openssh server help required plz

khurramch81 · 04-18-2009, 08:48 PM

I am trying to install openssh server with public key authentication on CentOS. But i am getting following error message:

Disconnected: No supported authentication method available
Server refused keys

my sshd_conf file is as follows:

Port 22
Protocol 2
AddressFamily inet
ListenAddress 172.20.14.162
LoginGraceTime 2m
PermitRootLogin no
MaxAuthTries 3
RSAAuthentication yes
PubkeyAuthentication yes
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
AuthorizedKeysFile ~/.ssh/authorized_keys
SyslogFacility AUTHPRIV
PasswordAuthentication no
ChallengeResponseAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
GSSAPICleanupCredentials yes
UsePAM no
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
AllowGroups sshusers
MaxStartups 2
Banner /etc/ssh/banner
Subsystem sftp /usr/libexec/openssh/sftp-server

Please help me in this regard,

Kind regards,
Khurram

jhwilliams · 04-18-2009, 09:11 PM

Here is my functional sshd_config from a vanilla install of debian lenny, if it helps:

Quote:

Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes

chadl · 04-18-2009, 11:14 PM

If you run ssh with the -v switch, you will get more details on exactly what it is thinking when trying to connect to a server. For example, if it is skipping your public key because of permissions, it would tell you in the verbose messages.
For example
ssh -v chadl@void
will show a bunch of information on how the protocol is progressing. If the key is being accepted, you see something like (there is a ton more output, this is just a sampling):
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/chadl/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: Authentication succeeded (publickey).

In this case, the first line indicates that the client has a key to offer, and the server will (only) accept public keys for authentication. The method is selected, key is offered, and authentication finishes.

You will most likely see an error about why it is not using a public key (you did generate one, right?). Or, perhaps the issue is as simple as a mis-spelled or mis-permissioned ~/.ssh/authorized_keys file, so the server is not accepting the key, because it is not in there. In that case, the place to check is /var/log/secure on the server, and perhaps /var/log/messages.