PK auth fails for one user, only for Sun server
- From: David Shochat <shochatd@xxxxxxxxx>
- Date: Sat, 19 Sep 2009 19:16:05 +0000 (UTC)
We have been using SSH for some time using public key authentication and
ssh-agent (to avoid repeated prompts). But recently, we ran into a
problem that we have been unable to solve. First, we have two types of
(Unix) machines: Some are HPs running HP-UX 11i and others are Suns
(SPARC) mostly running Solaris 8. The HPs have OpenSSH_4.4p1-hpn12v11 and
the Suns have OpenSSH_5.1p1. We have had no problems with these two
interoperating, except in the following situation:
The problem only occurs with one user and only when the SSH server is a
Sun. It makes no difference whether the client side is HP or Sun, and
this one user has no problem if the SSH server is one of the HPs. All
other users are fine regardless of whether the server is Sun or HP. What
occurs in this odd situation is that public key authentication fails, as
indicated by a prompt for the user's password. We have tried ssh -v -v -v
to debug the problem, but this only shows that it gave up on PK
authentication but does not say why. We have also tried using -l the_user
to specify the user name and -i to specify the identify file
(~the_user/.ssh/id_dsa). We have checked the usual things listed in sec.
220.127.116.11 of Barrett, Silverman & Byrnes such as directory permissions
(although, if this were the problem, it would fail with HP servers, which
it does not). The thing that is different about this one user is that the
account is set up in such a way that you cannot log into it directly. One
has to first log in as some other user, and then use sudo su - the_user.
Also, this one user's group name is the same as its user name, which is
not true of any of the other users. Any suggestions for debugging this
problem would be appreciated.
- Prev by Date: Re: SFTP questions
- Next by Date: How to authenticate many users with the same public key.
- Previous by thread: control group?
- Next by thread: How to authenticate many users with the same public key.