SSH key authentication - can only login as root



I have a problem with logging in using keys (on Debian).

Logging from machine CLIENT to SERVER works, but only, if we log in as user root.

Example 1 - login from CLIENT - "checkuser" on SERVER has uid != 0 - doesn't work.
checkuser has UID 1001, just like /home/checkuser/*

$ ssh -l checkuser -i id_rsa 192.168.11.83 -v
(...)
checkuser@xxxxxxxxxxxxxxx's password:

Server log:

Sep 6 11:56:12 thecus sshd[18730]: debug1: Client protocol version 2.0; client software version OpenSSH_4.3
Sep 6 11:56:12 thecus sshd[18730]: debug1: match: OpenSSH_4.3 pat OpenSSH*
Sep 6 11:56:12 thecus sshd[18730]: debug1: Enabling compatibility mode for protocol 2.0
Sep 6 11:56:12 thecus sshd[18730]: debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-3
Sep 6 11:56:13 thecus sshd[18730]: Failed none for checkuser from 192.168.11.81 port 54204 ssh2
Sep 6 11:56:13 thecus sshd[18730]: debug1: temporarily_use_uid: 1001/1001 (e=0/0)
Sep 6 11:56:13 thecus sshd[18730]: debug1: trying public key file /home/checkuser/.ssh/authorized_keys
Sep 6 11:56:13 thecus sshd[18730]: debug1: restore_uid: 0/0
Sep 6 11:56:13 thecus sshd[18730]: debug1: temporarily_use_uid: 1001/1001 (e=0/0)
Sep 6 11:56:13 thecus sshd[18730]: debug1: trying public key file /home/checkuser/.ssh/authorized_keys2
Sep 6 11:56:13 thecus sshd[18730]: debug1: restore_uid: 0/0


Example 2 - login from CLIENT - "checkuser" on SERVER has uid == 0 - works.
checkuser has UID 0, just like /home/checkuser/*

$ ssh -l checkuser -i id_rsa 192.168.11.83 -v
(...)
root@thecus:~#

Server log:

Sep 6 11:54:34 thecus sshd[18688]: debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-3
Sep 6 11:54:35 thecus sshd[18688]: Failed none for checkuser from 192.168.111.181 port 54164 ssh2
Sep 6 11:54:35 thecus sshd[18688]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Sep 6 11:54:35 thecus sshd[18688]: debug1: trying public key file /home/checkuser/.ssh/authorized_keys
Sep 6 11:54:35 thecus sshd[18688]: debug1: matching key found: file /home/checkuser/.ssh/authorized_keys, line 1
Sep 6 11:54:35 thecus sshd[18688]: Found matching RSA key: 70:a6:fc:89:e7:d8:f9:67:e6:86:27:6e:ee:63:61:5e
Sep 6 11:54:35 thecus sshd[18688]: debug1: restore_uid: 0/0
Sep 6 11:54:35 thecus sshd[18688]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Sep 6 11:54:35 thecus sshd[18688]: debug1: trying public key file /home/checkuser/.ssh/authorized_keys
Sep 6 11:54:35 thecus sshd[18688]: debug1: matching key found: file /home/checkuser/.ssh/authorized_keys, line 1
Sep 6 11:54:35 thecus sshd[18688]: Found matching RSA key: 70:a6:fc:89:e7:d8:f9:67:e6:86:27:6e:ee:63:61:5e
Sep 6 11:54:35 thecus sshd[18688]: debug1: restore_uid: 0/0
Sep 6 11:54:35 thecus sshd[18688]: debug1: ssh_rsa_verify: signature correct
Sep 6 11:54:35 thecus sshd[18688]: Accepted publickey for checkuser from 192.168.111.181 port 54164 ssh2
Sep 6 11:54:35 thecus sshd[18688]: debug1: monitor_child_preauth: checkuser has been authenticated by privileged process
Sep 6 11:54:35 thecus sshd[18688]: debug1: Entering interactive session for SSH2.


Unfortunately, I'm unable to debug the problem.
There are no entries in sshd_config which allow/disallow logging in of certain users.


--
Tomasz Chmielewski
http://wpkg.org