I'm loged on server A as user infa8. I want to login via ssh key on server B as user ussdsc.
destination server (B) is a redHat 6.2.
Permissions for ussdsc@B for home, ssh and authorized_keys:
[ussdsc@ussdpos:/home]$ ls -ltr | grep ussdsc
drwxr-xr-x. 29 ussdsc mobifon 4096 Feb 18 11:43 ussdsc
[ussdsc@ussdpos:/home]$ getfacl ussdsc
# file: ussdsc
# owner: ussdsc
# group: mobifon
user::rwx
group::r-x
other::r-x
[ussdsc@B:/home]$ cd ussdsc
[ussdsc@B:~]$ ls -altr | grep ssh
-rw-------. 1 ussdsc grup 86 Feb 2 10:41 .lesshst
drwxr-xr-x. 2 ussdsc grup 4096 Feb 18 11:43 .ssh
[ussdsc@B:~]$
[ussdsc@B:~]$ getfacl .ssh
# file: .ssh
# owner: ussdsc
# group: grup
user::rwx
group::r-x
other::r-x
[ussdsc@B:~]$ cd .ssh
[ussdsc@B:~/.ssh]$ ls -altr auth*
-rw-r--r--. 1 ussdsc grup 395 Feb 18 11:43 authorized_keys
[ussdsc@B:~/.ssh]$ getfacl authorized_keys
# file: authorized_keys
# owner: ussdsc
# group: grup
user::rw-
group::r--
other::r--
ssh -vvv logs:
bash-4.3$ ssh -vvv ussdsc@ussdpos
OpenSSH_5.5p1+sftpfilecontrol-v1.3-hpn13v7, OpenSSL 0.9.8k 25 Mar 2009
HP-UX Secure Shell-A.05.50.015, HP-UX Secure Shell version
debug1: Reading configuration data /infa8/home/.ssh/config
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug3: RNG is ready, skipping seeding
debug2: ssh_connect: needpriv 0
debug1: Connecting to ussdpos [10.134.1.38] port 22.
debug1: Connection established.
debug1: identity file /infa8/home/.ssh/identity type -1
debug1: identity file /infa8/home/.ssh/identity-cert type -1
debug3: Not a RSA1 key file /infa8/home/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /infa8/home/.ssh/id_rsa type 1
debug1: identity file /infa8/home/.ssh/id_rsa-cert type -1
debug3: Not a RSA1 key file /infa8/home/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /infa8/home/.ssh/id_dsa type 2
debug1: identity file /infa8/home/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Remote is NON-HPN aware
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1+sftpfilecontrol-v1.3-hpn13v7
debug2: fd 3 setting O_NONBLOCK
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 112/256
debug2: bits set: 492/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: host ussdpos filename /infa8/home/.ssh/known_hosts
debug3: check_host_in_hostfile: host ussdpos filename /infa8/home/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 118
debug3: check_host_in_hostfile: host 10.134.1.38 filename /infa8/home/.ssh/known_hosts
debug3: check_host_in_hostfile: host 10.134.1.38 filename /infa8/home/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 117
debug1: Host 'ussdpos' is known and matches the RSA host key.
debug1: Found key in /infa8/home/.ssh/known_hosts:118
debug2: bits set: 536/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /infa8/home/.ssh/identity (0)
debug2: key: /infa8/home/.ssh/id_rsa (4003e6a0)
debug2: key: /infa8/home/.ssh/id_dsa (4003e6d0)
debug3: input_userauth_banner
The access to this system is restricted and is granted based only
on individual and authorized user ID and password. Any access to the
system using an ID and a password which have not been alocated to
you under a contract or by law, or any other unauthorized access on
this system, forcing or avoiding access restrictions is considered a
crime and shall be prosecuted according to the Romanian criminal law.
Continuing the access procedure is considered as an understanding of
the above warning and of the consequences of not respecting it.
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Miscellaneous failure
No credentials cache found
debug1: Miscellaneous failure
No credentials cache found
debug1:
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /infa8/home/.ssh/identity
debug3: no such identity: /infa8/home/.ssh/identity
debug1: Offering public key: /infa8/home/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering public key: /infa8/home/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
ussdsc@B's password:
and logs from /var/log/secure (ssh log level: DEBUG):
Feb 18 11:35:36 B sshd[12391]: debug1: Forked child 12593.
