Secure Shell
Public key authentication works for one account, but NOT other account... Mar 20 2010 12:50AM
Jon Price (jonelwoodprice gmail com) (3 replies)
Re: Public key authentication works for one account, but NOT other account... Mar 22 2010 06:20PM
Zack Payton (zpayton gmail com) (2 replies)
What are the permissions on your home directory for the user that is failing.
Also what are the permissions for ~/.ssh/ of the user that is failing?

If either of these are set to +r or +w, ssh will skip public key and
go to password authentication.

Z

On Fri, Mar 19, 2010 at 5:50 PM, Jon Price <jonelwoodprice (at) gmail (dot) com [email concealed]> wrote:
> Hi,
>
> Public key authentication seems to work for one account but does NOT
> work (prompts for password) for another account.
> Why might this be?
>
> I have a problem with public key authentication.  This all happens on
> the same server ("server1") which runs Solaris 10 and OpenSSH 5.3p1.
> There are two scenarios.  Neither scenario should prompt for password
> because I added "jon" account's public key into the
> .ssh/authorized_keys file's for both the ndio account and the jon2
> account. However, Scenario 1 prompts for password (problem) and
> Scenario 2 does NOT prompt for password (good).
>
> Scenario 1 -- prompts for password (problem)
> Start as user "jon". Run  ssh -v -v -v -Y ndio@server1
>      this prompts for password
>
> Scenario 2 -- does NOT prompt for password (good)
> Start as user "jon". Run  ssh -v -v -v -Y jon2@server1
>      Goes right to command prompt for user jon2
>
> Below is debug output for both cases.
> It is clear that public key authentication worked for scenario 2 and
> that it did NOT work for scenario 1
>
> But what could be the cause of the problem for scenario 1?
>
> ------------------------------------------------------------
> Scenario1 - Problem (prompts for password)
>
> <snip>
>
> These messages are identical to the "success" case below..
>
> debug1: Next authentication method: publickey
> debug1: Trying private key: /export/home/jon/.ssh/identity
> debug3: no such identity: /export/home/jon/.ssh/identity
> debug1: Offering public key: /export/home/jon/.ssh/id_rsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug3: Wrote 368 bytes for a total of 1477
>
> This is where messages become different than the success case below...
> Note that NO messages are left out here. debug3: Wrote 368 ..... msg
> is followed by the debug1: Authentications that can continue .... msg.
>
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: Trying private key: /export/home/jon/.ssh/id_dsa
> debug3: no such identity: /export/home/jon/.ssh/id_dsa
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup keyboard-interactive
> debug3: remaining preferred: password
> debug3: authmethod_is_enabled keyboard-interactive
>
>
> ----------------------------------------------------------
> Scenario 2 - Good (No prompt for password)
>
> These messages are identical to the failure case above..
> <snip>
> debug1: Next authentication method: publickey
> debug1: Trying private key: /export/home/jon/.ssh/identity
> debug3: no such identity: /export/home/jon/.ssh/identity
> debug1: Offering public key: /export/home/jon/.ssh/id_rsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug3: Wrote 368 bytes for a total of 1477
>
> This is where messages become different than the failure case above.
> Note that NO messages are left out here. debug3: Wrote 368 ..... msg
> is followed by the debug1: Server accepts key: ... msg.
>
> debug1: Server accepts key: pkalg ssh-rsa blen 277
> debug2: input_userauth_pk_ok: fp a2:ee:ea:88:cd:8e:c3:c9:c5:63:dd:30:ea:55:93:db
> debug3: sign_and_send_pubkey
> debug1: read PEM private key done: type RSA
> debug3: Wrote 640 bytes for a total of 2117
> debug1: Authentication succeeded (publickey).
> debug1: channel 0: new [client-session]
> debug3: ssh_session2_open: channel_new: 0
> debug2: channel 0: send open
> debug1: Requesting no-more-sessions (at) openssh (dot) com [email concealed]
> debug1: Entering interactive session.
> <snip>
> ------------------------------------------------------------------------
-----------------
>
> End
>

[ reply ]
Re: Public key authentication works for one account, but NOT other account... Mar 23 2010 12:18PM
Greg Wooledge (wooledg eeg ccf org)
Re: Public key authentication works for one account, but NOT other account... Mar 22 2010 06:21PM
Zack Payton (zpayton gmail com)
Re: Public key authentication works for one account, but NOT other account... Mar 22 2010 05:26PM
Dirk H. Schulz (dirk schulz kinzesberg de)
Re: Public key authentication works for one account, but NOT other account... Mar 22 2010 05:02PM
Greg Wooledge (wooledg eeg ccf org)


 

Privacy Statement
Copyright 2010, SecurityFocus