AuthorizedKeysFile setting
Found it. It should be
AuthorizedKeysFile /home/%u/.ssh/authorized_keys |
I realize you have a working solution, but (in a slight defense of the OpenSSH developers) I took a look at the code.
If the value AuthorizedKeysFile does not use an absolute path, the program does some manipulation to convert it to an absolute path. Among other things (like the '%u' substitution you found), it converts the non-absolute file to an absolute file by prepending the user's home directory. From what I saw, it gets the user's home directory by calling getpwnam(). The getpwnam() function is a system-wide function--not written by the OpenSSH developers. The information getpwnam() provides is most/all the information in /etc/passwd. Basically, ssh then does this: absolute_path = user_home_path_from_getpwnam + '/' + ssh_config_file_AuthorizedKeysFile Now, given that your debug messages show that the path being checked for the authorized keys file was "//.ssh/authorized_keys" indicates to me that whatever account you were using to start ssh does not have a home directory listed in /etc/passwd or the home directory is listed as '/'. If neither of those is the case, then the OpenSSH developers would probably like for you to file a bug and work with them to find out what the core problem is. Also, as a side note, the OpenSSH code does take into account the '~' notation. In fact, what I saw indicates that the filename would be properly handled if either the '~/' or '~username/' form were used. |
The correct format for this setting should be:
Code:
AuthorizedKeysFile %h/.ssh/authorized_keys Specifying as I've read before: Code:
AuthorizedKeysFile /home/%u/.ssh/authorized_keys Ssh, at least on the referred distros, and while from OpenSSH packages, should be absolutely 0 trouble to set up for passwordless authentication, unless you mess up something with the server config beforehand, while trying to "fix" a problem that you created by placing the wrong file name or the wrong dir/file permissions/ownership. In case of doubt, always use the debug config for both server (sshd_config) and client (-vvv parameter), debugging is there for a reason. Cheers, -k- Quote:
|
Thanks for the fix _anonymous!
Quote:
|
All times are GMT -5. The time now is 03:04 PM. |