Feb 18 11:35:36 B sshd[12593]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Feb 18 11:35:36 B sshd[12593]: debug1: inetd sockets after dupping: 3, 3
Feb 18 11:35:36 B sshd[12593]: Connection from <ip> port 55604
Feb 18 11:35:36 B sshd[12593]: debug1: Client protocol version 2.0; client software version OpenSSH_5.5p1+sftpfilecontrol-v1.3-hpn13v7
Feb 18 11:35:36 B sshd[12593]: debug1: match: OpenSSH_5.5p1+sftpfilecontrol-v1.3-hpn13v7 pat OpenSSH*
Feb 18 11:35:36 B sshd[12593]: debug1: Enabling compatibility mode for protocol 2.0
Feb 18 11:35:36 B sshd[12593]: debug1: Local version string SSH-2.0-OpenSSH_5.3
Feb 18 11:35:36 B sshd[12595]: debug1: permanently_set_uid: 74/74
Feb 18 11:35:36 B sshd[12595]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
Feb 18 11:35:36 B sshd[12595]: debug1: SSH2_MSG_KEXINIT sent
Feb 18 11:35:36 B sshd[12595]: debug1: SSH2_MSG_KEXINIT received
Feb 18 11:35:36 B sshd[12595]: debug1: kex: client->server aes128-ctr hmac-md5 none
Feb 18 11:35:36 B sshd[12595]: debug1: kex: server->client aes128-ctr hmac-md5 none
Feb 18 11:35:36 B sshd[12595]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
Feb 18 11:35:36 B sshd[12595]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Feb 18 11:35:36 B sshd[12595]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Feb 18 11:35:36 B sshd[12595]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Feb 18 11:35:36 ussdpos sshd[12595]: debug1: SSH2_MSG_NEWKEYS sent
Feb 18 11:35:36 B sshd[12595]: debug1: expecting SSH2_MSG_NEWKEYS
Feb 18 11:35:36 B sshd[12595]: debug1: SSH2_MSG_NEWKEYS received
Feb 18 11:35:36 B sshd[12595]: debug1: KEX done
Feb 18 11:35:36 B sshd[12595]: debug1: userauth-request for user ussdsc service ssh-connection method none
Feb 18 11:35:36 B sshd[12595]: debug1: attempt 0 failures 0
Feb 18 11:35:36 B sshd[12593]: debug1: PAM: initializing for "ussdsc"
Feb 18 11:35:36 B sshd[12593]: debug1: PAM: setting PAM_RHOST to "serpens.connex.ro"
Feb 18 11:35:36 B sshd[12593]: debug1: PAM: setting PAM_TTY to "ssh"
Feb 18 11:35:36 B sshd[12595]: debug1: userauth_send_banner: sent
Feb 18 11:35:36 B sshd[12595]: debug1: userauth-request for user ussdsc service ssh-connection method publickey
Feb 18 11:35:36 B sshd[12595]: debug1: attempt 1 failures 0
Feb 18 11:35:36 B sshd[12595]: debug1: test whether pkalg/pkblob are acceptable
Feb 18 11:35:36 B sshd[12593]: debug1: temporarily_use_uid: 501/501 (e=0/0)
Feb 18 11:35:36 B sshd[12593]: debug1: trying public key file /home/ussdsc/.ssh/authorized_keys
Feb 18 11:35:36 B sshd[12593]: debug1: restore_uid: 0/0
Feb 18 11:35:36 B sshd[12593]: debug1: temporarily_use_uid: 501/501 (e=0/0)
Feb 18 11:35:36 B sshd[12593]: debug1: trying public key file /home/ussdsc/.ssh/authorized_keys
Feb 18 11:35:36 B sshd[12593]: debug1: restore_uid: 0/0
Feb 18 11:35:36 B sshd[12593]: Failed publickey for ussdsc from 10.230.169.55 port 55604 ssh2
Feb 18 11:35:36 B sshd[12595]: debug1: userauth-request for user ussdsc service ssh-connection method publickey
Feb 18 11:35:36 B sshd[12595]: debug1: attempt 2 failures 1
Feb 18 11:35:36 B sshd[12595]: debug1: test whether pkalg/pkblob are acceptable
Feb 18 11:35:36 B sshd[12593]: debug1: temporarily_use_uid: 501/501 (e=0/0)
Feb 18 11:35:36 B sshd[12593]: debug1: trying public key file /home/ussdsc/.ssh/authorized_keys
Feb 18 11:35:36 B sshd[12593]: debug1: restore_uid: 0/0
Feb 18 11:35:36 B sshd[12593]: debug1: temporarily_use_uid: 501/501 (e=0/0)
