Re: Bad passphrase with public key authentication



What does ssh -vvvvvv user@xxxxxxxxxxxxxxxxxxxx give you? Did you remember to put the pubkey at the end of ~/.ssh/authorized_keys2? That's a nonstandard file name right there, I've always seen authorized_keys.

Jim

On 12/29/10 9:58 AM, Niels Stevens wrote:
Hey everybody,

I'm having the strangest error using ssh.

I'm setting up my server to use public key authentication.

I'm using my macbook as a client and my ubuntu server for the ssh server.

When at first I didn't succeed to make a connection I tried to connect
from my server to my macbook.
Just to make sure I wasn't making any stupid mistakes.

Now when I tried to connect to my server from my macbook I just won't
accept the password for my key.

I tried generating and using different keys. I used one without
password, one with a simple password 'test'.

And still every time again the ssh server is complaining : "bad
passphrase given, try again..." .
I'm 100% sure it isn't my macbook because I use a ssh key pair to logon
my remote subversion
server also using a password for the keys.

Could any body help me I'm really desperate at this moment.

This is the sshd_config file from my server :

### Networking options ###
#standard port
Port 22
# Restrict to listen only ipv4 inet = IPv4, inet6 = IPv6 any = both
#AddressFamily inet

# Listen only to this interface
ListenAddress 192.168.1.50

# Only use protocol 2
Protocol 2

# Disable XForwarding
X11Forwarding no

# Disable TCPKeepAlive and use ClientAliveInterval instead to prevent
TCP Spoofing attacks
TCPKeepAlive no
ClientAliveInterval 600
ClientAliveCountMax 3

### Networking options ###

### Key Configurations ###

# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Use public key authentication
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys2

# Disable black listed key usage (update your keys!)
PermitBlacklistedKeys no

#### Key Configuration ####

#### Authentication ####

# Whitelist allowed users
# AllowUsers user1 user2

# Two minutes to enter your key passphrase
LoginGraceTime 120

# No root login
PermitRootLogin yes

# Force permissions checks on keyfiles and directories
StrictModes yes

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes

# similar for protocol version 2
HostbasedAuthentication no

# Don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Disable challenge and response auth. Unessisary when using keys
ChallengeResponseAuthentication yes

# Disable the use of passwords completly, only use public/private keys
PasswordAuthentication yes

# Using keys, no need for PAM. Also allows SSHD to be run as a non-root
user
UsePAM no

# Don't use login(1)
UseLogin no

#### Authentication ####

#### Misc ####

# Logging
SyslogFacility AUTH
LogLevel DEBUG3

# Print the last time the user logged in
PrintLastLog yes
PrintMotd yes

MaxAuthTries 4

MaxStartups 10:30:60

# Display login banner
Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

#### Misc ####

Thanks a lot in advance.

Kind regards,

Niels Stevens


--- news://freenews.netfront.net/ - complaints: news@xxxxxxxxxxxx ---

.



Relevant Pages

  • Re: More Get-IPlayer Questions
    ... to use with mutt mail client. ... antinat - 0.90-4 - Antinat is a flexible SOCKS server and client ... protocol for Sybase or MS SQL Server. ... ifstat - 1.1-1 - InterFace STATistics Monitoring ...
    (uk.comp.os.linux)
  • Re: network booting
    ... So the client would need to tell on which offset into on of the ... The client asks the server to open a specific file (by ... component of DOS 3.3, as well as RWTS. ... code on the C64 can send commands (using a serial protocol called IEC) ...
    (comp.sys.apple2)
  • Re: Explanation of SSH
    ... I am still unclear on how SSH works exactly. ... Client issues SSH command and names server ... "Shopper" says "server sends back its public host and server keys ... Surely there is only one public key it sends ...
    (comp.security.ssh)
  • Re: client -server interaction over XML supporting multiple protocols
    ... > NETBEUI to access the server to access the functionalities exposed. ... > server doesnot know in advance which client is using what protocol. ... size of the XML and Xfunctionality will determine the demands ...
    (comp.lang.cpp)
  • Re: Auto-update protocol
    ... I'm not worried about the client side as I can control that. ... I just don't want to have to dick with anything server side if ... Whether you write a server from scratch or wrap the protocol in HTTP and bundle an Apache blob, at least you give the user something to install which you do control. ... network and the server-- is next most important. ...
    (comp.arch.embedded)