Re: Public Key Authentication Fails

From: Robin Strahan (noprobsucd_at_hotmail.com)
Date: 10/28/04

• Next message: NNTP: "openssl decrypted private key"
• Previous message: h.wulff: "Re: Mount ssh in Windows as a Device"
• In reply to: Robin Strahan: "Re: Public Key Authentication Fails"
• Next in thread: Bjørn Augestad: "Re: Public Key Authentication Fails"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 28 Oct 2004 09:53:24 +0100

Got it working!

:-)

file permissions were set wrong.

On remote server i did:
chmod 755 .ssh
chmod 644 authorized_keys

on local machine i did:
chmod 755 .ssh

And it worked!

thanks for the help guys!

Robin
"Robin Strahan" <noprobsucd@hotmail.com> wrote in message
news:newscache$eqi96i$lwf$1@weblab.ucd.ie...
> ok here is my debug log. (sorry! its long!)
>
> debug2: load_server_config: filename /etc/sshd_config
> debug2: load_server_config: done config len = 250
> debug2: parse_server_config: config /etc/sshd_config len 250
> debug1: sshd version OpenSSH_3.9p1
> debug1: private host key: #0 type 0 RSA1
> debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
> debug1: read PEM private key done: type RSA
> debug1: private host key: #1 type 1 RSA
> debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
> debug1: read PEM private key done: type DSA
> debug1: private host key: #2 type 2 DSA
> debug1: rexec_argv[0]='/usr/sbin/sshd'
> debug1: rexec_argv[1]='-Dddde'
> debug2: fd 3 setting O_NONBLOCK
> debug1: Bind to port 22 on 0.0.0.0.
> Server listening on 0.0.0.0 port 22.
> Generating 768 bit RSA key.
> RSA key generation complete.
> debug3: fd 4 is not O_NONBLOCK
> debug1: Server will not fork when running in debugging mode.
> debug3: send_rexec_state: entering fd = 7 config len 250
> debug3: ssh_msg_send: type 0
> debug3: send_rexec_state: done
> debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
> debug3: recv_rexec_state: entering fd = 5
> debug3: ssh_msg_recv entering
> debug3: recv_rexec_state: done
> debug2: parse_server_config: config rexec len 250
> debug1: sshd version OpenSSH_3.9p1
> debug1: private host key: #0 type 0 RSA1
> debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
> debug1: read PEM private key done: type RSA
> debug1: private host key: #1 type 1 RSA
> debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
> debug1: read PEM private key done: type DSA
> debug1: private host key: #2 type 2 DSA
> debug1: inetd sockets after dupping: 3, 3
> Connection from X.X.X.X port 2865
> debug1: Client protocol version 2.0; client software version
> OpenSSH_3.9p1
> debug1: match: OpenSSH_3.9p1 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-1.99-OpenSSH_3.9p1
> debug2: fd 3 setting O_NONBLOCK
> debug2: Network child is on pid 2520
> debug3: preauth child monitor started
> debug3: mm_request_receive entering
> debug1: list_hostkey_types: ssh-rsa,ssh-dss
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-he
> llman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
> bc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
> bc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
> 6,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
> 6,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-he
> llman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
> bc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
> bc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
> 6,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
> 6,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
> debug3: mm_request_send entering: type 0
> debug3: monitor_read: checking request 0
> debug3: mm_answer_moduli: got parameters: 1024 1024 8192
> debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
> debug3: mm_request_receive_expect entering: type 1
> debug3: mm_request_receive entering
> debug3: mm_request_send entering: type 1
> debug2: monitor_read: 0 used once, disabling now
> debug3: mm_request_receive entering
> debug3: mm_choose_dh: remaining 0
> debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
> debug2: dh_gen_key: priv key bits set: 125/256
> debug2: bits set: 503/1024
> debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
> debug2: bits set: 537/1024
> debug3: mm_key_sign entering
> debug3: mm_request_send entering: type 4
> debug3: monitor_read: checking request 4
> debug3: mm_answer_sign
> debug3: mm_answer_sign: signature 0x1001a8f8(143)
> debug3: mm_request_send entering: type 5
> debug2: monitor_read: 4 used once, disabling now
> debug3: mm_request_receive entering
> debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
> debug3: mm_request_receive_expect entering: type 5
> debug3: mm_request_receive entering
> debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: KEX done
> debug1: userauth-request for user administrator service ssh-connection
> method none
> debug1: attempt 0 failures 0
> debug3: mm_getpwnamallow entering
> debug3: mm_request_send entering: type 6
> debug3: monitor_read: checking request 6
> debug3: mm_answer_pwnamallow
> debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
> debug3: mm_request_send entering: type 7
> debug2: monitor_read: 6 used once, disabling now
> debug3: mm_request_receive entering
> debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
> debug3: mm_request_receive_expect entering: type 7
> debug3: mm_request_receive entering
> debug2: input_userauth_request: setting up authctxt for administrator
> debug3: mm_inform_authserv entering
> debug3: mm_request_send entering: type 3
> debug3: monitor_read: checking request 3
> debug3: mm_answer_authserv: service=ssh-connection, style=
> debug2: monitor_read: 3 used once, disabling now
> debug3: mm_request_receive entering
> debug2: input_userauth_request: try method none
> debug3: mm_auth_password entering
> debug3: mm_request_send entering: type 10
> debug3: monitor_read: checking request 10
> debug3: mm_answer_authpassword: sending result 0
> debug3: mm_request_send entering: type 11
> Failed none for administrator from X.X.X.X port 2865 ssh2
> debug3: mm_request_receive entering
> debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
> debug3: mm_request_receive_expect entering: type 11
> debug3: mm_request_receive entering
