LinuxQuestions.org - ssh-key authentication failing on one machine

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - ssh-key authentication failing on one machine (https://www.linuxquestions.org/questions/linux-security-4/ssh-key-authentication-failing-on-one-machine-84125/)

ssh-key authentication failing on one machine

Hey guys,

Perhaps I'm totally overlooking something here, but I'm having problems with ssh authentication on just one of the Linux machines on my network.

Using ssh-keygen -t rsa on my laptop, I create a public key (id_rsa.pub) which I leave in ~/.ssh. On the host machine, I take a copy of the key and place it in ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2 - it all seems fairly normal so far.

However, when I try to log in from the laptop, I get prompted for the password as if the key hadn't been registered. How odd!

Here's a verbose transcript of the ssh session's authentication attempts:

Code:

debug3: authmethod_is_enabled publickey

debug1: next auth method to try is publickey

debug2: userauth_pubkey_agent: no keys at all

debug2: userauth_pubkey_agent: no more keys

debug2: userauth_pubkey_agent: no message sent

debug1: try privkey: /home/chris/.ssh/identity

debug3: no such identity: /home/chris/.ssh/identity

debug1: try pubkey: /home/chris/.ssh/id_rsa

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: authentications that can continue: publickey,password,keyboard-interactive

debug2: userauth_pubkey_agent: no more keys

debug2: userauth_pubkey_agent: no message sent

debug1: try privkey: /home/chris/.ssh/id_dsa

debug3: no such identity: /home/chris/.ssh/id_dsa

debug2: we did not send a packet, disable method

debug3: authmethod_lookup keyboard-interactive

debug3: remaining preferred: password

debug3: authmethod_is_enabled keyboard-interactive

debug1: next auth method to try is keyboard-interactive

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply....

etc

authorized_keys and authorized_keys2 are chmod'd to 644

christo

christo,

It seems that you are missing the private key. It should be in "id_rsa". Note that it is the private key and should be on the client machine (laptop). Make sure the permissions are 0600 (only user can read/write).

The id_rsa.pub is the public key and should be the one that goes into the "server" authorized_keys file. But I think that's what you did, right?

Have fun,
chris

hey chris,

thanks a lot for the reply..

Code:

[chris@kerenski .ssh]$ ls -al

total 28

drwx------    2 chris    chris        4096 Aug 21 13:09 .

drwx------  57 chris    chris        4096 Aug 21 21:19 ..

-rw-r--r--    1 chris    chris        224 Aug 21 13:12 authorized_keys

-rw-r--r--    1 chris    chris        224 Aug 21 13:12 authorized_keys2

-rw-------    1 chris    chris        883 Aug 21 12:14 id_rsa

-rw-r--r--    1 chris    chris        224 Aug 21 12:14 id_rsa.pub

-rw-r--r--    1 chris    chris        2484 Aug 10 22:52 known_hosts

that looks okay to me.. and I have checked that the key is present in the aurhorized_keys2 file as well. The setup is exactly the same in reverse, and works fine.. in fact, I can ssh freely between any of 4 linux machines on the network apart from this one machine, brezhnev. which always drops out to password authentication.

hurrumph !

christo

christo,

I started playing around with my ssh setup. I suspect that brezhnev doesn't have the proper authorized_key file. Try using the debug option on the server to see the difference between public key auth or not.

Instead of having two authorized key files, concatenate the files together. authorized_keys2 isn't getting processed?

If I have an authorized_key file, my logs show the server responding to we sent a publickey packet, wait for reply with a Server accepts key: ... If I move the authorized key file, my ssh log look like yours.

Good luck,
chris