Re: PubkeyAuth disallowed for root only?



Hi all, thanks for all the replies.

Hi Kurt,

thanks for that:

--On 19. April 2007 12:10:03 -0500 kurt heberlein <kurth@xxxxxxxxxxxx> wrote:

Hi Dirk,
- snip -
This disables password as an authentication method for root. I'd try
using ssh -vvv root@wherever first to see why it isnt finding the
expected key.

I did this with two different users.

One standard user without any special rights (for whom pubkeyauth works), and here is what is interesting in the output:
debug3: preferred publickey,keyboard-interactive,password
...
debug1: offering public key: /.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key ..

Trying as root the output looks like this:
debug3: preferred publickey,keyboard-interactive,password
...
debug1: offering public key: /.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey, gssapi-with-mic,password
debug1: Tryping private key: /.ssh/id_dsa
debug3: no such identity: /.ssh/id_dsa ...

If I understand it right, the problem is as follows: ssh tries the rsa pubkey first and does not get any answer from the server, and then would try a dsa pubkey if there were one.
So I generated an additional dsa key on the client and tried again: the same phenomenon. The client sends the public key, but does not get any answer from the server, so it takes the next step and tries password authentication.

I am stuck a bit now. Any idea why the server does not answer to pubkey auth requests when loggin in as root when it accepts these requests from any other user?

Someone suggested setting loglevel to debug in sshd_config. Is this different from running sshd in debug mode? Because this is a production server and we cannot restrict connection amount to one.

Thanks for all your help so far!

Dirk



Relevant Pages

  • Re: problem with HostbasedAuthentication
    ... I may have missed some of the details, so I apologize if this has been covered, but if you want to do a host-based authentication, the SSH config's (client and server). ... debug3: Wrote 48 bytes for a total of 1063 ... debug1: Authentications that can continue: publickey,password,hostbased ...
    (SSH)
  • Re: problem with HostbasedAuthentication
    ... the connection is refused while connecting to server from client: ... debug1: Connecting to server port 22. ... Subject: problem with HostbasedAuthentication ... debug3: Wrote 792 bytes for a total of 831 ...
    (SSH)
  • Re: problem with HostbasedAuthentication
    ... I am now trying to setup a hostbased ssh from server to ... I did the same thing in reverse (now the client becomes ... debug3: Wrote 48 bytes for a total of 1063 ... debug1: Next authentication method: hostbased ...
    (SSH)
  • Re: [SLE] Problems with sshd and pub keys
    ... server. ... authentication can set up via local login passwords, ... depend on what OS the client uses as to the the samba share setup. ... You are using protocol version 1, rsa based pubkey ...
    (SuSE)
  • Re: problem with HostbasedAuthentication
    ... I am now trying to setup a hostbased ssh from server to client. ... debug3: Wrote 48 bytes for a total of 1063 ... Subject: problem with HostbasedAuthentication ...
    (SSH)