> debug3: mm_auth_password: user not authenticated
> Failed none for administrator from X.X.X.X port 2865 ssh2
> debug1: userauth-request for user administrator service ssh-connection
> method publickey
> debug1: attempt 1 failures 1
> debug2: input_userauth_request: try method publickey
> debug1: test whether pkalg/pkblob are acceptable
> debug3: mm_key_allowed entering
> debug3: mm_request_send entering: type 20
> debug3: monitor_read: checking request 20
> debug3: mm_answer_keyallowed entering
> debug3: mm_answer_keyallowed: key_from_blob: 0x10012ef8
> debug1: temporarily_use_uid: 500/513 (e=18/544)
> debug1: trying public key file /home/Administrator/.ssh/authorized_keys
> debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
> debug3: mm_request_receive_expect entering: type 21
> debug3: mm_request_receive entering
> debug1: restore_uid: (unprivileged)
> debug1: temporarily_use_uid: 500/513 (e=18/544)
> debug1: trying public key file /home/Administrator/.ssh/authorized_keys
> debug1: restore_uid: (unprivileged)
> debug3: mm_answer_keyallowed: key 0x10012ef8 is disallowed
> debug3: mm_request_send entering: type 21
> debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
> Failed publickey for administrator from X.X.X.X port 2865 ssh2
> debug3: mm_request_receive entering
> debug1: userauth-request for user administrator service ssh-connection
> method keyboard-interactive
> debug1: attempt 2 failures 2
> debug2: input_userauth_request: try method keyboard-interactive
> debug1: keyboard-interactive devs
> debug1: auth2_challenge: user=administrator devs=
> debug1: kbdint_alloc: devices ''
> debug2: auth2_challenge_start: devices
> Failed keyboard-interactive for administrator from X.X.X.X port
> 2865 ssh2
> debug1: userauth-request for user administrator service ssh-connection
> method password
> debug1: attempt 3 failures 3
> debug2: input_userauth_request: try method password
> debug3: mm_auth_password entering
> debug3: mm_request_send entering: type 10
> debug3: monitor_read: checking request 10
> debug3: mm_answer_authpassword: sending result 1
> debug3: mm_request_send entering: type 11
> Accepted password for administrator from X.X.X.X port 2865 ssh2
> debug1: monitor_child_preauth: administrator has been authenticated by
> privileged process
> debug3: mm_get_keystate: Waiting for new keys
> debug3: mm_request_receive_expect entering: type 24
> debug3: mm_request_receive entering
> debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
> debug3: mm_request_receive_expect entering: type 11
> debug3: mm_request_receive entering
> debug3: mm_auth_password: user authenticated
> Accepted password for administrator from X.X.X.X port 2865 ssh2
> debug3: mm_send_keystate: Sending new keys: 0x100134e8 0x100134a0
> debug3: mm_newkeys_to_blob: converting 0x100134e8
> debug3: mm_newkeys_to_blob: converting 0x100134a0
> debug3: mm_send_keystate: New keys have been sent
> debug3: mm_send_keystate: Sending compression state
> debug3: mm_request_send entering: type 24
> debug3: mm_newkeys_from_blob: 0x1001a598(118)
> debug2: mac_init: found hmac-md5
> debug3: mm_get_keystate: Waiting for second key
> debug3: mm_newkeys_from_blob: 0x1001a598(118)
> debug2: mac_init: found hmac-md5
> debug3: mm_get_keystate: Getting compression state
> debug3: mm_get_keystate: Getting Network I/O buffers
> debug3: mm_share_sync: Share sync
> debug3: mm_share_sync: Share sync end
> debug3: mm_send_keystate: Finished sending state
> debug2: set_newkeys: mode 0
> debug2: set_newkeys: mode 1
> debug1: Entering interactive session for SSH2.
> debug2: fd 4 setting O_NONBLOCK
> debug2: fd 5 setting O_NONBLOCK
> debug1: server_init_dispatch_20
> debug1: server_input_channel_open: ctype session rchan 0 win 65536 max
> 16384
> debug1: input_session_request
> debug1: channel 0: new [server-session]
> debug1: session_new: init
> debug1: session_new: session 0
> debug1: session_open: channel 0
> debug1: session_open: session 0: link with channel 0
> debug1: server_input_channel_open: confirm session
> debug1: server_input_channel_req: channel 0 request pty-req reply 0
> debug1: session_by_channel: session 0 channel 0
> debug1: session_input_channel_req: session 0 req pty-req
> debug1: Allocating pty.
> debug1: session_pty_req: session 0 alloc /dev/tty1
> debug3: tty_parse_modes: SSH2 n_bytes 246
> debug3: tty_parse_modes: ospeed 38400
> debug3: tty_parse_modes: ispeed 38400
> debug3: tty_parse_modes: 1 3
> debug3: tty_parse_modes: 2 28
> debug3: tty_parse_modes: 3 127
> debug3: tty_parse_modes: 4 21
> debug3: tty_parse_modes: 5 4
> debug3: tty_parse_modes: 6 0
> debug3: tty_parse_modes: 7 0
> debug3: tty_parse_modes: 8 17
> debug3: tty_parse_modes: 9 19
> debug3: tty_parse_modes: 10 26
> debug3: tty_parse_modes: 12 18
> debug3: tty_parse_modes: 13 23
> debug3: tty_parse_modes: 14 22
> debug3: tty_parse_modes: 18 15
> debug3: tty_parse_modes: 30 0
> debug3: tty_parse_modes: 31 0
> debug3: tty_parse_modes: 32 0
> debug3: tty_parse_modes: 33 0
> debug3: tty_parse_modes: 34 0
> debug3: tty_parse_modes: 35 0
> debug3: tty_parse_modes: 36 1
> debug3: tty_parse_modes: 37 0
> debug3: tty_parse_modes: 38 1
> debug3: tty_parse_modes: 39 0
> debug3: tty_parse_modes: 40 0
> debug3: tty_parse_modes: 41 0
> debug3: tty_parse_modes: 50 1
> debug3: tty_parse_modes: 51 1
> debug3: tty_parse_modes: 53 1
> debug3: tty_parse_modes: 54 0
> debug3: tty_parse_modes: 55 0
> debug3: tty_parse_modes: 56 0
> debug3: tty_parse_modes: 57 0
> debug3: tty_parse_modes: 58 0
> debug3: tty_parse_modes: 59 1
> debug3: tty_parse_modes: 60 0
> debug3: tty_parse_modes: 61 0
> debug3: tty_parse_modes: 70 1
> debug3: tty_parse_modes: 71 0
> debug3: tty_parse_modes: 72 1
> debug3: tty_parse_modes: 73 0
> debug3: tty_parse_modes: 74 0
> debug3: tty_parse_modes: 75 0
> debug3: tty_parse_modes: 90 1
> debug3: tty_parse_modes: 91 1
> debug3: tty_parse_modes: 92 0
> debug3: tty_parse_modes: 93 0
> debug1: server_input_channel_req: channel 0 request shell reply 0
> debug1: session_by_channel: session 0 channel 0
> debug1: session_input_channel_req: session 0 req shell
> debug2: fd 3 setting TCP_NODELAY
> debug2: channel 0: rfd 7 isatty
> debug2: fd 7 setting O_NONBLOCK
> debug2: fd 6 setting O_NONBLOCK
>
>
>

