Permission denied (publickey) Problem.
From: Andrew McCall (it.andrew.mccall@oldham.gov.uk)Date: 03/28/02
- Next message: Richard E. Silverman: "Re: Permission denied (publickey) Problem."
- Previous message: lyal collins: "Re: PKI and Relying Parties"
- Next in thread: Richard E. Silverman: "Re: Permission denied (publickey) Problem."
- Reply: Richard E. Silverman: "Re: Permission denied (publickey) Problem."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: it.andrew.mccall@oldham.gov.uk (Andrew McCall) Date: 28 Mar 2002 02:25:55 -0800
Hi,
I recently realised that my servers were all set up to allow protocol
1 and PasswordAuthentication, so users were able to conenct to the
server without a key, something I needed to change...
I made a few changes in my /etc/ssh/sshd_config file to try and stop
this, and I was testing this with my own user. The first changes I
made didn't work, the second locked everyone out (!), and the third
changes seemed to work.... for everyone except myself! I generated new
keys, and uploaded them to all my other servers and made the same
change to the other servers sshd_config file, and all the others
servers work fine.
I have tried everything to fix this (my) user on this single server-
everyone else works on this server, and I work on all the other
servers with the same change!.
I have created new keys, deleted my ~/.ssh folder and re-created it,
checked/changed permissions on .ssh/*, changed my real user password.
The only thing I haven't done is deleted the user and recreated it.
Here is the output of the ssh client :
mccall@pc2962:~ > ssh -l mccall -v server
OpenSSH_2.9.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090601f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 500 geteuid 0 anon 1
debug1: Connecting to mercury [10.150.8.45] port 22.
debug1: temporarily_use_uid: 500/100 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 500/100 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/mccall/.ssh/id_rsa type 1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_2.9.9p2
debug1: match: OpenSSH_2.9.9p2 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9.9p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 131/256
debug1: bits set: 1630/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'mercury' is known and matches the RSA host key.
debug1: Found key in /home/mccall/.ssh/known_hosts:1
debug1: bits set: 1578/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey
debug1: next auth method to try is publickey
debug1: try pubkey: /home/mccall/.ssh/id_rsa
debug1: authentications that can continue: publickey
debug1: no more auth methods to try
Permission denied (publickey).
debug1: Calling cleanup 0x8065650(0x0)
Here is the output from the server :
server:/home/mccall/.ssh # /usr/sbin/sshd -d -f /etc/ssh/sshd_config
debug1: Seeding random number generator
debug1: sshd version OpenSSH_2.9.9p2
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Bind to port 22 on 0.0.0.0.
Bind to port 22 on 0.0.0.0 failed: Address already in use.
debug1: Server will not fork when running in debugging mode.
Connection from ::ffff:10.151.10.61 port 10008
debug1: Client protocol version 2.0; client software version
OpenSSH_2.9.9p2
debug1: match: OpenSSH_2.9.9p2 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9.9p2
debug1: Rhosts Authentication disabled, originating port not trusted.
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 135/256
debug1: bits set: 1605/3191
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 1608/3191
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user mccall service ssh-connection method
none
debug1: attempt 0 failures 0
debug1: Starting up PAM with username "mccall"
Could not reverse map address 10.151.10.61.
debug1: PAM setting rhost to "10.151.10.61"
Failed none for mccall from ::ffff:10.151.10.61 port 10008 ssh2
debug1: userauth-request for user mccall service ssh-connection method
publickeydebug1: attempt 1 failures 1
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 512/100 (e=0)
debug1: trying public key file /home/mccall/.ssh/authorized_keys
debug1: restore_uid
debug1: temporarily_use_uid: 512/100 (e=0)
debug1: trying public key file /home/mccall/.ssh/authorized_keys2
Authentication refused: bad ownership or modes for directory
/home/mccall
debug1: restore_uid
Failed publickey for mccall from ::ffff:10.151.10.61 port 10008 ssh2
Connection closed by ::ffff:10.151.10.61
debug1: Calling cleanup 0x8053230(0x0)
debug1: Calling cleanup 0x80698e0(0x0)
Here is the /etc/ssh/sshd_config file :
Port 22
Protocol 2
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging
# Authentication:
LoginGraceTime 600
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# rhosts authentication should not be used
RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in
/etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no
# Uncomment to disable s/key passwords
ChallengeResponseAuthentication no
# Uncomment to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of
'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd yes
#PrintLastLog no
KeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes
Subsystem sftp /usr/lib/ssh/sftp-server
It seems to indicate that my permissions are wrong, but I am *sure*
they are not!
Here are my permissions :
Server side :
server:/home/mccall # ls -la .ssh
total 12
4 drwxr-xr-x 2 mccall users 4096 Mar 27 15:25 .
4 drwxrwxr-x 18 mccall users 4096 Mar 27 15:24 ..
4 -rw-r--r-- 1 mccall users 735 Mar 27 15:25
authorized_keys2
Client side :
mccall@pc2962:~ > ls -la .ssh
total 15
drwx-wx-wx 2 mccall users 110 Mar 27 15:37 .
drwxr-xr-x 24 mccall users 2000 Mar 28 09:14 ..
-rw------- 1 mccall users 3311 Mar 27 14:37 id_rsa
-rw-r--r-- 1 mccall users 735 Mar 27 14:37 id_rsa.pub
-rw-r--r-- 1 mccall users 1447 Mar 27 15:38 known_hosts
Yet, I still get Permission denied when I log in like this :
mccall@pc2962:~/.ssh > ssh -l mccall server
Permission denied (publickey).
Please help if you can, I am sure I have done something really simple
wrong, but can't see it!
Thanks
Andrew McCall
Internet System Administrator
I.C.T. Division
Oldham MBC
Civic Centre
West Street
Oldham
OL1 1UU
Tel : 0161 911 3990
Fax : 0161 911 3998
Email : it.andrew.mccall@oldham.gov.uk
- Next message: Richard E. Silverman: "Re: Permission denied (publickey) Problem."
- Previous message: lyal collins: "Re: PKI and Relying Parties"
- Next in thread: Richard E. Silverman: "Re: Permission denied (publickey) Problem."
- Reply: Richard E. Silverman: "Re: Permission denied (publickey) Problem."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
