key: /export/home/jon/.ssh/identity
> debug3: no such identity: /export/home/jon/.ssh/identity
> debug1: Offering public key: /export/home/jon/.ssh/id_rsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug3: Wrote 368 bytes for a total of 1477
>
> This is where messages become different than the failure case above.
> Note that NO messages are left out here. debug3: Wrote 368 ..... msg
> is followed by the debug1: Server accepts key: ... msg.
>
> debug1: Server accepts key: pkalg ssh-rsa blen 277
> debug2: input_userauth_pk_ok: fp a2:ee:ea:88:cd:8e:c3:c9:c5:63:dd:30:ea:55:93:db
> debug3: sign_and_send_pubkey
> debug1: read PEM private key done: type RSA
> debug3: Wrote 640 bytes for a total of 2117
> debug1: Authentication succeeded (publickey).
> debug1: channel 0: new [client-session]
> debug3: ssh_session2_open: channel_new: 0
> debug2: channel 0: send open
> debug1: Requesting no-more-sessions (at) openssh (dot) com [email concealed]
> debug1: Entering interactive session.
> <snip>
> ------------------------------------------------------------------------
-----------------
>
> End
>

[ reply ]
Re: Public key authentication works for one account, but NOT other account... Mar 22 2010 05:02PM
Greg Wooledge (wooledg eeg ccf org)


 

Privacy Statement
Copyright 2010, SecurityFocus