[opensuse] Problem getting ssh to use PublicKeyAuthentication :-(
Hi All, I am trying to get "password less" public key pair authentication to work between my laptop and my desktop and am not being very successful. ritchie@laptop:~/.ssh> ssh ritchie@desktop Password: Last login: Sat May 9 11:44:06 2009 from desktop Have a lot of fun... ritchie@desktop:~> As you can see, ssh works and lets me in BUT it still asks me for my password. Grrrr. I feel I am missing something really stupid. All pointers welcome :-) Setup: Laptop: Desktop: OS: OpenSUSE 11.1 OpenSUSE 10.3 I followed the instructions here... http://en.opensuse.org/Public_Key_Authentication I created my rsa key pair on laptop and copied it (id_rsa.pub) into my ~/.ssh/authorized_keys on desktop. I made the suggested changes to client (laptop) and server (desktop) config files. I can post config files if necessary. -- Kind Regards, Ritchie ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ritchie Fraser Web: http://www.rpfraser.uklinux.net Registered Linux User #255860
On Sat, May 9, 2009 at 20:00, Ritchie Fraser <ritchie@rpfraser.uklinux.net> wrote:
Hi All,
I am trying to get "password less" public key pair authentication to work between my laptop and my desktop and am not being very successful.
ritchie@laptop:~/.ssh> ssh ritchie@desktop Password: Last login: Sat May 9 11:44:06 2009 from desktop Have a lot of fun... ritchie@desktop:~>
As you can see, ssh works and lets me in BUT it still asks me for my password. Grrrr.
I feel I am missing something really stupid. All pointers welcome :-) What are the permissions on the files? Without the proper permissions, ssh defaults to passwords.
ne... -- Registered Linux User # 125653 (http://counter.li.org) Now accepting personal mail for GMail invites. Clarence Darrow - "When I was a boy I was told that anybody could become President; I'm beginning to believe it." - http://www.brainyquote.com/quotes/authors/c/clarence_darrow.html -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, May 10, 2009 at 11:44:40AM +0100, ne... wrote:
On Sat, May 9, 2009 at 20:00, Ritchie Fraser <ritchie@rpfraser.uklinux.net> wrote: [ 8< ]
I feel I am missing something really stupid. All pointers welcome :-) What are the permissions on the files? Without the proper permissions, ssh defaults to passwords.
Syslog will report the type of issue ne talked about. And a running tail -f -n 0 /var/log/messages on the destination system will disclose it. Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
On Sunday 10 May 2009 11:57:59 Lars Müller wrote:
On Sun, May 10, 2009 at 11:44:40AM +0100, ne... wrote:
On Sat, May 9, 2009 at 20:00, Ritchie Fraser <ritchie@rpfraser.uklinux.net> wrote:
[ 8< ]
I feel I am missing something really stupid. All pointers welcome :-)
What are the permissions on the files? Without the proper permissions, ssh defaults to passwords.
Syslog will report the type of issue ne talked about. And a running
tail -f -n 0 /var/log/messages
on the destination system will disclose it.
Lars
Hi Lars, I get only one line of output from the messages log: May 10 11:43:35 desktop sshd[19511]: Accepted keyboard-interactive/pam for ritchie from 192.168.0.2 port 56394 ssh2 PAM maybe? sshd_config on desktop has: UsePAM yes Commenting this out and restarting sshd with rcsshd restart Still no joy. I'm afraid that I'm floundering in the dark here. -- Kind Regards, Ritchie ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ritchie Fraser Web: http://www.rpfraser.uklinux.net Registered Linux User #255860
On Sun, 10 May 2009 21:38:52 Ritchie Fraser wrote:
On Sunday 10 May 2009 11:57:59 Lars Müller wrote:
On Sun, May 10, 2009 at 11:44:40AM +0100, ne... wrote:
On Sat, May 9, 2009 at 20:00, Ritchie Fraser <ritchie@rpfraser.uklinux.net> wrote:
[ 8< ]
I feel I am missing something really stupid. All pointers welcome :-)
What are the permissions on the files? Without the proper permissions, ssh defaults to passwords.
Syslog will report the type of issue ne talked about. And a running
tail -f -n 0 /var/log/messages
on the destination system will disclose it.
