ssh connection unstable on remote server

Hi

I hope someone can spot what is wrong with this ssh connection as it has me baffled.

I am trying to set up a remote ssh connection (passwordless) to a remote 'server', (Ubuntu laptop at home).

I have tried these steps with rsa and dsa key types, (currently dsa) -

1) ssh-keygen -t rsa -f bsa -P ''
2) cat bsa.pub | ssh brad@tx5xn 'cat >> .ssh/authorized_keys'
3) cat bsa.pub >> authorized_keys
4) Try to log into remote machine (tx5xn) -

/home/brad/.ssh >ssh brad@tx5xn
Agent admitted failure to sign using the key.
brad@tx5xn's password:

Same error for ssh into local host
Tried changing authorized_keys to authorized_keys2
Tried chmod 0640 for authorized_keys
Deleted all files above and the same with dsa key

I found that if I logged into the remote machine and executed these
commands then I could log in remotely from another session
without a password. But when I logged out from both sessions
and tried to log in again I was once again blocked and asked for a
password.

chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Listing one is the verbose output from the time I could log in without a password. (After executing the above on the remote server).

Listing two is when I am blocked. After logging out of both sessions and trying to log back in.

BTW, I have added the same key bsa.pub to my authorized keys file on my local client and can ssh into myself without a password reliably.

I don't understand why I can't get the passwordless connection to remain stable on the remote server.

Any ideas?

Listing One (Temporary success) =======================

 
/home/brad/.ssh >ssh -v brad@tx5xn
OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to tx5xn [192.168.1.65] port 22.
debug1: Connection established.
debug1: identity file /home/brad/.ssh/id_rsa type -1
debug1: identity file /home/brad/.ssh/id_rsa-cert type -1
debug1: identity file /home/brad/.ssh/id_dsa type -1
debug1: identity file /home/brad/.ssh/id_dsa-cert type -1
debug1: identity file /home/brad/.ssh/id_ecdsa type -1
debug1: identity file /home/brad/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA 51:80:8b:c9:78:2a:13:bb:28:75:ad:83:b8:8d:91:1d
debug1: Host 'tx5xn' is known and matches the RSA host key.
debug1: Found key in /home/brad/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering DSA public key: brad@ubuntu-dt64
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: Authentication succeeded (publickey).
Authenticated to tx5xn ([192.168.1.65]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_GB.UTF-8
Welcome to Ubuntu 12.04.1 LTS (GNU/Linux 3.2.0-30-generic i686)
* Documentation: https://help.ubuntu.com/
3 packages can be updated.
0 updates are security updates.
Last login: Mon Sep 10 11:58:14 2012 from ubuntu-dt64.home
/home/brad>logout

Listing Two (Reverts to prompting for password) ===============

 
/home/brad/.ssh >ssh -v brad@tx5xn
OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to tx5xn [192.168.1.65] port 22.
debug1: Connection established.
debug1: identity file /home/brad/.ssh/id_rsa type -1
debug1: identity file /home/brad/.ssh/id_rsa-cert type -1
debug1: identity file /home/brad/.ssh/id_dsa type -1
debug1: identity file /home/brad/.ssh/id_dsa-cert type -1
debug1: identity file /home/brad/.ssh/id_ecdsa type -1
debug1: identity file /home/brad/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA 51:80:8b:c9:78:2a:13:bb:28:75:ad:83:b8:8d:91:1d
debug1: Host 'tx5xn' is known and matches the RSA host key.
debug1: Found key in /home/brad/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering DSA public key: brad@ubuntu-dt64
debug1: Authentications that can continue: publickey,password
debug1: Offering DSA public key: bsa
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: brad@ubuntu-dt64
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/brad/.ssh/id_rsa
debug1: Trying private key: /home/brad/.ssh/id_dsa
debug1: Trying private key: /home/brad/.ssh/id_ecdsa
debug1: Next authentication method: password
brad@tx5xn's password:

Files in .ssh directory on client -

 
-rw-rw-r--  1 brad brad  606 Sep 10 11:37 authorized_keys2
-rw-------  1 brad brad  668 Sep 10 11:33 bsa
-rw-r--r--  1 brad brad  606 Sep 10 11:33 bsa.pub
 

Files in Server side

 
-rw------- 1 brad brad 606 Sep 10 11:36 authorized_keys2

also tried

 
-rw-r--r-- 1 brad brad 606 Sep 10 11:36 authorized_keys2

Did you set identity, the key the client sends?

Hi DG

Once again I seem to have sorted it out but am unsure why it is fixed.

I created another account and went through the steps to enable it to log in without a password. Then I set used the key to enable the account I wanted to use and it seems to work.

I still don't understand why this works though...

Permissions on the user's home directory have to be 755 or stronger?

I know I'm late with this, but on an Ubuntu Client, you have the option of using

ssh-copy-id name@remote-server

which copies the key for the user on the client to the authorized keys file of the user you specify in the command on the server you specify in the command. Very simple and foolproof.