Feb 18 11:35:36 B sshd[12593]: debug1: trying public key file /home/ussdsc/.ssh/authorized_keys
Feb 18 11:35:36 B sshd[12593]: debug1: restore_uid: 0/0
Feb 18 11:35:36 B sshd[12593]: Failed publickey for ussdsc from <ip> port 55604 ssh2
Feb 18 11:35:41 B sshd[12595]: debug1: userauth-request for user ussdsc service ssh-connection method password
Feb 18 11:35:41 B sshd[12595]: debug1: attempt 3 failures 2
Feb 18 11:35:41 B sshd[12593]: Failed none for ussdsc from 10.230.169.55 port 55604 ssh2
Feb 18 11:35:41 B sshd[12595]: Connection closed by <ip>
Feb 18 11:35:41 B sshd[12595]: debug1: do_cleanup
Feb 18 11:35:41 B sshd[12593]: debug1: do_cleanup
Feb 18 11:35:41 B sshd[12593]: debug1: PAM: cleanup
For comparison purposes, I will show the corresponding logs (ssh -vvv & /var/log/secure) for anothe SUCCESSFUL login with ssh key FROM the same user/server: infa8@A towards the same server, but as a different user: opc_op@B
ssh -vvv
bash-4.3$ ssh -vvv opc_op@B
OpenSSH_5.5p1+sftpfilecontrol-v1.3-hpn13v7, OpenSSL 0.9.8k 25 Mar 2009
HP-UX Secure Shell-A.05.50.015, HP-UX Secure Shell version
debug1: Reading configuration data /infa8/home/.ssh/config
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug3: RNG is ready, skipping seeding
debug2: ssh_connect: needpriv 0
debug1: Connecting to ussdpos [<ip>] port 22.
debug1: Connection established.
debug1: identity file /infa8/home/.ssh/identity type -1
debug1: identity file /infa8/home/.ssh/identity-cert type -1
debug3: Not a RSA1 key file /infa8/home/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /infa8/home/.ssh/id_rsa type 1
debug1: identity file /infa8/home/.ssh/id_rsa-cert type -1
debug3: Not a RSA1 key file /infa8/home/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /infa8/home/.ssh/id_dsa type 2
debug1: identity file /infa8/home/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Remote is NON-HPN aware
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1+sftpfilecontrol-v1.3-hpn13v7
debug2: fd 3 setting O_NONBLOCK
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 130/256
debug2: bits set: 522/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: host ussdpos filename /infa8/home/.ssh/known_hosts
debug3: check_host_in_hostfile: host ussdpos filename /infa8/home/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 118
debug3: check_host_in_hostfile: host <ip> filename /infa8/home/.ssh/known_hosts
debug3: check_host_in_hostfile: host <ip> filename /infa8/home/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 117
debug1: Host 'ussdpos' is known and matches the RSA host key.
debug1: Found key in /infa8/home/.ssh/known_hosts:118
debug2: bits set: 518/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /infa8/home/.ssh/identity (0)
debug2: key: /infa8/home/.ssh/id_rsa (4003e6a0)
debug2: key: /infa8/home/.ssh/id_dsa (4003e6d0)
debug3: input_userauth_banner
<message>
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Miscellaneous failure
No credentials cache found
debug1: Miscellaneous failure
No credentials cache found
debug1:
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /infa8/home/.ssh/identity
debug3: no such identity: /infa8/home/.ssh/identity
debug1: Offering public key: /infa8/home/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp <fingerprint>
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
and /var/log/messages:
Feb 18 11:36:33 B sshd[12391]: debug1: Forked child 12753.
