From owner-freebsd-questions@FreeBSD.ORG Fri Oct 31 22:53:05 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A9D5D106568A for ; Fri, 31 Oct 2008 22:53:05 +0000 (UTC) (envelope-from af300wsm@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.237]) by mx1.freebsd.org (Postfix) with ESMTP id 7E0308FC19 for ; Fri, 31 Oct 2008 22:53:05 +0000 (UTC) (envelope-from af300wsm@gmail.com) Received: by rv-out-0506.google.com with SMTP id b25so1403530rvf.43 for ; Fri, 31 Oct 2008 15:53:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:mime-version:content-type:content-transfer-encoding :content-disposition:message-id; bh=ivonaZS6Earmb5hOV5i0md6iD7CuCS5ST8Lz5UuMLJM=; b=cEduozk33N41QSv40tbCFVouTM7OS12v//DHQf/99Rosi56ziTc3YCc2la+idrlgIK TyO/BX8EKMPZHuWgcWdoxkQ1knEDg9VaiFUxLTdWnx5HwUqkC+kxXpWmFzkYtUilINu3 i3pIrAPLiRCw7tB6qU/dgFJXnkeo4vPKDDMlY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:mime-version:content-type :content-transfer-encoding:content-disposition:message-id; b=NX1mDY0+jk93hGaG6LTx/rYjeOsTSxfpB81/VPaswW1kF2zgLu8WnmYrqdnKym3lOB QdINw6A4HxpWDp7OvFHHLyBIFiuo9PIvZMsP9gXwQi3/QD0EZ5/p0VM+eGEbKERJmdje JLDLfTv9O8a38+BoX165ikEJ1tmA5XFZwdoPs= Received: by 10.140.204.7 with SMTP id b7mr6988791rvg.175.1225493584759; Fri, 31 Oct 2008 15:53:04 -0700 (PDT) Received: from sniper (75-167-135-224.bois.qwest.net [75.167.135.224]) by mx.google.com with ESMTPS id k2sm10025831rvb.1.2008.10.31.15.53.03 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 31 Oct 2008 15:53:03 -0700 (PDT) From: Andrew Falanga To: FreeBSD Questions Date: Fri, 31 Oct 2008 16:52:38 -0600 User-Agent: KMail/1.9.6 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200810311652.38230.af300wsm@gmail.com> Subject: Authentication with SSH using public keys X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Oct 2008 22:53:05 -0000 Hi, My father recently setup a new 7.0-Release system for some web development. I use ssh to login remotely. I've normally not had any trouble configuring authentication through public key encryption using ssh-keygen and such. I have for myself a id_rsa.pub and an id_rsa key pair that I use for this purpose. Normally, I just copy, via scp, the file id_rsa.pub to my ~/.ssh/authorized_keys file on the remote host and the next time I attempt a login all is well. That is, I don't have to enter my password. However, on my Dad's new machine, this isn't the case. I still have to enter the password. Now, I've looked through his /etc/ssh/sshd_config file and nothing in there looks odd, or different, from other remote hosts I do this on. So, I'm embedding a copy/paste of an ssh login session on my father's host using -v -v to ssh: [/usr/home/andy/MCH] -> ssh -v -v malumgat OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 25 Oct 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to malumgat [24.59.91.121] port 22. debug1: Connection established. debug1: identity file /home/andy/.ssh/identity type -1 debug2: key_type_from_name: unknown key type '-----BEGIN' debug2: key_type_from_name: unknown key type '-----END' debug1: identity file /home/andy/.ssh/id_rsa type 1 debug1: identity file /home/andy/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.5p1 FreeBSD-20061110 debug1: match: OpenSSH_4.5p1 FreeBSD-20061110 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.5p1 FreeBSD-20061110 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss,ssh-rsa debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 132/256 debug2: bits set: 526/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'malumgat' is known and matches the DSA host key. debug1: Found key in /home/andy/.ssh/known_hosts:9 debug2: bits set: 494/1024 debug1: ssh_dss_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/andy/.ssh/identity (0x0) debug2: key: /home/andy/.ssh/id_rsa (0x5308a0) debug2: key: /home/andy/.ssh/id_dsa (0x0) debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /home/andy/.ssh/identity debug1: Offering public key: /home/andy/.ssh/id_rsa debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Trying private key: /home/andy/.ssh/id_dsa debug2: we did not send a packet, disable method debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 1 Password: debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 0 debug1: Authentication succeeded (keyboard-interactive). debug1: channel 0: new [client-session] debug2: channel 0: send open debug1: Entering interactive session. debug2: callback start debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 0 debug2: channel 0: request shell confirm 0 debug2: fd 3 setting TCP_NODELAY debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel 0: rcvd adjust 131072 The only thing I see that differs from this same trace on another machine to which I can use public key encryption is at the point where it shows, "we sent a publickey packet, wait for reply," I see the very next entry is, "Server accepts key: pkalg ssh-rsa blen 277." Apparently, there's something I'm missing in the configuration for sshd on this machine to allow it to support the public keys. What is it? In case it's important, this machine he's running is 7.0-RELEASE. It's not yet been updated. Perhaps I should do this before getting too worked up? Any help is greatly appreciated, Andy