LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 07-28-2009, 04:19 PM   #16
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,373

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962

it's not looking there, %h is the home directory, whatever it is. normally it's actually just written as ~, not %h.
 
Old 07-28-2009, 04:27 PM   #17
slugmax
Member
 
Registered: Nov 2008
Location: Northern CT
Distribution: Slackware, Debian, Ubuntu
Posts: 69

Rep: Reputation: 24
You really shouldn't need to specify the location of the authorized_keys file unless it's non-standard. %h is the home directory of whatever user you are trying to reach. I would just comment that line out, but it's not your problem.

You can try running sshd in debug mode, this will typically tell you the reason for the failure where 'ssh -v' won't.

For the server, run in one xterm/screen session, etc.:

Code:
/usr/sbin/sshd -d -p 2222
then client in another:

Code:
ssh -vv -p 2222 localhost
Post the output from the daemon.
 
Old 07-28-2009, 04:56 PM   #18
slugmax
Member
 
Registered: Nov 2008
Location: Northern CT
Distribution: Slackware, Debian, Ubuntu
Posts: 69

Rep: Reputation: 24
It still might be permissions - Is the target account's home directory group-writeable (it should definitely not be if it's the root account)? From the sshd (8) man page:

Quote:
~/.ssh/authorized_keys
...
If this file, the ~/.ssh directory, or the user’s home directory are writable by other users, then the file could be modified or replaced by unauthorized users. In this case, sshd will
not allow it to be used unless the StrictModes option has been set to “no”. The recommended permissions can be set by executing “chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys”.
As it states, you can always disable StrictModes in your sshd config file, as well. The default is to enable it.
 
Old 07-28-2009, 05:30 PM   #19
AncientPC
LQ Newbie
 
Registered: Apr 2007
Posts: 25

Original Poster
Rep: Reputation: 15
From sshd:
Quote:
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='2222'
debug1: Bind to port 2222 on ::.
Server listening on :: port 2222.
debug1: Bind to port 2222 on 0.0.0.0.
Bind to port 2222 on 0.0.0.0 failed: Address already in use.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
debug1: inetd sockets after dupping: 3, 3
Connection from 127.0.0.1 port 51835
debug1: Client protocol version 2.0; client software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: permanently_set_uid: 74/74
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 failures 0
debug1: PAM: initializing for "root"
debug1: PAM: setting PAM_RHOST to "localhost.localdomain"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 1 failures 1
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: trying public key file /root/.ssh/authorized_keys
Authentication refused: bad ownership or modes for directory /root
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: trying public key file /root/.ssh/authorized_keys
Authentication refused: bad ownership or modes for directory /root
debug1: restore_uid: 0/0
Failed publickey for root from 127.0.0.1 port 51835 ssh2
/root/ was 700, I changed it to 720, still fails.

I ran `chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys`, restarted sshd, still fails.

Within /etc/ssh/sshd_config I commented out the home directory, still fails.

sshd_config already had '#StrictModes yes' commented out. I added it back in and explicitly set it to 'StrictModes no'. It now works.

Thanks everyone for their help.
 
  


Reply

Tags
key, ssh, sshd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH Private RSA keys keysorsoze Linux - Security 4 11-22-2006 10:44 PM
Can't login with ssh pub keys fisayo Mandriva 2 11-17-2005 07:12 PM
ssh public/private keys lord_darkhelmet Linux - Newbie 8 10-29-2005 03:14 PM
SSH public / private keys problem guideweb Linux - Software 7 08-27-2005 09:49 PM
Help with SSH and public/private keys stodge Linux - Security 5 05-14-2003 01:22 PM


All times are GMT -5. The time now is 03:30 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration