AuthorizedKeysFile with default value prevents Public/Private key authentication

Samuel Winchenbach hermitcrab at kelpworks.com
Sat Apr 3 07:52:19 EST 2010


My apologies.  I thought I searched the list correctly looking for a
report.   I must be mistaken.

Thanks,
Sam

On Fri, Apr 2, 2010 at 4:46 PM, Iain Morgan <imorgan at nas.nasa.gov> wrote:
> This issue was reported to the list shortly after the release of 5.4p1
> and should be fixed in an upcoming release.
>
> Please check the list archive for details.
>
> On Fri, Apr 02, 2010 at 15:02:34 -0500, Samuel Winchenbach wrote:
>> Hi All,
>>
>> I noticed that if I put:
>>
>> AuthorizedKeysFile .ssh/authorized_keys in my sshd_config file,
>> pub/priv key authentication no longer worked.
>>
>> I am using OpenSSH_5.4p1, OpenSSL 0.9.8n 24 Mar 2010
>> on Archlinux.
>>
>> Sam
>>
>>
>> ****************** Here is my WORKING config ******************
>>
>> Port 22
>> ListenAddress 0.0.0.0
>>
>>
>> Protocol 2
>>
>> PermitRootLogin no
>>
>> PubkeyAuthentication yes
>> #AuthorizedKeysFile   .ssh/authorized_keys
>>
>> PasswordAuthentication no
>> PermitEmptyPasswords no
>>
>> ChallengeResponseAuthentication no
>>
>> UsePAM yes
>>
>> Subsystem     sftp    /usr/lib/ssh/sftp-server
>>
>> ****************** END ******************
>> ******************  Here is my NON-WORKING config ******************
>>
>>
>> Port 22
>> ListenAddress 0.0.0.0
>>
>>
>> Protocol 2
>>
>> PermitRootLogin no
>>
>> PubkeyAuthentication yes
>> AuthorizedKeysFile    .ssh/authorized_keys
>>
>> PasswordAuthentication no
>> PermitEmptyPasswords no
>>
>> ChallengeResponseAuthentication no
>>
>> UsePAM yes
>>
>> Subsystem     sftp    /usr/lib/ssh/sftp-server
>>
>> ******************  END ******************
>> ****************** Here is a ssh -v to the server in question
>> ******************
>>
>> [swinchen at strongbad ~]$ ssh -v swinchen@********.org
>> OpenSSH_5.4p1, OpenSSL 0.9.8n 24 Mar 2010
>> debug1: Reading configuration data /home/swinchen/.ssh/config
>> debug1: Reading configuration data /etc/ssh/ssh_config
>> debug1: Applying options for *
>> debug1: Connecting to ********.org [130.111.XXX.XXX] port 22.
>> debug1: Connection established.
>> debug1: identity file /home/swinchen/.ssh/id_rsa type -1
>> debug1: identity file /home/swinchen/.ssh/id_rsa-cert type -1
>> debug1: identity file /home/swinchen/.ssh/id_dsa type -1
>> debug1: identity file /home/swinchen/.ssh/id_dsa-cert type -1
>> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.4
>> debug1: match: OpenSSH_5.4 pat OpenSSH*
>> debug1: Enabling compatibility mode for protocol 2.0
>> debug1: Local version string SSH-2.0-OpenSSH_5.4
>> debug1: SSH2_MSG_KEXINIT sent
>> debug1: SSH2_MSG_KEXINIT received
>> debug1: kex: server->client aes128-ctr hmac-md5 none
>> debug1: kex: client->server aes128-ctr hmac-md5 none
>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>> debug1: Host '********.org' is known and matches the RSA host key.
>> debug1: Found key in /home/swinchen/.ssh/known_hosts:1
>> debug1: ssh_rsa_verify: signature correct
>> debug1: SSH2_MSG_NEWKEYS sent
>> debug1: expecting SSH2_MSG_NEWKEYS
>> debug1: SSH2_MSG_NEWKEYS received
>> debug1: Roaming not allowed by server
>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>> debug1: Authentications that can continue: publickey
>> debug1: Next authentication method: publickey
>> debug1: Trying private key: /home/swinchen/.ssh/id_rsa
>> debug1: PEM_read_PrivateKey failed
>> debug1: read PEM private key done: type <unknown>
>> Enter passphrase for key '/home/swinchen/.ssh/id_rsa':
>> debug1: read PEM private key done: type RSA
>> debug1: Authentications that can continue: publickey
>> debug1: Trying private key: /home/swinchen/.ssh/id_dsa
>> debug1: No more authentication methods to try.
>> Permission denied (publickey).
>> ****************** END ******************
>> _______________________________________________
>> openssh-unix-dev mailing list
>> openssh-unix-dev at mindrot.org
>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
> --
> Iain Morgan
>


More information about the openssh-unix-dev mailing list