On Sun, 2005-08-07 at 08:39 -0700, Eliezer Ramm wrote: > Hi, > > I am trying to setup passwordless ssh connections > > so far i have > 1) created rsa private/public keys > 2) copied the public key (id_rsa.pub) to the machine i > want to connect to and renamed it authorized_keys in > the .ssh dir > > when i try to connect it still asks me for the > password > > ssh -v tells me a few things - > > Next authentication method: publickey > * that's good* > debug1: Trying private key: > /home/username/.ssh/identity > debug1: read PEM private key done: type RSA > > *wonderfull! it is reading the client side private > key* > > then......... > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password > debug1: Offering public key: > /home/username/.ssh/id_rsa > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password > debug1: Offering public key: > /home/username/.ssh/id_dsa > > then it goes to password :( > > it never looks for the authorized_key file. i have > even place id_rsa in my .ssh dir on the server and > even renamed id_rsa.pub to id_rsa on the server but > nothing helps. > > so I looked at the server config and changed from the > FC defaults to > > PubkeyAuthentication yes > AuthorizedKeysFile .ssh/authorized_keys > > interesting enough when sshd was restarted from the > init.d script it did not kick any existing users off > the server. shouldn't it have broken the connection > amybe a need to do a full stop and start for > sshd_config to be re-loaded ? > > permissions are 0600 on authorized_keys > > what am i doing wrong ? > > btw what does the -1 mean in the debug message > > debug1: identity file /home/username/.ssh/identity > type -1 > debug1: identity file /home/username/.ssh/id_rsa type > 1 > debug1: identity file /home/username/.ssh/id_dsa type > 2 > > thanx for your help. > > lazer > ssh -v 10.10.10.10 > OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Connecting to 10.10.10.10 port 22. > debug1: Connection established. > debug1: identity file /home/username/.ssh/identity > type -1 > debug1: identity file /home/username/.ssh/id_rsa type > 1 > debug1: identity file /home/username/.ssh/id_dsa type > 2 > debug1: Remote protocol version 2.0, remote software > version OpenSSH_4.0 > debug1: match: OpenSSH_4.0 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_3.9p1 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-cbc hmac-md5 none > debug1: kex: client->server aes128-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) > sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Host '212.25.92.186' is known and matches the > RSA host key. > debug1: Found key in /home/username/.ssh/known_hosts:1 > debug1: ssh_rsa_verify: signature correct > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password > debug1: Next authentication method: gssapi-with-mic > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password > debug1: Next authentication method: publickey > debug1: Offering public key: > /home/username/.ssh/id_rsa > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password > debug1: Trying private key: > /home/username/.ssh/identity > debug1: read PEM private key done: type RSA > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password > debug1: Offering public key: > /home/username/.ssh/id_rsa > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password > debug1: Offering public key: > /home/username/.ssh/id_dsa > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password > debug1: Next authentication method: password > The only thing I can think of is to try to set the permissions on authorized_keys file to 0644 (just make sure your private key on the client machine is 0600). I think the only thing different in our setups is that I kept the passphrase used to unlock my private key. Here's the output I get: ... debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/wease1/.ssh/identity debug1: Offering public key: /home/wease1/.ssh/id_rsa debug1: Authentications that can continue: publickey debug1: Offering public key: /home/wease1/.ssh/id_dsa debug1: Server accepts key: pkalg ssh-dss blen 433 debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> Enter passphrase for key '/home/wease1/.ssh/id_dsa': debug1: read PEM private key done: type DSA debug1: Authentication succeeded (publickey). ... Todd