• Next message: NNTP: "openssl decrypted private key"
• Previous message: h.wulff: "Re: Mount ssh in Windows as a Device"
• In reply to: Robin Strahan: "Re: Public Key Authentication Fails"
• Next in thread: Bjørn Augestad: "Re: Public Key Authentication Fails"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: problem with public key authentication ... > Public key authentication is not working for me and I always get the ... > ssh -vvv HOME.com -l username ... > chmod 400 authorized_keys ... > debug1: Connection established. ... (comp.security.ssh) OpenSSH with RSA auth on XP (Cygwin) Problem ... /home/john, and ssh john@thebox from another machine, the default ... chmod 755 ~/.ssh ... //and I'm asked for a password anyway (authentication fails) ... debug1: Connecting to thebox port 22. ... (comp.security.ssh) OH MY GOD! (What did I miss?) ... I've killed about 10+ hours configuring CVS to run over SSH. ... into another user smiller's .ssh directory. ... The only gosh darn difference was that /home/cvs was chmod 755 cvs.cvs. ... (comp.security.ssh) Re: Question about ssh no login ... you need to send those commands to the ssh ... ssh sk8terg1rl@xxxxxxxxxx << EOF ... your chmod command should read: ... (comp.os.linux.misc) Re: Knoppix - ssh connection refused. ... their machine which runs off a knoppix cd at the moment. ... ssh from a remote machine. ... chmod 644 ssh_host_rsa_key.pub ... (comp.os.linux.misc)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint