openssh authentification

Clayton Evans CEvans@joshitech.com
Fri Oct 14 18:44:00 GMT 2011 

> > > > debug1: Next authentication method: publickey
> > > > debug1: Offering RSA public key: /home/cevans/.ssh/id_rsa
> > > > debug3: send_pubkey_test
> > > > debug2: we sent a publickey packet, wait for reply
> > > > debug1: Authentications that can continue: 
> > > > publickey,password,keyboard-interactive
> > > > debug1: Offering DSA public key: /home/cevans/.ssh/id_dsa
> > > > debug3: send_pubkey_test
> > > > debug2: we sent a publickey packet, wait for reply
> > > > debug1: Authentications that can continue: 
> > > > publickey,password,keyboard-interactive
> > > > debug1: Offering ECDSA public key: /home/cevans/.ssh/id_ecdsa
> > > > debug3: send_pubkey_test
> > > > debug2: we sent a publickey packet, wait for reply
> > > > debug1: Authentications that can continue: 
> > > > publickey,password,keyboard-interactive
> > > > debug2: we did not send a packet, disable method
> > >
> > > So all three of those keys were offered, but none were accepted.  Are the public keys for those in your ~/.ssh/authorized_keys file on the > server?
> > 
> > I copied the .ssh/authorized_keys file from the client to the host before the ssh -vvv jti031 was done.
>
> OK, but that's not exactly what I asked.  The question is, is one of those public keys (/home/cevans/.ssh/id_rsa.pub, /home/cevans/.ssh/id_dsa.pub, or /home/cevans/.ssh/id_ecdsa.pub from the client) in ~/.ssh/authorized_keys on the server?

No, the id_*.pub files were not copied.   

I have now copied all three id_*.pub files from the client to the host.  I have rerun 'ssh -vvv jti031' with identical results. (At least diff finds the results to be identical.)

> > Do you by chance have any "from" restrictions on the keys in 
> > authorized_keys?  For example,
> >
> > from="localhost" ssh-rsa AAAAB3NzaC1yc...
> >
> > That could cause the server to reject the keys.
> 
> I have not intentionally added any "from" restrictions on the keys.  
> From your question I infer that this would be in the authorized_keys file.

Correct, see AUTHORIZED_KEYS FILE FORMAT in sshd(8).

> The lines in the authorized_keys file begin with ssh-rsa ..., ssh-dss 
> ...,
> ecdsa-sha2-nistp256 ....  The lines all end with a white space and 
> <userid>@<clientname>, where <userid> and <clientname> have my user id 
> and client machine name, jti023.

OK, so the answer to that is no.



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list