LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   SSH passwordless login fails at send_pubkey_test (http://www.linuxquestions.org/questions/linux-software-2/ssh-passwordless-login-fails-at-send_pubkey_test-924785/)

HGScherneck 01-20-2012 08:09 AM

SSH passwordless login fails at send_pubkey_test
 
I try to log in with ssh passwordless into a server that I've set up. sshd is running there. I can log in with password.
When I set up the crypto (ssh-keygen -t ecdsa) and install the pub key at the host, I can't login anymore, not by defaulting to password either.

What can cause communication to stop at this point:
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
Connection closed by 999.999.999.999

Pubkey does not arrive at the server. Looking at other people's logs their problems occur later in the process. This one seems new.

Causes I can exclude:
sshd_config requests Protocol 2

My key pairs are in /home/user/.ssh with the privileges set as needed. The pub key has been cat >> server:/home/user/.ssh/authorized_keys, privil: -rw-r--r-
The log shows that id_ecdsa is detected and okayed.
I have renewed .ssh/known_hosts
My /var/empty is not writable except for root.

Does the pubkey sending go through a different port, not 22? Is there a timeout setting that one can change?

You may suspect this is CYGWIN-specific. No insult! One of you might know the solution. Be kind to me.

acid_kewpie 01-20-2012 08:36 AM

Why do you think ther key doesn't reach the server? that seems like a very specific thing to say.

/home/user/.ssh should be set to 700
/home/user/.ssh/authorized_keys should be set to 600

at present, anyone on your system can read your public keys... that isn't too great an idea, so SSH is probably refusing to play ball until you sort out the permissions.

Mind you, actually that is an odd point in the process for things to choke...

Imarkus88 01-20-2012 08:39 AM

have you check that your server allow you to login with key authentication?

take a look at your configuration and make sure you found this line:
PubkeyAuthentication yes

HGScherneck 01-20-2012 09:12 AM

SSH passwordless login fails at send_pubkey_test
 
Hi, thanks acid_kewpie and Imarkus88
I supplied too little info. Please see the debug output of ssh -vvv at
http://froste.oso.chalmers.se/hgs/cygwin

@Imarkus88:
In /etc/sshd_config I assume
#PubkeyAuthentication yes
is the default setting = yes. I have tested this on another machine, it's the same sshd_config setting, but there the login works.
Also, since the server processes the id_edcsa and okays it with the known_hosts, it suggests to me the machines are working at PubkeyAuthentication

@ acid_kewpie:
That's how the directory at the server is protected
ls -la
total 23
drwx------+ 1 HGS None 0 Jan 20 12:01 .
drwx------+ 1 HGS None 0 Jan 20 15:36 ..
-rw------- 1 HGS None 361 Jan 20 12:02 authorized_keys
-rw-r--r-- 1 HGS None 1009 Jan 20 15:37 known_hosts

and here at the host
drwx------+ 1 Hans Georg Scherneck Ingen 0 Jan 20 12:05 .
drwx------+ 1 Hans Georg Scherneck Ingen 0 Jan 20 12:00 ..
-rw-r--r-- 1 Hans Georg Scherneck Ingen 175 Jan 19 20:52 authorized_keys
-rw------- 1 Hans Georg Scherneck Ingen 227 Jan 20 12:00 id_ecdsa
-rw-r--r-- 1 Hans Georg Scherneck Ingen 186 Jan 20 12:00 id_ecdsa.pub
-rw-r--r-- 1 Hans Georg Scherneck Ingen 1963 Jan 20 12:04 known_hosts

If you think the problem stinks too much cygwin, I apologize.

acid_kewpie 01-20-2012 09:32 AM

i'd be more interested in what the server debugs say rather than the client.

HGScherneck 01-20-2012 09:45 AM

The only log I see updated today is /var/log/lastlog
and that one seems corrupt. Sorry.
Nevertheless, I've put it into in http://froste.oso.chalmers.se/hgs/cygwin/lastlog.txt
Anything you can suggest to remedy this?
Thanks in advance
HGS

acid_kewpie 01-20-2012 09:50 AM

You need to stop sshd and run it in the foreground (find what the service command line is with a "ps -ef" and copy that), with a -vvv on the command line, that'll give you plenty to work on.

Remember that as SSH is heavily security orientated part of the game is to not give information back to the client which leak details about other ways to attack you so "go away" is normally as good an error to hope for on the client. They aren't meant to be useful errors.

HGScherneck 01-20-2012 10:01 AM

Hi again,
cannot run sshd in foreground. This limitation is cygwin-specific. Don't bother any more, Linux is better.
Thanks for your time. I'll turn to the cygwin community instead.
/HGS


All times are GMT -5. The time now is 05:50 AM.