Feb 18 11:36:33 B sshd[12753]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Feb 18 11:36:34 B sshd[12753]: debug1: inetd sockets after dupping: 3, 3
Feb 18 11:36:34 B sshd[12753]: Connection from <ip> port 61384
Feb 18 11:36:34 B sshd[12753]: debug1: Client protocol version 2.0; client software version OpenSSH_5.5p1+sftpfilecontrol-v1.3-hpn13v7
Feb 18 11:36:34 B sshd[12753]: debug1: match: OpenSSH_5.5p1+sftpfilecontrol-v1.3-hpn13v7 pat OpenSSH*
Feb 18 11:36:34 B sshd[12753]: debug1: Enabling compatibility mode for protocol 2.0
Feb 18 11:36:34 B sshd[12753]: debug1: Local version string SSH-2.0-OpenSSH_5.3
Feb 18 11:36:34 B sshd[12758]: debug1: permanently_set_uid: 74/74
Feb 18 11:36:34 B sshd[12758]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
Feb 18 11:36:34 B sshd[12758]: debug1: SSH2_MSG_KEXINIT sent
Feb 18 11:36:34 B sshd[12758]: debug1: SSH2_MSG_KEXINIT received
Feb 18 11:36:34 B sshd[12758]: debug1: kex: client->server aes128-ctr hmac-md5 none
Feb 18 11:36:34 B sshd[12758]: debug1: kex: server->client aes128-ctr hmac-md5 none
Feb 18 11:36:34 B sshd[12758]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
Feb 18 11:36:34 B sshd[12758]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Feb 18 11:36:34 B sshd[12758]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Feb 18 11:36:34 B sshd[12758]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Feb 18 11:36:34 B sshd[12758]: debug1: SSH2_MSG_NEWKEYS sent
Feb 18 11:36:34 B sshd[12758]: debug1: expecting SSH2_MSG_NEWKEYS
Feb 18 11:36:34 B sshd[12758]: debug1: SSH2_MSG_NEWKEYS received
Feb 18 11:36:34 B sshd[12758]: debug1: KEX done
Feb 18 11:36:34 B sshd[12758]: debug1: userauth-request for user opc_op service ssh-connection method none
Feb 18 11:36:34 B sshd[12758]: debug1: attempt 0 failures 0
Feb 18 11:36:34 B sshd[12753]: debug1: PAM: initializing for "opc_op"
Feb 18 11:36:34 B sshd[12753]: debug1: PAM: setting PAM_RHOST to "serpens.connex.ro"
Feb 18 11:36:34 B sshd[12753]: debug1: PAM: setting PAM_TTY to "ssh"
Feb 18 11:36:34 B sshd[12758]: debug1: userauth_send_banner: sent
Feb 18 11:36:34 B sshd[12758]: debug1: userauth-request for user opc_op service ssh-connection method publickey
Feb 18 11:36:34 B sshd[12758]: debug1: attempt 1 failures 0
Feb 18 11:36:34 B sshd[12758]: debug1: test whether pkalg/pkblob are acceptable
Feb 18 11:36:34 B sshd[12753]: debug1: temporarily_use_uid: 777/177 (e=0/0)
Feb 18 11:36:34 B sshd[12753]: debug1: trying public key file /home/opc_op/.ssh/authorized_keys
Feb 18 11:36:34 B sshd[12753]: debug1: fd 7 clearing O_NONBLOCK
Feb 18 11:36:34 B sshd[12753]: debug1: matching key found: file /home/opc_op/.ssh/authorized_keys, line 1
Feb 18 11:36:34 B sshd[12753]: Found matching RSA key: <key>
Feb 18 11:36:34 B sshd[12753]: debug1: restore_uid: 0/0
Feb 18 11:36:34 B sshd[12758]: Postponed publickey for opc_op from 10.230.169.55 port 61384 ssh2
Feb 18 11:36:34 B sshd[12758]: debug1: userauth-request for user opc_op service ssh-connection method publickey
Feb 18 11:36:34 B sshd[12758]: debug1: attempt 2 failures 0
Feb 18 11:36:34 B sshd[12753]: debug1: temporarily_use_uid: 777/177 (e=0/0)
Feb 18 11:36:34 B sshd[12753]: debug1: trying public key file /home/opc_op/.ssh/authorized_keys
Feb 18 11:36:34 B sshd[12753]: debug1: fd 7 clearing O_NONBLOCK
Feb 18 11:36:34 B sshd[12753]: debug1: matching key found: file /home/opc_op/.ssh/authorized_keys, line 1
Feb 18 11:36:34 B sshd[12753]: Found matching RSA key: <key>
Feb 18 11:36:34 B sshd[12753]: debug1: restore_uid: 0/0
Feb 18 11:36:34 B sshd[12753]: debug1: ssh_rsa_verify: signature correct
Feb 18 11:36:34 B sshd[12753]: debug1: do_pam_account: called
Feb 18 11:36:34 B sshd[12753]: Accepted publickey for opc_op from 10.230.169.55 port 61384 ssh2
Feb 18 11:36:34 B sshd[12753]: debug1: monitor_child_preauth: opc_op has been authenticated by privileged process
Feb 18 11:36:34 B sshd[12753]: debug1: temporarily_use_uid: 777/177 (e=0/0)
Feb 18 11:36:34 B sshd[12753]: debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
Feb 18 11:36:34 B sshd[12753]: debug1: restore_uid: 0/0
Feb 18 11:36:34 B sshd[12753]: debug1: SELinux support enabled
Feb 18 11:36:34 B sshd[12753]: debug1: PAM: establishing credentials
Feb 18 11:36:34 B sshd[12753]: pam_unix(sshd:session): session opened for user opc_op by (uid=0)
Feb 18 11:36:34 B sshd[12753]: User child is on pid 12784
Feb 18 11:36:34 B sshd[12784]: debug1: PAM: establishing credentials
Feb 18 11:36:34 B sshd[12784]: debug1: permanently_set_uid: 777/177
Feb 18 11:36:34 B sshd[12784]: debug1: Entering interactive session for SSH2.
