From owner-freebsd-questions@FreeBSD.ORG Sat Jun 14 18:43:59 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1D6E610656AA for ; Sat, 14 Jun 2008 18:43:59 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from betty.computinginnovations.com (mail.computinginnovations.com [64.81.227.250]) by mx1.freebsd.org (Postfix) with ESMTP id A74AE8FC28 for ; Sat, 14 Jun 2008 18:43:58 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from p28.computinginnovations.com (dhcp-10-20-30-100.computinginnovations.com [10.20.30.100]) (authenticated bits=0) by betty.computinginnovations.com (8.14.2/8.14.2) with ESMTP id m5EIhYV6038716; Sat, 14 Jun 2008 13:43:35 -0500 (CDT) (envelope-from derek@computinginnovations.com) Message-Id: <6.0.0.22.2.20080614134055.024997f0@mail.computinginnovations.com> X-Sender: derek@mail.computinginnovations.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Sat, 14 Jun 2008 13:43:28 -0500 To: Martin McCormick , freebsd-questions@freebsd.org From: Derek Ragona In-Reply-To: <200806141802.m5EI27GF020260@dc.cis.okstate.edu> References: <200806141802.m5EI27GF020260@dc.cis.okstate.edu> Mime-Version: 1.0 X-Virus-Scanned: ClamAV 0.93/6806/Wed Apr 16 15:50:16 2008 on betty.computinginnovations.com X-Virus-Status: Clean X-ComputingInnovations-MailScanner-Information: Please contact the ISP for more information X-MailScanner-ID: m5EIhYV6038716 X-ComputingInnovations-MailScanner: Found to be clean X-ComputingInnovations-MailScanner-From: derek@computinginnovations.com X-Spam-Status: No Content-Type: text/plain; charset="us-ascii"; format=flowed X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: ssh Public Keys Suddenly Stopped working for one account. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Jun 2008 18:43:59 -0000 At 01:02 PM 6/14/2008, Martin McCormick wrote: > We have an account on several FreeBSD systems that is >used for automation. Several systems can talk to each other via >ssh by using public keys so that scripts don't have to hold >passwords. > > Last night, an account that has been working for years >suddenly won't let any of its cyber cohorts in without a >password. > > I bet I accidentally changed something sometime, but I >can't figure out what. > > The public keys hadn't changed since 2005 although >today, I blew them all away and made new ones which still don't >work on this one system but work on all others. > > There is no password expiration timeout (the first thing >I thought of) since the account is several years old. > > All other accounts on this same system with public keys >from their remote partners still work fine. > > The ownership and permissions look right on the account >directory. > > Does this sound familiar and what else am I missing? > > I can telnet in to the account on the localhost via the >usual password which you can't do on an expired account. > > I even did a stupid sort of measure which was to reset >the password to itself and that didn't change anything. > > Many thanks for other suggestions. > >Martin McCormick WB5AGZ Stillwater, OK >Systems Engineer >OSU Information Technology Department Network Operations Group If you upgraded one system to a new major version (sometimes point releases will cause a problem too) the system will regenerate its keys, so you need to then propagate the new keys. Other than that, if you have a drive error causing the key files to not be readable is the only other time I've seen this problem. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.