AuthorizedKeysFile with default value prevents Public/Private key authentication
Iain Morgan
imorgan at nas.nasa.gov
Sat Apr 3 07:46:43 EST 2010
This issue was reported to the list shortly after the release of 5.4p1
and should be fixed in an upcoming release.
Please check the list archive for details.
On Fri, Apr 02, 2010 at 15:02:34 -0500, Samuel Winchenbach wrote:
> Hi All,
>
> I noticed that if I put:
>
> AuthorizedKeysFile .ssh/authorized_keys in my sshd_config file,
> pub/priv key authentication no longer worked.
>
> I am using OpenSSH_5.4p1, OpenSSL 0.9.8n 24 Mar 2010
> on Archlinux.
>
> Sam
>
>
> ****************** Here is my WORKING config ******************
>
> Port 22
> ListenAddress 0.0.0.0
>
>
> Protocol 2
>
> PermitRootLogin no
>
> PubkeyAuthentication yes
> #AuthorizedKeysFile .ssh/authorized_keys
>
> PasswordAuthentication no
> PermitEmptyPasswords no
>
> ChallengeResponseAuthentication no
>
> UsePAM yes
>
> Subsystem sftp /usr/lib/ssh/sftp-server
>
> ****************** END ******************
> ****************** Here is my NON-WORKING config ******************
>
>
> Port 22
> ListenAddress 0.0.0.0
>
>
> Protocol 2
>
> PermitRootLogin no
>
> PubkeyAuthentication yes
> AuthorizedKeysFile .ssh/authorized_keys
>
> PasswordAuthentication no
> PermitEmptyPasswords no
>
> ChallengeResponseAuthentication no
>
> UsePAM yes
>
> Subsystem sftp /usr/lib/ssh/sftp-server
>
> ****************** END ******************
> ****************** Here is a ssh -v to the server in question
> ******************
>
> [swinchen at strongbad ~]$ ssh -v swinchen@********.org
> OpenSSH_5.4p1, OpenSSL 0.9.8n 24 Mar 2010
> debug1: Reading configuration data /home/swinchen/.ssh/config
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Connecting to ********.org [130.111.XXX.XXX] port 22.
> debug1: Connection established.
> debug1: identity file /home/swinchen/.ssh/id_rsa type -1
> debug1: identity file /home/swinchen/.ssh/id_rsa-cert type -1
> debug1: identity file /home/swinchen/.ssh/id_dsa type -1
> debug1: identity file /home/swinchen/.ssh/id_dsa-cert type -1
> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.4
> debug1: match: OpenSSH_5.4 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_5.4
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-ctr hmac-md5 none
> debug1: kex: client->server aes128-ctr hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host '********.org' is known and matches the RSA host key.
> debug1: Found key in /home/swinchen/.ssh/known_hosts:1
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: Roaming not allowed by server
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/swinchen/.ssh/id_rsa
> debug1: PEM_read_PrivateKey failed
> debug1: read PEM private key done: type <unknown>
> Enter passphrase for key '/home/swinchen/.ssh/id_rsa':
> debug1: read PEM private key done: type RSA
> debug1: Authentications that can continue: publickey
> debug1: Trying private key: /home/swinchen/.ssh/id_dsa
> debug1: No more authentication methods to try.
> Permission denied (publickey).
> ****************** END ******************
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
--
Iain Morgan
More information about the openssh-unix-dev
mailing list