Lars
Hi Lars,
I get only one line of output from the messages log:
May 10 11:43:35 desktop sshd[19511]: Accepted keyboard-interactive/pam for ritchie from 192.168.0.2 port 56394 ssh2
PAM maybe? sshd_config on desktop has: UsePAM yes
Commenting this out and restarting sshd with rcsshd restart
Still no joy. I'm afraid that I'm floundering in the dark here.
Richie, You must make sure you have the following options set in /etc/ssh/sshd_config: PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no ChallengeResponseAuthentication no Without PasswordAuthentication set to no, I found that even though pubkey was set to yes and everything else was correct it still prompted for a password. Regards, -- =================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au ===================================================
On Sun, May 10, 2009 at 09:55:14PM +0930, Rodney Baker wrote: [ 8y ]
You must make sure you have the following options set in /etc/ssh/sshd_config:
PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no ChallengeResponseAuthentication no
2 times NO. Both are defaults. And since version 2 is used by default I no longer have to touch any of the openssh config files to get this working. I'm taking about openSUSE 11.1 here.
Without PasswordAuthentication set to no, I found that even though pubkey was set to yes and everything else was correct it still prompted for a password.
Unfortunately I have to say a third tine NO. ;) I'm not saying this is wrong or stupid. Disabeling password based auth might increase the level of security. Just having these distributed dictionary based password attacks in mind. Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
On Sun, 10 May 2009 23:00:23 Lars Müller wrote:
On Sun, May 10, 2009 at 09:55:14PM +0930, Rodney Baker wrote: [ 8y ]
You must make sure you have the following options set in /etc/ssh/sshd_config:
PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no ChallengeResponseAuthentication no
2 times NO.
Both are defaults.
And since version 2 is used by default I no longer have to touch any of the openssh config files to get this working.
I'm taking about openSUSE 11.1 here.
That might be true for 11.1 - my experience detailed above was true for 10.3 and 11.0 (I will probably skip 11.1 and wait for 11.2 or 11.3 since I can see no reason to upgrade at the moment).
Without PasswordAuthentication set to no, I found that even though pubkey was set to yes and everything else was correct it still prompted for a password.
Unfortunately I have to say a third tine NO. ;)
I'm not saying this is wrong or stupid. Disabeling password based auth might increase the level of security. Just having these distributed dictionary based password attacks in mind.
Lars
Whilst I value your knowledge, Lars, my experience on 10.3 at least (which is the version I was running when I first set it up) was that I had to disable password authentication to get it to use pubkey authentication. I've had the same experience setting up 3 different 10.3 systems. I kept the same configuration when I upgraded to 11.0 so I can't say what the default functionality is on 11.0. Regardless, I know that with the above options set my system accepts pubkey authentication and will not accept password or keyboard-interactive authentication attempts. IMHO this *does* make it more secure, since the only way to log on via ssh is to have access to the DSA key. YMMV. Regards, -- =================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au ===================================================
On Sun, May 10, 2009 at 7:13 AM, Rodney Baker <rodney.baker@iinet.net.au> wrote:
Whilst I value your knowledge, Lars, my experience on 10.3 at least (which is the version I was running when I first set it up) was that I had to disable password authentication to get it to use pubkey authentication. I've had the same experience setting up 3 different 10.3 systems.
In that case you have a problem, because this has never been the case for me. I feel safe in asserting that your setup is in some way hozed, because I have never had to disable passwords to get pubkey to work, not on any linux distro I've ever used, including Suse form 7.something thru 11.1. various ubuntus, redhats and various flavors of bsd. -- ----------JSA--------- Someone stole my tag line, so now I have this rental. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, May 10, 2009 at 01:08:52PM +0100, Ritchie Fraser wrote:
I get only one line of output from the messages log:
May 10 11:43:35 desktop sshd[19511]: Accepted keyboard-interactive/pam for ritchie from 192.168.0.2 port 56394 ssh2
Then the file perms are ok.
PAM maybe? sshd_config on desktop has: UsePAM yes
See my other recent mail. No chnages to the default openssh config are required on openSUSE 11.1. That's the system I checked again. giles:~ # rpm -V openssh giles:~ # Therefore I'm using the default sshd config file.
Commenting this out and restarting sshd with rcsshd restart
Still no joy. I'm afraid that I'm floundering in the dark here.
