Date: Tue, 03 Feb 2015 00:03:30 +0000 From: Dave <dave@dgmm.net> To: freebsd-questions@freebsd.org Subject: Re: [SOLVED] Passwordless ssh, keys not authenticating, asks for password Message-ID: <2693256.fbzBTIN2Gq@amd.asgard.uk> In-Reply-To: <2158037.0CyDn4nRuB@amd.asgard.uk> References: <2158037.0CyDn4nRuB@amd.asgard.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
As is often the case, 2 minutes after I hit send, the answer leaped out at me from the deep, dark reaches of the web, namely: https://forums.freebsd.org/threads/stop-sshd-from-asking-for-password.33908/ ...where user robbak wisely said "If your home directory is 777, then it will fail!". I wasn't getting the stated error message but on checking, I had, for some long forgotten reason in the past, set /usr/home/dave to 777. It's now set to the default 755 and all is well again :-) On Monday 02 February 2015 23:47:23 Dave wrote: > Hi, > I'm trying to set up passwordless ssh login > > I have it working on all but one client, with no obvious reason why it's not > working on this one box. > > Box1 (ubuntu) uname -a > > Linux ubuntu 3.2.0-75-generic #110-Ubuntu SMP Tue Dec 16 19:11:28 UTC 2014 > i686 i686 i386 GNU/Linux > > > Box2 (testbox - working) uname -a > > FreeBSD testbox.asgard.uk 9.3-RELEASE-p9 FreeBSD 9.3-RELEASE-p9 #0: Tue Jan > 27 10:43:40 UTC 2015 root@amd64- > builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 > > > Box3 (amd - not working) uname -a > > FreeBSD amd.asgard.uk 9.3-RELEASE-p9 FreeBSD 9.3-RELEASE-p9 #0: Tue Jan 27 > 10:43:40 UTC 2015 root@amd64- > builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 > > > On Box1 I did > > ssh-keygen (default answers, no pass phrase) > ssh-copy-id dave@testbox > ssh-copy-id dave@amd > ssh-add > > > Boxes 2 and 3 have identical and default /etc/ssh/ssh_config and the > following are identical. > > ~/.ssh is chmod 700 > -rw------- 1 dave dave 797 2 Feb 22:10 authorized_keys > -rw-r--r-- 1 dave dave 165 6 Jan 23:27 known_host > > ssh dave@testbox (Box2 works fine) > ssh dave@amd (Box3 fails and asks for the password) > > > Results of ssh -v dave@amd (Box3) > > OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 19: Applying options for * > debug1: Connecting to amd [192.168.1.3] port 22. > debug1: Connection established. > debug1: identity file /home/dave/.ssh/id_rsa type 1 > debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 > debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 > debug1: identity file /home/dave/.ssh/id_rsa-cert type -1 > debug1: identity file /home/dave/.ssh/id_dsa type -1 > debug1: identity file /home/dave/.ssh/id_dsa-cert type -1 > debug1: identity file /home/dave/.ssh/id_ecdsa type -1 > debug1: identity file /home/dave/.ssh/id_ecdsa-cert type -1 > debug1: Remote protocol version 2.0, remote software version > OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420 > debug1: match: OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.4 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-ctr hmac-md5 none > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: sending SSH2_MSG_KEX_ECDH_INIT > debug1: expecting SSH2_MSG_KEX_ECDH_REPLY > debug1: Server host key: ECDSA > xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx debug1: Host 'amd' is known > and matches the ECDSA host key. > debug1: Found key in /home/dave/.ssh/known_hosts:1 > debug1: ssh_ecdsa_verify: signature correct > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: Roaming not allowed by server > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: publickey,keyboard-interactive > debug1: Next authentication method: publickey > debug1: Offering RSA public key: /home/dave/.ssh/id_rsa > debug1: Authentications that can continue: publickey,keyboard-interactive > debug1: Offering RSA public key: dave@ubuntu > debug1: Authentications that can continue: publickey,keyboard-interactive > debug1: Trying private key: /home/dave/.ssh/id_dsa > debug1: Trying private key: /home/dave/.ssh/id_ecdsa > debug1: Next authentication method: keyboard-interactive > Password for dave@amd.asgard.uk: > > > Box3 (amd,the problembox) pkg info | grep ssh > > libssh-0.6.3_1 Library implementing the SSH1 and SSH2 > protocol linux-c6-libssh2-1.4.2_1 Library implementing the SSH2 > protocol (Linux CentOS 6.6 > > > Box (testbox,a working box) pkg info | grep ssh > > libssh-0.6.3_1 Library implementing the SSH1 and SSH2 > protocol > > To eliminate the potential difference, pkg info | grep ssh shows no results > on a 9.2 box where passwordless ssh works. I also successfully tested with > a RaspBMC box. > > I can only assume there is something different somewhere on Box3 (amd) that > I've changed and forgotten about. Is there anything else you need to know > to help me? > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2693256.fbzBTIN2Gq>