OpenSSH 6.2 Not Allowing Pubkey Auth
dtucker at zip.com.au
Fri Apr 5 14:14:29 EST 2013
On Thu, Apr 04, 2013 at 06:14:24PM -0400, Jeremy Brown wrote:
> I'm running a Debian VPS that was originally configured with OpenSSH
> 5.5 and I could use pubkey auth without issue. A few days ago, I
> decided to compile and install OpenSSH 6.2 for the AES-GCM support,
> and now I cannot login to my server with pubkey auth. I can't seem to
> figure out what the problem is, and when I replace the new sshd with
> the one originally included with my server, it resumes functioning
> without issue. For the record I'm using GCC 4.8 and OpenSSL 1.0.1e.
I would guess the stock sshd's config does not have StrictModes but the
new one does. Check that $HOME, $HOME/.ssh and
$HOME/.ssh/authorized_keys are not group or world writable.
If that's not it:
- run the client in debug mode ("ssh -v"). Modern versions of sshd will
send a debug message after you log in if it refused to use a key for
some reason (but only after you successfully authenticate somehow, eg
- run the server in debug mode. Assuming you can connect to some other
port, that's something like /path/to/sshd -ddd -p 2022. You should
be able to see why the key was refused in the log, otherwise post it
here for us to look at.
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev