From owner-freebsd-questions Tue Aug 20 3:28: 5 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B227437B400 for ; Tue, 20 Aug 2002 03:28:00 -0700 (PDT) Received: from clientmail.ehsrealtime.com (eris.ehsrealtime.com [213.52.146.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id D85E043E6A for ; Tue, 20 Aug 2002 03:27:59 -0700 (PDT) (envelope-from byron.schlemmer@realtime.co.uk) Received: from pan.ehsrealtime.com ([213.52.146.196]) by clientmail.ehsrealtime.com with esmtp (Exim 3.33 #2) id 17h6Ew-0003VH-01 for freebsd-questions@freebsd.org; Tue, 20 Aug 2002 11:27:58 +0100 Received: from byrons (helo=localhost) by pan.ehsrealtime.com with local-esmtp (Exim 3.35 #1) id 17h6EG-0000QD-00 for freebsd-questions@freebsd.org; Tue, 20 Aug 2002 11:27:16 +0100 Date: Tue, 20 Aug 2002 11:27:16 +0100 (BST) From: Byron Schlemmer To: FreeBSD-Questions Subject: Strange SSH publickey behaviour Message-ID: <20020820111308.S1572-100000@pan.ehsbrann.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, This post might be a little off topic however I'm wondering if anybody else has experience this problem. I am using OpenSSH (OpenSSH_3.4p1) with protocol version 2 with publickey authentication. I am able to use my private key ($HOME/.ssh/id_dsa) to connect to a number of machines on my network using key based authentication without problems, except to one particular machine. For the life of me I can't figure out why. If I create a new key set for my existing user and copy this new public key over to this box I'm still unable to login with keybased auth. However if I create a new user account on both the client and server, generate a key and copy this accross I'm able to login just fine. I'm beginning to think this machine just does not like me anymore. The problem seems to be between my user account on the client and the server? Here is the verbose output from ssh : $ ssh -v -2 -4 -i $HOME/.ssh/id_dsa eris OpenSSH_3.4p1 FreeBSD-20020702, SSH protocols 1.5/2.0, OpenSSL 0x0090607f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to eris.domain [$SERVER_IP] port 22. debug1: Connection established. debug1: identity file /home/byrons/.ssh/id_dsa type 2 debug1: identity file /home/byrons/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_3.4p1 debug1: match: OpenSSH_3.4p1 pat OpenSSH* Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.4p1 FreeBSD-20020702 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 127/256 debug1: bits set: 1576/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'eris.domain' is known and matches the DSA host key. debug1: Found key in /home/byrons/.ssh/known_hosts:1 debug1: bits set: 1557/3191 debug1: ssh_dss_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: next auth method to try is publickey debug1: try pubkey: /home/byrons/.ssh/id_dsa debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: try pubkey: /home/byrons/.ssh/id_dsa debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: next auth method to try is keyboard-interactive debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: next auth method to try is password byrons@eris.domain's password: - byron To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message