OpenSSH 6.2 Not Allowing Pubkey Auth
Darren Tucker
dtucker at zip.com.au
Fri Apr 5 14:14:29 EST 2013
On Thu, Apr 04, 2013 at 06:14:24PM -0400, Jeremy Brown wrote:
> I'm running a Debian VPS that was originally configured with OpenSSH
> 5.5 and I could use pubkey auth without issue. A few days ago, I
> decided to compile and install OpenSSH 6.2 for the AES-GCM support,
> and now I cannot login to my server with pubkey auth. I can't seem to
> figure out what the problem is, and when I replace the new sshd with
> the one originally included with my server, it resumes functioning
> without issue. For the record I'm using GCC 4.8 and OpenSSL 1.0.1e.
I would guess the stock sshd's config does not have StrictModes but the
new one does. Check that $HOME, $HOME/.ssh and
$HOME/.ssh/authorized_keys are not group or world writable.
If that's not it:
- run the client in debug mode ("ssh -v"). Modern versions of sshd will
send a debug message after you log in if it refused to use a key for
some reason (but only after you successfully authenticate somehow, eg
password).
- run the server in debug mode. Assuming you can connect to some other
port, that's something like /path/to/sshd -ddd -p 2022. You should
be able to see why the key was refused in the log, otherwise post it
here for us to look at.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list