I had ssh working with dsa key authentication, no problems. Reinstalled FC3, can no longer authenticate using rsa or dsa. sshd is enabled and i have modified the httpd_conf file. I can import keys from other machines but the key is never read. So i generate keys on the FC3 box and export the private key, same problem.

I know it's not my apple as i have set up key authentication on an external server in the past few minutes with no problems.

httpd_conf (well part of, don't want to make the thread too long)
--
#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes
--

I have inserted the keys into both authorized_keys and authorized_keys2, neither makes a difference. The last attempt i inserted into a file called authorized_keys2 and created a symbolic link to authorized_keys.

Am really stuck, so if there is anything obvious please let me know!

thanks in advance

Well, one thing that would be worth checking would be the file permisions that are set for the authorized_keys file, if memory serves if it is other than 644, it will not check the file.

I hope that this helps

tail /var/log/secure

Also, you mentioned exporting the private key. I'm hoping this is a typo and you actually exported the public key.

not a typo, just wasn't being too clear. The FC3 box is the one i ssh into, so i generated a keypair there, added the public key to authorized_keys and sent the private key to my notebook.
--
[root@localhost paulc]# tail /var/log/secure
Mar 9 13:06:39 localhost sshd[3845]: Accepted password for paulc from ::ffff:62.xx.xx.xx port 1188 ssh2
Mar 9 16:21:38 localhost sshd[3910]: reverse mapping checking getaddrinfo for host failed - POSSIBLE BREAKIN ATTEMPT!
Mar 9 16:21:42 localhost sshd[3910]: Accepted password for paulc from ::ffff:62.xx.xx.xx port 1225 ssh2
Mar 9 18:18:17 localhost sshd[3947]: reverse mapping checking getaddrinfo for host failed - POSSIBLE BREAKIN ATTEMPT!
Mar 9 18:18:22 localhost sshd[3947]: Failed password for paulc from ::ffff:62.xx.xx.xx port 1026 ssh2
Mar 9 18:18:27 localhost sshd[3947]: Accepted password for paulc from ::ffff:62.xx.xx.xx port 1026 ssh2
Mar 9 18:19:08 localhost sshd[4143]: reverse mapping checking getaddrinfo for host failed - POSSIBLE BREAKIN ATTEMPT!
Mar 9 18:19:13 localhost sshd[4143]: Accepted password for paulc from ::ffff:62.xx.xx.xx port 1029 ssh2
Mar 9 18:35:57 localhost sshd[4172]: reverse mapping checking getaddrinfo for host failed - POSSIBLE BREAKIN ATTEMPT!
Mar 9 18:36:00 localhost sshd[4172]: Accepted password for paulc from ::ffff:62.xx.xx.xx port 1035 ssh2
[root@localhost paulc]#
--

Not sure if that will be any use to you, but any advise is appreciated.

PS - all of those attempts involved using putty with certificate.

You did it backwards. Generate a key pair on the box you want to ssh FROM. Then copy the PUBLIC key (usually ~/.ssh/id_rsa.pub) to the box you wnat to ssh TO. Than run on the box you want to ssh TO.

Sorry if this was not clear in the first port I have created key pairs on a win98 box, a win 2k box and an osx notebook. Imported the public keys from them to the FC3 box, still nothing.

Define "import". Or just read here

Sorry if i'm being vague. When i say import, i mean scp the public key to a folder called .ssh2 on the FC3 box, then 'cat ~/.ssh2/filename.pub >> ~/.ssh/authorized_keys' I generate the keypair using 'ssh-keygen...' through the terminal in OSX.

With a putty generated key (Win 2k/98), i use 'ssh-keygen -X -f ~/.ssh2/filename.pub >> ~/.ssh/authorized_keys'

this was achieved using ssh -vv
--
The authenticity of host 'ip_address (ip_address)' can't be established.
RSA key fingerprint is ***********************************************.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ip_address' (RSA) to the list of known hosts.
debug1: bits set: 1028/2048
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,gssapi-with-mic,password
debug1: next auth method to try is publickey
debug1: try privkey: /home/dundee/.ssh/identity
debug1: try pubkey: /home/dundee/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x8088c28 hint 1
debug2: input_userauth_pk_ok: fp ***********************************************
debug1: try privkey: /home/dundee/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: next auth method to try is password
paulc@ip_address's password:
debug2: we sent a password packet, wait for reply
debug1: ssh-userauth2 successful: method password
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug2: callback start
debug1: ssh_session2_setup: id 0
debug1: channel request 0: pty-req
debug1: channel request 0: shell
debug1: fd 3 setting TCP_NODELAY
debug2: callback done
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 131072
Last login: Thu Mar 10 16:32:49 2005 from ip_address
--

