On Tue, 17 Apr 2001, Lutz Jaenicke wrote:
On Tue, Apr 17, 2001 at 09:18:38PM +0200, Maarten van den Berg wrote:
I've been checking and double-checking everything: filepermissions, server config, upgrading, running sshd in debug mode, but I can't find anything wrong. Of course my ssh-agent etc. is configured correctly. ...
maarten@morpheus:~ > ssh -v apoc SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0. ... debug: Trying RSA authentication via agent with 'maarten@morpheus' debug: Server refused our key. ...
At this point we are told that the server refused the key. So please send the corresponding server output. Use "-d -d -d" in order to increase the debug level.
Been there, done that, can't find anything. Here follows... Script started on Wed Apr 18 01:39:23 2001 apoc:/home/maarten/APOC # killall -9 sshd apoc:/home/maarten/APOC # sshd -d -d -d -f /etc/ssh/sshd_config debug1: sshd version OpenSSH_2.3.0p1 debug1: Seeding random number generator debug1: read DSA private key done debug1: Seeding random number generator debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. debug1: Seeding random number generator debug1: Seeding random number generator RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from x.x.x.x port 942 debug1: Client protocol version 1.5; client software version OpenSSH_2.3.0p1 debug1: no match: OpenSSH_2.3.0p1 debug1: Local version string SSH-1.99-OpenSSH_2.3.0p1 debug1: Sent 768 bit public key and 1024 bit host key. debug1: Encryption type: 3des debug1: Received session key; encryption turned on. debug1: Installing crc compensation attack detector. debug1: Starting up PAM with username "maarten" debug1: Attempting authentication for maarten. Failed rsa for maarten from 10.42.42.142 port 942 Failed rsa for maarten from 10.42.42.142 port 942 debug1: PAM Password authentication accepted for user "maarten" Accepted password for maarten from 10.42.42.142 port 942 debug1: PAM setting rhost to "morpheus.kijkduin" debug1: session_new: init debug1: session_new: session 0 debug1: Allocating pty. debug1: Received request for X11 forwarding with auth spoofing. debug1: x11_create_display_inet: Socket family 10 not supported debug1: fd 8 setting O_NONBLOCK debug1: fd 8 IS O_NONBLOCK debug1: channel 0: new [X11 inet listener] debug1: PAM setting tty to "/dev/pts/1" debug1: PAM establishing creds debug1: Entering interactive session. debug1: Setting controlling tty using TIOCSCTTY. debug1: fd 3 setting O_NONBLOCK debug1: fd 7 IS O_NONBLOCK debug1: server_init_dispatch_13 debug1: server_init_dispatch_15 debug1: tvp!=NULL kid 0 mili 10 debug1: tvp!=NULL kid 0 mili 10 debug1: tvp!=NULL kid 0 mili 10 Note that it says twice "Failed rsa", after which point I log in with passwd. Its a pity that at that specific point it isn't more verbose :-( Other, possibly useful, info: ### sshd_config Port 22 ListenAddress 0.0.0.0 HostKey /etc/ssh/ssh_host_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin yes IgnoreRhosts yes StrictModes yes X11Forwarding yes X11DisplayOffset 10 PrintMotd yes KeepAlive yes SyslogFacility AUTH LogLevel INFO RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication yes PasswordAuthentication yes PermitEmptyPasswords no CheckMail no Subsystem sftp /usr/lib/ssh/sftp-server MaxStartups 10:30:60 ### end sshd_config ### ls -laR .ssh/ (on client) total 76 drwxr-xr-x 2 maarten 500 4096 Apr 17 20:58 . drwxrwx--- 75 maarten 500 40960 Apr 18 02:41 .. -rw------- 1 maarten users 736 Apr 17 20:58 id_dsa -rw-r--r-- 1 maarten users 606 Apr 17 20:58 id_dsa.pub -rw------- 1 maarten 500 539 Mar 31 1999 identity -rw-rw-r-- 1 maarten 500 343 Mar 31 1999 identity.pub -rw------- 1 maarten 500 9668 Apr 17 21:31 known_hosts -rw------- 1 maarten 500 512 Sep 13 2000 random_seed ### end ls -laR ### ls -laR .ssh/ (on server) total 27 drwx------ 2 maarten users 172 Apr 17 20:53 . drwx------ 31 maarten users 5702 Apr 18 01:25 .. -rw------- 1 maarten users 334 Apr 17 20:53 authorized_keys -rw------- 1 maarten users 527 Apr 17 20:51 identity -rw-r--r-- 1 maarten users 331 Apr 17 20:51 identity.pub -rw-r--r-- 1 maarten users 671 Apr 17 20:41 known_hosts ### end ls -laR Maarten
Best regards, Lutz PS. Running some SuSE 7.1 hosts with OpenSSH 2.3.0p1 and working RSA authentication.
Thanks, now I think I know it's not a 7.1 issue. What is the exact version 'rpm -q openssh' reports ?