[Gllug] rssh with public key authentication?

gvim gvimrc at gmail.com
Wed Dec 8 13:18:47 UTC 2010


On 08/12/2010 13:02, John Edwards wrote:
> On Wed, Dec 08, 2010 at 12:53:39PM +0000, gvim wrote:
> <snip>
>> It now seems to be a public key problem even with a normal bash login. Steps (CentOS 5.4):
>>
>> - useradd<user>
>> - cp -R ~<existing user>/.ssh   ~<new user>/
>> - chown -R<new user>:<new user>   ~<new user>/.ssh
>> - Append to AllowUser line in sshd_config:<new user>@<my ip>
>
> If you need to add "AllowUser" lines to allow a user to login then
> you don't have a default Centos/RedHat SSH config. Compare with the
> default config file to see what changes there are and if they might
> interfere with key authentication.
>

But I've used this config file with another user account specified on the same AllowUser line and it's been working fine.

>
>> - service sshd restart
>>
>> So now the new user account has the same .ssh/authorized_keys file as an existing user with a working login. However when I try to login all I get is:
>
> Check the contents of the authorized_keys file. It can include
> a lot of different restrictions on where logins are allowed from,
> what commands can be run, environment, etc.
>
> See 'man sshd' for more details on the options in authorized_keys.
>
>
>> Permission denied (publickey)
>>
>> /var/log/secure
>>
>> ... says nothing other than "Connection closed by<my ip>"
>
> And what does the SSH client say with the verbose flag enabled?
>
>
>

$ ssh -v remoteuser at myvm.vm.bytemark.co.uk
OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to myvm.vm.bytemark.co.uk [80.68.88.120] port 22.
debug1: Connection established.
debug1: identity file /Users/homeuser/.ssh/identity type -1
debug1: identity file /Users/homeuser/.ssh/id_rsa type -1
debug1: identity file /Users/homeuser/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'myvm.vm.bytemark.co.uk' is known and matches the RSA host key.
debug1: Found key in /Users/homeuser/.ssh/known_hosts:51
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/homeuser/.ssh/id_dsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/homeuser/.ssh/identity
debug1: Trying private key: /Users/homeuser/.ssh/id_rsa
debug1: Trying private key: /Users/homeuser/.ssh/id_dsa
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: read PEM private key done: type DSA
Identity added: /Users/homeuser/.ssh/id_dsa (/Users/gmac/.ssh/id_dsa)
debug1: read PEM private key done: type DSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).





-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list