Re: OpenSSH_3.5p1 public key authentication fails

From: Zoltan Toth (Zoltan.1.Toth_at_nokia.com)
Date: 07/23/04


Date: Fri, 23 Jul 2004 13:17:13 GMT

In the meantime we figured that changing the permissions to the user's
home directory from 750 to 755 helps...

On Fri, 23 Jul 2004 09:57:15 GMT, Zoltan Toth <Zoltan.1.Toth@nokia.com>
wrote:

> Hi,
>
> We have some Linux machines at the company with NIS set up, thus the
> home directories are mounted automatically at log-in.
> When somebody wants to bypass the password check when logging in from
> one Linux machine to another, basically a kay pair has to be generated
> and the public key has to be put in the authorized_keys2 file.
> It works for most of the guys, but not for some of them. Strange,
> because the setup is the same (private/public key files, permissions,
> etc.)
> Here is the output of the failed authentication, can, some one tell me
> what we did wrong?
>
> Thanks,
>
> Elek
>
> [csatari@bulwp002 csatari]$ ssh -2 -v -v -v bunox003
> OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
> debug1: Reading configuration data /home/csatari/.ssh/config
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Rhosts Authentication disabled, originating port will not be
> trusted.
> debug1: restore_uid
> debug1: ssh_connect: getuid 10144059 geteuid 0 anon 1
> debug1: Connecting to bunox003 [10.211.2.85] port 22.
> debug1: temporarily_use_uid: 10144059/300 (e=0)
> debug1: restore_uid
> debug1: temporarily_use_uid: 10144059/300 (e=0)
> debug1: restore_uid
> debug1: Connection established.
> debug1: read PEM private key done: type DSA
> debug1: read PEM private key done: type RSA
> debug3: Not a RSA1 key file /home/csatari/.ssh/id_rsa.
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug3: key_read: no key found
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug2: key_type_from_name: unknown key type '-----END'
> debug3: key_read: no key found
> debug1: identity file /home/csatari/.ssh/id_rsa type 1
> debug3: Not a RSA1 key file /home/csatari/.ssh/id_dsa.
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug3: key_read: no key found
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug2: key_type_from_name: unknown key type '-----END'
> debug3: key_read: no key found
> debug1: identity file /home/csatari/.ssh/id_dsa type 2
> debug1: Remote protocol version 1.99, remote software version
> OpenSSH_3.1p1
> debug1: match: OpenSSH_3.1p1 pat OpenSSH*
> Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.1p1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none
> debug2: kex_parse_kexinit: none
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: dh_gen_key: priv key bits set: 118/256
> debug1: bits set: 1644/3191
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug3: check_host_in_hostfile: filename /home/csatari/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 2
> debug3: check_host_in_hostfile: filename /home/csatari/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 2
> debug1: Host 'bunox003' is known and matches the RSA host key.
> debug1: Found key in /home/csatari/.ssh/known_hosts:2
> debug1: bits set: 1580/3191
> debug1: ssh_rsa_verify: signature correct
> debug1: kex_derive_keys
> debug1: newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: waiting for SSH2_MSG_NEWKEYS
> debug1: newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: done: ssh_kex2.
> debug1: send SSH2_MSG_SERVICE_REQUEST
> debug1: service_accept: ssh-userauth
> debug1: got SSH2_MSG_SERVICE_ACCEPT
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive
> debug3: start over, passed a different list
> publickey,password,keyboard-interactive
> debug3: preferred publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: next auth method to try is publickey
> debug2: userauth_pubkey_agent: no keys at all
> debug2: userauth_pubkey_agent: no more keys
> debug2: userauth_pubkey_agent: no message sent
> debug1: try pubkey: /home/csatari/.ssh/id_rsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive
> debug2: userauth_pubkey_agent: no more keys
> debug2: userauth_pubkey_agent: no message sent
> debug1: try pubkey: /home/csatari/.ssh/id_dsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive
> debug2: userauth_pubkey_agent: no more keys
> debug2: userauth_pubkey_agent: no message sent
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup keyboard-interactive
> debug3: remaining preferred: password
> debug3: authmethod_is_enabled keyboard-interactive
> debug1: next auth method to try is keyboard-interactive
> debug2: userauth_kbdint
> debug2: we sent a keyboard-interactive packet, wait for reply
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive
> debug3: userauth_kbdint: disable: no info_req_seen
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup password
> debug3: remaining preferred:
> debug3: authmethod_is_enabled password
> debug1: next auth method to try is password

-- 
Using Opera's revolutionary e-mail client: http://www.opera.com/m2/


Relevant Pages