Try to turn a light on. ;) Have you placed the file at the desination host? Does it work on you local system? Please try to copy .ssh/id_rsa.pub the user in question to /root/.ssh/authorized_keys Ensure /root/.ssh and /root/.ssh/authorized_keys are ownd by the root user. But you would see this immediately at the syslog. Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
On Sun, May 10, 2009 at 03:35:48PM +0200, Lars Müller wrote: [ 8< ]
Try to turn a light on. ;)
Are you using ssh-agent? lmuelle@giles:~> ssh-add -l 1024 04:de:f3:a6:a4:92:6c:eb:09:4a:e3:eb:f9:b0:b6:4e /home/lmuelle/.ssh/id_rsa (RSA) Have you tried to call ssh-add to add your identity to the authentication agent? Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
On Sunday 10 May 2009 14:41:29 Lars Müller wrote:
On Sun, May 10, 2009 at 03:35:48PM +0200, Lars Müller wrote: [ 8< ]
Try to turn a light on. ;)
Are you using ssh-agent?
Not to my knowledge.
lmuelle@giles:~> ssh-add -l 1024 04:de:f3:a6:a4:92:6c:eb:09:4a:e3:eb:f9:b0:b6:4e /home/lmuelle/.ssh/id_rsa (RSA)
ritchie@laptop:~/.ssh> ssh-add -l The agent has no identities. ritchie@laptop:~/.ssh> ritchie@desktop:~/.ssh> ssh-add -l Could not open a connection to your authentication agent. ritchie@desktop:~/.ssh>
Have you tried to call ssh-add to add your identity to the authentication agent?
ritchie@laptop:~/.ssh> ssh-add Identity added: /home/ritchie/.ssh/id_rsa (/home/ritchie/.ssh/id_rsa) ...and it still asks me for my password.
Lars
-- Kind Regards, Ritchie ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ritchie Fraser Web: http://www.rpfraser.uklinux.net Registered Linux User #255860 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 10 May 2009 14:35:48 Lars Müller wrote:
Try to turn a light on. ;)
Have you placed the file at the desination host?
Does it work on you local system? Please try to copy .ssh/id_rsa.pub the user in question to /root/.ssh/authorized_keys
OK. Copied [laptop] /home/ritchie/.ssh/id_rsa.pub into [desktop] /root/.ssh/authorized_keys
Ensure /root/.ssh and /root/.ssh/authorized_keys are ownd by the root user. But you would see this immediately at the syslog.
.ssh directory and authorized_keys are owned by root. ritchie@laptop:~/.ssh> ssh root@desktop Last login: Sun May 10 16:32:08 2009 from laptop Have a lot of fun... desktop:~ # That worked ! Now to find out why it works for root and not for ritchie.
Lars
-- Kind Regards, Ritchie ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ritchie Fraser Web: http://www.rpfraser.uklinux.net Registered Linux User #255860 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, May 10, 2009 at 9:38 AM, Ritchie Fraser <ritchie@rpfraser.uklinux.net> wrote:
On Sunday 10 May 2009 14:35:48 Lars Müller wrote:
ritchie@laptop:~/.ssh> ssh root@desktop Last login: Sun May 10 16:32:08 2009 from laptop Have a lot of fun... desktop:~ #
That worked !
Now to find out why it works for root and not for ritchie.
log in with password, and re-copy your pub-key and rebuild authorized_keys on the assumption that went badly the first time. Did you put the SAME pub key into ~.ssh/authorized_keys for root and ritchie? (if so you should be able to copy authorized_keys from root to ritchie and change some permissions.) -- ----------JSA--------- Someone stole my tag line, so now I have this rental. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 10 May 2009 11:44:40 ne... wrote:
What are the permissions on the files? Without the proper permissions, ssh defaults to passwords.
ne...
On the laptop (client)... drwxr-xr-x 3 ritchie users 4096 2009-05-09 12:39 .ssh -rw-r--r-- 1 ritchie users 0 2009-05-09 12:39 authorized_keys -rw-r--r-- 1 ritchie users 476 2008-09-11 08:16 known_hosts On the desktop (server)... drwx------ 3 ritchie users 4096 2009-05-09 11:35 .ssh -rw-r--r-- 1 ritchie users 400 2009-05-09 11:35 authorized_keys -rw-r--r-- 1 ritchie users 216 2009-05-09 11:34 known_hosts -- Kind Regards, Ritchie ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ritchie Fraser Web: http://www.rpfraser.uklinux.net Registered Linux User #255860
Ritchie Fraser wrote:
On Sunday 10 May 2009 11:44:40 ne... wrote:
What are the permissions on the files? Without the proper permissions, ssh defaults to passwords.
ne...
