SSH Public Keys Problems

Temujin_12 · 02-17-2005, 02:49 PM

I have having SSH issues when trying to do public key authentication. It works just fine on server A. But on server B (which has the same configuration) it does not work. That tells me two things. 1- it is likely not a configuration on the client-side computer. 2- it is likely not a 'ssh*_config' file problem since both 'Server A' and 'Server B' have the exact same 'ssh*_config' files.

I have followed the instructions at the following sites but to no avail:
http://cfm.gs.washington.edu/securit...client-pkauth/
http://hacks.oreilly.com/pub/h/66

Here are the details:

Server A:
SSH Version: OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
OS: FreeBSD 4.7-RELEASE-p27 (VKERN) #33
Permission of '.ssh' dir: "drwx------ 2 root wheel 512 Feb 17 12:19 .ssh"
Permission of 'authorized_keys': "-rw------- 1 root wheel 223 Feb 17 12:19 authorized_hosts"

Server B:
SSH Version: OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
OS: FreeBSD 4.7-RELEASE-p27 (VKERN) #33
Permission of '.ssh' dir: "drwx------ 2 root wheel 512 Feb 17 12:17 .ssh"
Permission of 'authorized_keys': "-rw------- 1 root wheel 562 Feb 17 12:17 authorized_keys"

What I've tried:

I followed the instructions on both of those sites several times.
I've tried using the '-1' flag which results in:

Quote:

debug1: RSA authentication using agent refused.
debug1: Trying RSA authentication with key '/home/cjones/.ssh/identity'
debug1: Server refused our key.

I've tried using the '-2' flag which results in:

Quote:

debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/username/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/username/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/username/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password

I've tried using ssh-keygen -t rsa, ssh-keygen -t rsa1, and ssh-keygen -t dsa when generating the keys
I've tried clearing my "known_hosts" file on the client-machine.

I may have tried other things but at this point I am loosing track of what I have tried and not tried.

If anyone can help that would be greatly appreciated.

david_ross · 02-17-2005, 03:15 PM

Notice anything odd about this line?

Quote:

Originally posted by Temujin_12

Permission of 'authorized_keys': "-rw------- 1 root wheel 223 Feb 17 12:19 authorized_hosts"

authorized_keys is not the same as authorized_hosts - try:
mv ~/.ssh/authorized_hosts ~/.ssh/authorized_keys

I've also got an LA on LQ about public keys if you are interested.

Temujin_12 · 02-17-2005, 03:31 PM

Oh sorry, I must have pasted it in wrong. It is supposed to say "authorized_keys".

Any other ideas.

TruckStuff · 02-18-2005, 09:14 AM

Tail the security log to see if you can get more info about what is happening. On a default Redhat box it would be tail /var/log/secure; not sure what it is on BSD though.

Temujin_12 · 02-23-2005, 12:43 PM

It turned out to be a permission problem. After I ran "chmod 600 authorized_keys" things worked. But if I then came back and ran "cat identity.pub >> authorized_keys" it would change the permissions and I could no longer ssh w/o a password. I had to go back and re-run "chmod 600 authorized_keys" everytime I appended a key to the "authorized_keys" file.