Public key authentication works for one account, but NOT other account...



Hi,

Public key authentication seems to work for one account but does NOT
work (prompts for password) for another account.
Why might this be?

I have a problem with public key authentication. This all happens on
the same server ("server1") which runs Solaris 10 and OpenSSH 5.3p1.
There are two scenarios. Neither scenario should prompt for password
because I added "jon" account's public key into the
.ssh/authorized_keys file's for both the ndio account and the jon2
account. However, Scenario 1 prompts for password (problem) and
Scenario 2 does NOT prompt for password (good).

Scenario 1 -- prompts for password (problem)
Start as user "jon". Run ssh -v -v -v -Y ndio@server1
this prompts for password

Scenario 2 -- does NOT prompt for password (good)
Start as user "jon". Run ssh -v -v -v -Y jon2@server1
Goes right to command prompt for user jon2

Below is debug output for both cases.
It is clear that public key authentication worked for scenario 2 and
that it did NOT work for scenario 1

But what could be the cause of the problem for scenario 1?

------------------------------------------------------------
Scenario1 - Problem (prompts for password)

<snip>

These messages are identical to the "success" case below..

debug1: Next authentication method: publickey
debug1: Trying private key: /export/home/jon/.ssh/identity
debug3: no such identity: /export/home/jon/.ssh/identity
debug1: Offering public key: /export/home/jon/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 368 bytes for a total of 1477

This is where messages become different than the success case below...
Note that NO messages are left out here. debug3: Wrote 368 ..... msg
is followed by the debug1: Authentications that can continue .... msg.

debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Trying private key: /export/home/jon/.ssh/id_dsa
debug3: no such identity: /export/home/jon/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive


----------------------------------------------------------
Scenario 2 - Good (No prompt for password)

These messages are identical to the failure case above..
<snip>
debug1: Next authentication method: publickey
debug1: Trying private key: /export/home/jon/.ssh/identity
debug3: no such identity: /export/home/jon/.ssh/identity
debug1: Offering public key: /export/home/jon/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 368 bytes for a total of 1477

This is where messages become different than the failure case above.
Note that NO messages are left out here. debug3: Wrote 368 ..... msg
is followed by the debug1: Server accepts key: ... msg.

debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: fp a2:ee:ea:88:cd:8e:c3:c9:c5:63:dd:30:ea:55:93:db
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type RSA
debug3: Wrote 640 bytes for a total of 2117
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@xxxxxxxxxxx
debug1: Entering interactive session.
<snip>
-----------------------------------------------------------------------------------------

End



Relevant Pages