From putty/plink:
--
plink -ssh -v paulc@ip_address -i 2ndgo.ppk
Server version: SSH-1.99-OpenSSH_3.9p1
We claim version: SSH-2.0-PuTTY-Release-0.57
Using SSH protocol version 2
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange
Host key fingerprint is:
ssh-rsa *******************************************
Initialised AES-256 client->server encryption
Initialised AES-256 server->client encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised HMAC-SHA1 server->client MAC algorithm
Using username "paulc".
Reading private key file "2ndgo.ppk"
Offered public key
Server refused our key
Server refused public key
paulc@ip_address's password:
Sent password
Access granted
Opened channel for session
Allocated pty (ospeed 38400bps, ispeed 38400bps)
Started a shell/command
Last login: Thu Mar 10 16:58:14 2005 from 62.56.18.66

And what does offer after one of these attempts? The earlier log you posted made no mention of any public key auth attempts.

My guess is that this is a permission issue on ~/.ssh/authorized_keys on the FC3 box. Tailing the security log will confirm that.

This is going to sound absolutely crazy, but i just got home, logged onto OSx and tried the certificate - it worked first time! I have changed nothing today so i am a little confused:
--
Mar 10 22:47:56 localhost sshd[4642]: Accepted publickey for paulc from ::ffff:192.168.1.102 port 49160 ssh2
--

Thanks for all of your help. One thing i did spot from that log is:
--
Mar 10 19:05:43 localhost sshd[4108]: Did not receive identification string from ::ffff:217.199.174.99
Mar 10 19:10:37 localhost sshd[4109]: Invalid user test from ::ffff:217.199.174.99
Mar 10 19:10:39 localhost sshd[4109]: Failed password for invalid user test from ::ffff:217.199.174.99 port 3345 ssh2
Mar 10 19:10:40 localhost sshd[4112]: Invalid user guest from ::ffff:217.199.174.99
Mar 10 19:10:42 localhost sshd[4112]: Failed password for invalid user guest from ::ffff:217.199.174.99 port 3519 ssh2
Mar 10 19:10:42 localhost sshd[4115]: Invalid user admin from ::ffff:217.199.174.99
Mar 10 19:10:45 localhost sshd[4115]: Failed password for invalid user admin from ::ffff:217.199.174.99 port 3630 ssh2
Mar 10 19:10:45 localhost sshd[4118]: Invalid user admin from ::ffff:217.199.174.99
Mar 10 19:10:47 localhost sshd[4118]: Failed password for invalid user admin from ::ffff:217.199.174.99 port 3732 ssh2
Mar 10 19:10:47 localhost sshd[4121]: Invalid user user from ::ffff:217.199.174.99
Mar 10 19:10:50 localhost sshd[4121]: Failed password for invalid user user from ::ffff:217.199.174.99 port 3843 ssh2
Mar 10 19:10:52 localhost sshd[4124]: Failed password for root from ::ffff:217.199.174.99 port 3953 ssh2
Mar 10 19:10:55 localhost sshd[4126]: Failed password for root from ::ffff:217.199.174.99 port 4062 ssh2
Mar 10 19:10:58 localhost sshd[4128]: Failed password for root from ::ffff:217.199.174.99 port 4162 ssh2
Mar 10 19:10:58 localhost sshd[4130]: Invalid user test from ::ffff:217.199.174.99
Mar 10 19:11:00 localhost sshd[4130]: Failed password for invalid user test
--
that ip address is not one of mine, so i guess i have more to figure out.

Thanks for suggesting that and all of your help.

Glad to hear it. I spent three days once beating my head against a wall trying to get pub key auth working with no success. A few months later, I decided to try it again and had it up and running in less than 10 minutes. Go figure... Welcome to the wonderful world of the internet. http://www.linuxquestions.org/questi...hreadid=215431

Mar 9 18:19:08 localhost sshd[4143]: reverse mapping checking getaddrinfo for host failed - POSSIBLE BREAKIN ATTEMPT!

Had the same problem once. It was easy to solve:

I only edited /etc/resolv.conf and inserted working nameservers, so that reverslookups worked.

You can try it out with
# host the.host.you.are.connecting.from

and you should get an answer like

the.host.you.are.connecting.from has address 62.xx.xx.xx