Re: Public key authentication works for one account, but NOT other account...



I'm sorry, +r or +w for everyone or world. Only owner should have +r or +w..


On Mon, Mar 22, 2010 at 11:20 AM, Zack Payton <zpayton@xxxxxxxxx> wrote:
What are the permissions on your home directory for the user that is failing.
Also what are the permissions for ~/.ssh/ of the user that is failing?

If either of these are set to +r or +w, ssh will skip public key and
go to password authentication.

Z

On Fri, Mar 19, 2010 at 5:50 PM, Jon Price <jonelwoodprice@xxxxxxxxx> wrote:
Hi,

Public key authentication seems to work for one account but does NOT
work (prompts for password) for another account.
Why might this be?

I have a problem with public key authentication.  This all happens on
the same server ("server1") which runs Solaris 10 and OpenSSH 5.3p1.
There are two scenarios.  Neither scenario should prompt for password
because I added "jon" account's public key into the
.ssh/authorized_keys file's for both the ndio account and the jon2
account. However, Scenario 1 prompts for password (problem) and
Scenario 2 does NOT prompt for password (good).

Scenario 1 -- prompts for password (problem)
Start as user "jon". Run  ssh -v -v -v -Y ndio@server1
     this prompts for password

Scenario 2 -- does NOT prompt for password (good)
Start as user "jon". Run  ssh -v -v -v -Y jon2@server1
     Goes right to command prompt for user jon2

Below is debug output for both cases.
It is clear that public key authentication worked for scenario 2 and
that it did NOT work for scenario 1

But what could be the cause of the problem for scenario 1?

------------------------------------------------------------
Scenario1 - Problem (prompts for password)

<snip>

These messages are identical to the "success" case below..

debug1: Next authentication method: publickey
debug1: Trying private key: /export/home/jon/.ssh/identity
debug3: no such identity: /export/home/jon/.ssh/identity
debug1: Offering public key: /export/home/jon/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 368 bytes for a total of 1477

This is where messages become different than the success case below...
Note that NO messages are left out here. debug3: Wrote 368 ..... msg
is followed by the debug1: Authentications that can continue .... msg.

debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Trying private key: /export/home/jon/.ssh/id_dsa
debug3: no such identity: /export/home/jon/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive


----------------------------------------------------------
Scenario 2 - Good (No prompt for password)

These messages are identical to the failure case above..
<snip>
debug1: Next authentication method: publickey
debug1: Trying private key: /export/home/jon/.ssh/identity
debug3: no such identity: /export/home/jon/.ssh/identity
debug1: Offering public key: /export/home/jon/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 368 bytes for a total of 1477

This is where messages become different than the failure case above.
Note that NO messages are left out here. debug3: Wrote 368 ..... msg
is followed by the debug1: Server accepts key: ... msg.

debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: fp a2:ee:ea:88:cd:8e:c3:c9:c5:63:dd:30:ea:55:93:db
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type RSA
debug3: Wrote 640 bytes for a total of 2117
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@xxxxxxxxxxx
debug1: Entering interactive session.
<snip>
-----------------------------------------------------------------------------------------

End





Relevant Pages

  • Re: Public key authentication works for one account, but NOT other account...
    ... work (prompts for password) for another account. ... Scenario 1 prompts for password and ... debug3: Wrote 368 bytes for a total of 1477 ... is followed by the debug1: ...
    (SSH)
  • public key auth using exported putty keys.
    ... I have openssh version 3.4p1 on two linux boxes. ... debug1: got SSH2_MSG_SERVICE_ACCEPT ... debug3: preferred publickey,keyboard-interactive,password ... debug3: authmethod_is_enabled publickey ...
    (comp.security.ssh)
  • public key auth using exported putty keys.
    ... I have openssh version 3.4p1 on two linux boxes. ... debug1: got SSH2_MSG_SERVICE_ACCEPT ... debug3: preferred publickey,keyboard-interactive,password ... debug3: authmethod_is_enabled publickey ...
    (comp.security.ssh)
  • multinet public key question
    ... but authentication fails. ... debug1: Connecting to ... ... debug3: key_read: missing keytype ... debug3: authmethod_is_enabled publickey ...
    (comp.os.vms)
  • openssh publickey auth not working any more
    ... I am trying to set up publickey auth. ... debug1: Reading configuration data /etc/ssh_config ... debug3: cipher ok: aes128-cbc ... debug2: kex_parse_kexinit: ...
    (comp.security.ssh)