On the laptop (client)... drwxr-xr-x 3 ritchie users 4096 2009-05-09 12:39 .ssh -rw-r--r-- 1 ritchie users 0 2009-05-09 12:39 authorized_keys -rw-r--r-- 1 ritchie users 476 2008-09-11 08:16 known_hosts
On the desktop (server)... drwx------ 3 ritchie users 4096 2009-05-09 11:35 .ssh -rw-r--r-- 1 ritchie users 400 2009-05-09 11:35 authorized_keys -rw-r--r-- 1 ritchie users 216 2009-05-09 11:34 known_hosts
Looks like you did not follow this step properly: http://en.opensuse.org/Public_Key_Authentication#Preparing_the_client You don't have a ~/.ssh/id_rsa private key file on the client. Kind regards Sylvester Lykkehus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 10 May 2009 12:48:49 Sylvester Lykkehus wrote:
Ritchie Fraser wrote:
On Sunday 10 May 2009 11:44:40 ne... wrote:
What are the permissions on the files? Without the proper permissions, ssh defaults to passwords.
ne...
On the laptop (client)... drwxr-xr-x 3 ritchie users 4096 2009-05-09 12:39 .ssh -rw-r--r-- 1 ritchie users 0 2009-05-09 12:39 authorized_keys -rw-r--r-- 1 ritchie users 476 2008-09-11 08:16 known_hosts
On the desktop (server)... drwx------ 3 ritchie users 4096 2009-05-09 11:35 .ssh -rw-r--r-- 1 ritchie users 400 2009-05-09 11:35 authorized_keys -rw-r--r-- 1 ritchie users 216 2009-05-09 11:34 known_hosts
Looks like you did not follow this step properly: http://en.opensuse.org/Public_Key_Authentication#Preparing_the_client
You don't have a ~/.ssh/id_rsa private key file on the client.
Kind regards Sylvester Lykkehus
Yes. I only listed the directory and the config files before. ritchie@laptop:~/.ssh> ls -l total 36 -rw-r--r-- 1 ritchie users 0 2009-05-09 12:39 authorized_keys -rw------- 1 ritchie users 1671 2009-05-09 12:35 id_rsa -rw-r--r-- 1 ritchie users 400 2009-05-09 12:35 id_rsa.pub -rw-r--r-- 1 ritchie users 476 2008-09-11 08:16 known_hosts ritchie@laptop:~/.ssh> -- Kind Regards, Ritchie ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ritchie Fraser Web: http://www.rpfraser.uklinux.net Registered Linux User #255860 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ritchie Fraser wrote:
On Sunday 10 May 2009 12:48:49 Sylvester Lykkehus wrote: <snip>
You don't have a ~/.ssh/id_rsa private key file on the client.
Yes. I only listed the directory and the config files before.
ritchie@laptop:~/.ssh> ls -l total 36 -rw-r--r-- 1 ritchie users 0 2009-05-09 12:39 authorized_keys -rw------- 1 ritchie users 1671 2009-05-09 12:35 id_rsa -rw-r--r-- 1 ritchie users 400 2009-05-09 12:35 id_rsa.pub -rw-r--r-- 1 ritchie users 476 2008-09-11 08:16 known_hosts ritchie@laptop:~/.ssh>
In that case, try ssh -v ritchie@desktop and see if something like this prints: debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering public key: /home/zly/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 533 debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey). Kind regards Sylvester Lykkehus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 10 May 2009 13:42:35 Sylvester Lykkehus wrote:
In that case, try ssh -v ritchie@desktop and see if something like this prints:
debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering public key: /home/zly/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 533 debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey).
