SSH Error - Permission denied (publickey,keyboard-interactive)

Hello,

I'm trying to setup password less authentication to remote ssh server. I generated the public key and gave it to the vendor and The key is added in the remote machines authorized_keys file.

When I try to connect to a remote machine through SFTP username@host I am getting the error message

Permission denied (publickey,password,keyboard-interactive).

Can any one tell me what is the problem.

Here is the debug log:

Connecting to sshftp-remoteserver.com...
OpenSSH_4.7p1, OpenSSL 0.9.8f 11 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so):   0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
        0509-026 System error: A file or directory in the path name does not exist.

debug1: Error loading Kerberos, disabling Kerberos auth.
debug1: Connecting to sshftp-remoteserver.com [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /cgate/.ssh/id_rsa type 1
debug1: identity file /cgate/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version Connect:Enterprise_UNIX_2.4.02
debug1: no match: Connect:Enterprise_UNIX_2.4.02
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-sha1 none
debug1: kex: client->server aes128-cbc hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'sshftp-remoteserver.com' is known and matches the RSA host key.
debug1: Found key in /cgate/.ssh/known_hosts:13
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /cgate/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /cgate/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).
Connection closed

Thanks,
-raj

Instead of giving it to the vendor, how about ssh-copy-id ?

If you don't have that level of control, you'll need to complain to your vendor.

Chances are, the problem is on their side. They need to be sure that it was loaded to their authorized_keys file and that the permissions going down to the $HOME/.ssh directory are set restrictive enough. Also, they need to be sure that the $HOME/.ssh/authorized_keys file they placed your public key into is that of the user with which you are trying to connect. The public key authentication is failing though. You can see it here being attempted.

debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /cgate/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /cgate/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.

Do you have read permissions on authorized_keys at destination server ?

Also can you just check as is below output & it will show where to find authorized keys for a user.

<destinationserver>:/etc/ssh>grep AuthorizedKeysFile /etc/ssh/sshd_config
#AuthorizedKeysFile /etc/ssh/auth_keys/%u
AuthorizedKeysFile .ssh/authorized_keys
<destination server>:/etc/ssh>

Thanks Guys, i'm able to resolve the issue. We asked the vendor for their Solaris logs - /var/adm/message , /var/adm/sshauthlog, /var/adm/authlog and then able to figure it out.

The user id they created is in all upper case, and we were using lower case..! I never heard a situation where the user name is case sensitive, esp. for an ftp server.... Even our unix admin is stumpted on it!