Feb 18 11:36:34 B sshd[12784]: debug1: server_init_dispatch_20
Feb 18 11:36:34 B sshd[12784]: debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384
Feb 18 11:36:34 B sshd[12784]: debug1: input_session_request
Feb 18 11:36:34 B sshd[12784]: debug1: channel 0: new [server-session]
Feb 18 11:36:34 B sshd[12784]: debug1: session_new: session 0
Feb 18 11:36:34 B sshd[12784]: debug1: session_open: channel 0
Feb 18 11:36:34 B sshd[12784]: debug1: session_open: session 0: link with channel 0
Feb 18 11:36:34 B sshd[12784]: debug1: server_input_channel_open: confirm session
Feb 18 11:36:34 B sshd[12784]: debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
Feb 18 11:36:34 B sshd[12784]: debug1: server_input_channel_req: channel 0 request pty-req reply 1
Feb 18 11:36:34 B sshd[12784]: debug1: session_by_channel: session 0 channel 0
Feb 18 11:36:34 B sshd[12784]: debug1: session_input_channel_req: session 0 req pty-req
Feb 18 11:36:34 B sshd[12784]: debug1: Allocating pty.
Feb 18 11:36:34 B sshd[12753]: debug1: session_new: session 0
Feb 18 11:36:34 B sshd[12784]: debug1: session_pty_req: session 0 alloc /dev/pts/2
Feb 18 11:36:34 B sshd[12784]: debug1: Ignoring unsupported tty mode opcode 11 (0xb)
Feb 18 11:36:34 B sshd[12784]: debug1: Ignoring unsupported tty mode opcode 16 (0x10)
Feb 18 11:36:34 B sshd[12784]: debug1: server_input_channel_req: channel 0 request shell reply 1
Feb 18 11:36:34 B sshd[12784]: debug1: session_by_channel: session 0 channel 0
Feb 18 11:36:34 B sshd[12784]: debug1: session_input_channel_req: session 0 req shell
Feb 18 11:36:34 B sshd[12785]: debug1: Setting controlling tty using TIOCSCTTY.
home, .ssh and authorized_keys have identical permissions for both users. authorized_keys have the same content:
[ussdsc@ussdpos:~/.ssh]$ ls -ltr /home/opc_op/.ssh/authorized_keys
-rw-r--r--. 1 opc_op opc_grup395 Feb 18 10:20 /home/opc_op/.ssh/authorized_keys
[ussdsc@B:~/.ssh]$
[ussdsc@B:~/.ssh]$ ls -ltr /home/ussdsc/.ssh/authorized_keys
-rw-r--r--. 1 ussdsc grup 395 Feb 18 11:43 /home/ussdsc/.ssh/authorized_keys
[ussdsc@B:~/.ssh]$
[ussdsc@B:~/.ssh]$ diff /home/opc_op/.ssh/authorized_keys /home/ussdsc/.ssh/authorized_keys
any idea why I cannot connect with ssh key as ussdsc@B ?
It seems that the key simply doesn;t match with ussdc's authorized_keys but the same key matches to opc_op's authorized_keys (which has the same content/permissions etc..)