Kind regards Sylvester Lykkehus
Hi Sylvester, output from the recommended command... ritchie@laptop:~/.ssh> ssh -v ritchie@desktop OpenSSH_5.1p1, OpenSSL 0.9.8h 28 May 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to desktop [192.168.0.6] port 22. debug1: Connection established. debug1: identity file /home/ritchie/.ssh/id_rsa type 1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.6 debug1: match: OpenSSH_4.6 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'desktop' is known and matches the RSA host key. debug1: Found key in /home/ritchie/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard- interactive debug1: Next authentication method: publickey debug1: Offering public key: /home/ritchie/.ssh/id_rsa debug1: Authentications that can continue: publickey,password,keyboard- interactive debug1: Next authentication method: keyboard-interactive debug1: Authentications that can continue: publickey,password,keyboard- interactive debug1: Next authentication method: password ritchie@desktop's password: debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_GB.UTF-8 Last login: Sun May 10 13:24:12 2009 from laptop Have a lot of fun... ritchie@desktop:~> Reading this output it seems that my laptop offers the public key to the desktop which refuses(?) it. Humm -- Kind Regards, Ritchie ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ritchie Fraser Web: http://www.rpfraser.uklinux.net Registered Linux User #255860 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ritchie Fraser wrote:
Hi Sylvester, output from the recommended command...
ritchie@laptop:~/.ssh> ssh -v ritchie@desktop
<snip>
Reading this output it seems that my laptop offers the public key to the desktop which refuses(?) it. Humm
Okay, I'm on par with the other on this thread, that this might be caused by permission problems. Try (temporarily, while testing) including the following line in sshd_config on the server: StrictModes no Do a rcsshd restart and test again. If it works, you have permission issues somewhere (maybe home directory?). If it doesn't, it will rule out permission issues. Kind regards Sylvester Lykkehus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 10 May 2009 14:59:52 Sylvester Lykkehus wrote:
Ritchie Fraser wrote:
Hi Sylvester, output from the recommended command...
ritchie@laptop:~/.ssh> ssh -v ritchie@desktop
<snip>
Reading this output it seems that my laptop offers the public key to the desktop which refuses(?) it. Humm
Okay, I'm on par with the other on this thread, that this might be caused by permission problems.
Try (temporarily, while testing) including the following line in sshd_config on the server: StrictModes no
OK. Added "StrictModes no" Restarted sshd on desktop (Server) ritchie@laptop:~/.ssh> ssh -v ritchie@desktop OpenSSH_5.1p1, OpenSSL 0.9.8h 28 May 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to desktop [192.168.0.6] port 22. debug1: Connection established. debug1: identity file /home/ritchie/.ssh/id_rsa type 1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.6 debug1: match: OpenSSH_4.6 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'desktop' is known and matches the RSA host key. debug1: Found key in /home/ritchie/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard- interactive debug1: Next authentication method: publickey debug1: Offering public key: /home/ritchie/.ssh/id_rsa debug1: Authentications that can continue: publickey,password,keyboard- interactive debug1: Next authentication method: keyboard-interactive debug1: Authentications that can continue: publickey,password,keyboard- interactive debug1: Next authentication method: password ritchie@desktop's password: debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_GB.UTF-8 Last login: Sun May 10 13:28:41 2009 from laptop Have a lot of fun... ritchie@desktop:~>
Do a rcsshd restart and test again. If it works, you have permission issues somewhere (maybe home directory?). If it doesn't, it will rule out permission issues.
Still had to enter my password, so it's not a permissions problem. -- Kind Regards, Ritchie ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ritchie Fraser Web: http://www.rpfraser.uklinux.net Registered Linux User #255860 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
It works for me with the following entries in /etc/ssh/sshd_config: PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys According to the OpenSSH documentation, the %h variable gets expanded to the home directory of the user that is logging in. This works correctly with both "PasswordAuthentication yes" and "PasswordAuthentication no". -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi to everyone who helped me yesterday. Your help was much appreciated. Thank you. I didn't get this working in the end, but I am going to completely remove ssh from both systems and start again from scratch with complete defaults, maybe even try dsa keys, when I get some more "free" (sort of) time. -- Kind Regards, Ritchie ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ritchie Fraser Web: http://www.rpfraser.uklinux.net Registered Linux User #255860
participants (7)
-
John Andersen -
Lars Müller -
Miguel Medalha -
ne... -
Ritchie Fraser -
Rodney Baker -
Sylvester Lykkehus