Re: PubkeyAuth disallowed for root only?



Hi all, thanks for all the replies.

Hi Kurt,

thanks for that:

--On 19. April 2007 12:10:03 -0500 kurt heberlein <kurth@xxxxxxxxxxxx> wrote:

Hi Dirk,
- snip -
This disables password as an authentication method for root. I'd try
using ssh -vvv root@wherever first to see why it isnt finding the
expected key.

I did this with two different users.

One standard user without any special rights (for whom pubkeyauth works), and here is what is interesting in the output:
debug3: preferred publickey,keyboard-interactive,password
...
debug1: offering public key: /.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key ..

Trying as root the output looks like this:
debug3: preferred publickey,keyboard-interactive,password
...
debug1: offering public key: /.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey, gssapi-with-mic,password
debug1: Tryping private key: /.ssh/id_dsa
debug3: no such identity: /.ssh/id_dsa ...

If I understand it right, the problem is as follows: ssh tries the rsa pubkey first and does not get any answer from the server, and then would try a dsa pubkey if there were one.
So I generated an additional dsa key on the client and tried again: the same phenomenon. The client sends the public key, but does not get any answer from the server, so it takes the next step and tries password authentication.

I am stuck a bit now. Any idea why the server does not answer to pubkey auth requests when loggin in as root when it accepts these requests from any other user?

Someone suggested setting loglevel to debug in sshd_config. Is this different from running sshd in debug mode? Because this is a production server and we cannot restrict connection amount to one.

Thanks for all your help so far!

Dirk