From owner-freebsd-questions@FreeBSD.ORG  Sat Jun 14 18:02:08 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B552C106566C
	for <freebsd-questions@freebsd.org>;
	Sat, 14 Jun 2008 18:02:08 +0000 (UTC)
	(envelope-from martin@dc.cis.okstate.edu)
Received: from dc.cis.okstate.edu (dc.cis.okstate.edu [139.78.103.93])
	by mx1.freebsd.org (Postfix) with ESMTP id 8A0F48FC15
	for <freebsd-questions@freebsd.org>;
	Sat, 14 Jun 2008 18:02:08 +0000 (UTC)
	(envelope-from martin@dc.cis.okstate.edu)
Received: from dc.cis.okstate.edu (localhost.cis.okstate.edu [127.0.0.1])
	by dc.cis.okstate.edu (8.13.8/8.13.8) with ESMTP id m5EI27GF020260
	for <freebsd-questions@freebsd.org>;
	Sat, 14 Jun 2008 13:02:07 -0500 (CDT)
	(envelope-from martin@dc.cis.okstate.edu)
Message-Id: <200806141802.m5EI27GF020260@dc.cis.okstate.edu>
To: freebsd-questions@freebsd.org
Date: Sat, 14 Jun 2008 13:02:07 -0500
From: Martin McCormick <martin@dc.cis.okstate.edu>
Subject: ssh Public Keys Suddenly Stopped working for one account.
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Jun 2008 18:02:08 -0000

	We have an account on several FreeBSD systems that is
used for  automation. Several systems can talk to each other via
ssh by using public keys so that scripts don't have to hold
passwords.

	Last night, an account that has been working for years
suddenly won't let any of its cyber cohorts in without a
password.

	I bet I accidentally changed something sometime, but I
can't figure out what.

	The public keys hadn't changed since 2005 although
today, I blew them all away and made new ones which still don't
work on this one system but work on all others.

	There is no password expiration timeout (the first thing
I thought of) since the account is several years old.

	All other accounts on this same system with public keys
from their remote partners still work fine.

	The ownership and permissions look right on the account
directory.

	Does this sound familiar and what else am I missing?

	I can telnet in to the account on the localhost via the
usual password which you can't do on an expired account.

	I even did a stupid sort of measure which was to reset
the password to itself and that didn't change anything.

	Many thanks for other suggestions.

Martin McCormick WB5AGZ  Stillwater, OK 
Systems Engineer
OSU Information Technology Department Network Operations Group