On Wed, Apr 18, 2001 at 02:00:39AM +0200, Maarten van den Berg wrote: ...
Been there, done that, can't find anything. Here follows...
Script started on Wed Apr 18 01:39:23 2001 ... debug1: Starting up PAM with username "maarten" debug1: Attempting authentication for maarten. Failed rsa for maarten from 10.42.42.142 port 942 Failed rsa for maarten from 10.42.42.142 port 942 ...
Note that it says twice "Failed rsa", after which point I log in with passwd. Its a pity that at that specific point it isn't more verbose :-(
Yes, that is true. It may be quiet to the client in order to not tell about possible weak points, but it should log locally. In fact, auth-rsa.c:auth_rsa() does contain several diagnostic messages, all of them in the packet_send_debug() class: ... debug1: Attempting authentication for XXXX. RSA authentication refused for kost: bad ownership or modes for '/home/aet/serv01/xxxx/'. Failed rsa for XXXX from x.x.x.x port 325 Therefore we have to look for an RSA failure _without_ debugging message. There are not many (1?), as I can see in the latest OpenSSH CVS auth-rsa.c: * The _PATH_SSH_USER_PERMITTED_KEYS (.ssh/authorized_keys) could not be found. Use strace(?) to trace sshd and see whether the file is successfully opened.
-rw------- 1 maarten 500 539 Mar 31 1999 identity -rw-rw-r-- 1 maarten 500 343 Mar 31 1999 identity.pub This PubKey is 343 and should match identity.
-rw------- 1 maarten users 334 Apr 17 20:53 authorized_keys This PubKey is 334 and should match the identity.pub. Did you edit it?
Thanks, now I think I know it's not a 7.1 issue. What is the exact version 'rpm -q openssh' reports ?
openssh-2.3.0p1-5 Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153