SSH public key failing without error message

Catullus · March 29, 2012, 4:51am

My password-free ssh connection has worked in the past but has stopped working and I can't get it going again.

The files in .ssh on both source and target are set to 600:

drwx------   2 ingres      1024 Mar  2 13:57 .
drwxr-xr-x  25 ingres      2048 Mar 29 09:38 ..
-rw-------   1 ingres       454 Mar 29 08:38 authorized_keys
-rw-------   1 ingres       887 Mar  2 13:15 id_rsa
-rw-------   1 ingres       227 Mar  2 13:15 id_rsa.pub
-rw-------   1 ingres      5033 Mar 13 09:43 known_hosts

The home directory on both servers is set to 755. I created the key using ssh-keygen -t rsa.

When running with -v-v-v I get this (output truncated to publickey statements):

debug1: Next authentication method: publickey
debug1: Trying private key: /bs01/ingres/.ssh/identity
debug3: no such identity: /bs01/ingres/.ssh/identity
debug1: Trying public key: /bs01/ingres/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 149 lastkey 6ef18 hint 1
debug2: input_userauth_pk_ok: fp da:3f:10:82:dd:91:fa:c4:a8:6c:8d:87:77:73:62:e9
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Trying private key: /bs01/ingres/.ssh/id_dsa

The debug information doesn't help me much, because it doesn't seem to show any errors for the public key. I'm also puzzled when it lists publickey under Authentications that can continue, even though it's already tried it.

Can anyone give me some pointers?

Thanks

binlib · March 29, 2012, 9:09am

Did it ask for password or just failed? Maybe your remote .profile has something wrong.

Catullus · March 29, 2012, 9:20am

It went on to:
debug1: Next authentication method: keyboard-interactive
and then it did ask for a password.

binlib · March 29, 2012, 9:45am

Ask SA check the log on the server /var/log/auth.log. Or run your own sshd with "-d" option, your own config file, key file, port. Then you will be able to see why the server reject your key.
http://www.unix.com/shell-programming-scripting/154932-sftp-asking-password-3.html\#post302499819

grep_me · March 29, 2012, 12:14pm

Who owns the key file? I mean, are you "ingres"?
I have noticed that the user who owns the key file, gets this kind of issue.
Try creating the file with group id or something similar and then try running the ssh command.

Peasant · March 29, 2012, 12:35pm

Please try setting non recursive chmod (644) for $HOME i $HOME/.ssh
OpenSSH FAQ 3.14

chmod 644 $HOME $HOME/.ssh

See if that helps.

Regards
Peasant.

Catullus · April 4, 2012, 8:40am

If you mean set it to 755, then it is already that on both servers for $HOME; I have set $HOME/.ssh to 700.

Does anyone know what these debug messages indicate - to me, it looks like the key is being accepted, but I am relatively new to SSH:

debug1: Server accepts key: pkalg ssh-rsa blen 149 lastkey 6ef18 hint 1
debug2: input_userauth_pk_ok: fp da:3f:10:82:dd:91:fa:c4:a8:6c:8d:87:77:73:62:e9
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type RSA

Peasant · April 4, 2012, 9:15am

I mean set it 644.

Regards.

CarloM · April 4, 2012, 9:17am

The FAQ you linked says 600 though?

Peasant · April 4, 2012, 12:49pm

It says 600 on authorized keys file (which i havent mentioned hoping the OP would look it up ) 644 on $HOME and $HOME/.ssh directories.