On Wednesday 18 April 2001 14:19, Maarten van den Berg wrote:
On Wednesday 18 April 2001 10:25, Lutz Jaenicke wrote:
On Wed, Apr 18, 2001 at 02:00:39AM +0200, Maarten van den Berg wrote:
[replying to my own post] I fixed it, though I'm not real sure how. After putting both keys back in the authorized_keys file and testing, without success, I suddenly realized that I had /home exported via NFS, and that there are serious warnings in [some] ssh docs I read a while ago about exporting homedirs. So, after turning off nfsd and deleting the entry from /etc/exports, RSA auth works fine again. But here is the weird part; to check if this was reproduceable I started the NFS server again with the original /etc/exports settings, but sshd still works fine... Is this expected behaviour ? ssh + nfs weirdness ? Maarten Oh, and thanks very much for your help, Lutz :-)
Yes, that is true. It may be quiet to the client in order to not tell about possible weak points, but it should log locally. In fact, auth-rsa.c:auth_rsa() does contain several diagnostic messages, all of them in the packet_send_debug() class: .... debug1: Attempting authentication for XXXX. RSA authentication refused for kost: bad ownership or modes for '/home/aet/serv01/xxxx/'. Failed rsa for XXXX from x.x.x.x port 325
I checked syslog too, but these logs are all there seems to be.
Therefore we have to look for an RSA failure _without_ debugging message. There are not many (1?), as I can see in the latest OpenSSH CVS auth-rsa.c: * The _PATH_SSH_USER_PERMITTED_KEYS (.ssh/authorized_keys) could not be found. Use strace(?) to trace sshd and see whether the file is successfully opened.
I'll try that tonight (it's my home setup)
This PubKey is 334 and should match the identity.pub. Did you edit it?
Oops.! Sorry, this looks rather suspect indeed. That is because I edited out one of the two keys during testing, the only key that's there now is the one from "trinity". However, it didn't work before editing neither.
To be on the safe side, I'll retry the tests tonight with the right keys of course. Sorry for not paying enough attention then.