|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] ssh rsa authentication troubles
|
oh my, and i thought i was down with ssh.
scenario:
client running openssh 2.1.1 protocol 2
3 servers (madduck, sccs, sirius) running ssh 1.2.27 protocol 1.5
3 servers (ceylon, uriel, localhost) running openssh 2.1.1 protocol 2
user on client has an rsa ssh key which is included in authorized_keys
in ~/.ssh on each of the server machines. in all 6 cases, ~/.ssh is
drwx------ with all files in the directory being -rw-------. the home
directory itself is either drwx------ or drwx--x--x.
the client can connect to the two 1.2.27 hosts madduck and sccs with
rsa authentication perfectly. authorized_keys is the same on all 5
hosts. but sirius (1.2.27) as well as the three 2.1.1 hosts ceylon,
uriel, and localhost cannot be connected to.
more elaborately, i am madduck@localhost
here are the users on the 6 servers which have madduck@localhost's
identity.pub in their authorized_keys:
ssh version rsa works?
madduck@sccs 1.2.27 yes
madduck@uriel 2.1.1 no
madduck@sirius 1.2.27 no
madduck@madduck 1.2.27 yes
madduck@ceylon 2.1.1 no
testuser@localhost 2.1.1 no
i don't really see a pattern... and since not all machines are mine, i
won't post sshd_config. however, localhost and madduck are mine, so at
the end of the email, please find the three significant ssh*_config
files.
in the four cases of rsa works=no above, ssh asks for the password
directly. in the two yes cases, if i used ssh-add before, it just
connects, otherwise it prompts for the rsa passphrase instead of the
password.
any ideas?
gratefully appreciated!
martin
ssh_config@localhost:
========
Host *
ForwardAgent yes
ForwardX11 yes
RhostsAuthentication no
RhostsRSAAuthentication yes
RSAAuthentication yes
TISAuthentication no
PasswordAuthentication yes
FallBackToRsh no
UseRsh no
BatchMode no
CheckHostIP yes
StrictHostKeyChecking no
IdentityFile ~/.ssh/identity
Port 22
Protocol 2,1
Cipher 3des
EscapeChar ~
========
sshd_config@localhost:
========
Port 22
ListenAddress 0.0.0.0
HostKey /etc/ssh/ssh_host_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
IgnoreRhosts yes
StrictModes yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes
SyslogFacility AUTH
LogLevel INFO
RhostsAuthentication no
RhostsRSAAuthentication yes
RSAAuthentication yes
PasswordAuthentication yes
PermitEmptyPasswords no
UseLogin no
CheckMail no
=========
sshd_config@madduck:
=========
Port 22
ListenAddress 0.0.0.0
HostKey /etc/ssh/ssh_host_key
RandomSeed /etc/ssh/ssh_random_seed
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
IgnoreRhosts no
StrictModes yes
QuietMode no
X11Forwarding yes
X11DisplayOffset 10
FascistLogging no
PrintMotd yes
KeepAlive yes
SyslogFacility DAEMON
RhostsAuthentication no
RhostsRSAAuthentication yes
RSAAuthentication yes
PasswordAuthentication yes
PermitEmptyPasswords yes
UseLogin no
IdleTimeout 1h
=========
[greetings from the heart of the sun]# echo madduck@!#:1:s@\@@@.net
--
nobody expects the spanish inquisition.
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|