verbosity increases with the number of v's you use (i.e. -vvv)
also i believe the required modes for id_dsa and .pub is 600
you show 700
give those a shot.
Best Regards,
Jeremy Eder
UNIX Administrator
INVISION.COM
631.543.1000 x334
________________________________
From: Frans Englich [mailto:frans.englich@telia.com]
Sent: Fri 10/28/2005 11:07
To: secureshell@securityfocus.com; Rogan Dawes
Cc: Vladimir Levijev
Subject: Re: ssh: problem with publickey authentication
On Wednesday 26 October 2005 06:11, Rogan Dawes wrote:
Frans Englich wrote:
Hello,
Rogan, Vladimir,
Thanks for your suggestions. However, it have still not quite worked out.
I have trouble getting ssh with publickey authentication to work. The
server I am attenmpting to log in to is not setup by me, but everything
indicates that 1) my user account exists on the machine(due to
public_html page can be visited); and 2) that the public key I sent was
properly installed. The server works fine for other users, and although
it is possible the sysadmin made a mistake in setting up my account, I
think the error is on my side. Perhaps someone can give a hint on where
the problem is.
Below series of bash commands are perhaps illuminating. I can't tell more
than that authentication seems to fail.
bash-2.05b$ pwd
/home/frans
bash-2.05b$ ls .ssh/ -alFh
total 21K
drwxr-xr-x 2 frans users 160 Oct 23 20:26 ./
drwxrwxrwx 72 frans users 3.6K Oct 23 20:25 ../
^^^^^^
[snip]
Looks to me like the problem may be with the permissions on your home
directory
Group and other should not have write access to your home directory, and
your .ssh directory can be mode 700 (drwx------)
Ups, I changed that. Now it looks like this:
bash-2.05b$ pwd
/home/frans
bash-2.05b$ ls -alFh .ssh/
total 21K
drwx------ 2 frans users 160 Oct 23 20:26 ./
drwx------ 72 frans users 3.8K Oct 28 14:53 ../
-rwx------ 1 frans users 736 Oct 23 18:53 id_dsa*
-rwx------ 1 frans users 604 Oct 23 18:53 id_dsa.pub*
-rwx------ 1 frans users 239 Oct 23 18:54 known_hosts*
-rwx------ 1 frans users 520 Oct 23 18:53 log.txt*
bash-2.05b$
Issuing "ssh englich@<snip domain name> -l englich -v" gives:
bash-2.05b$ ssh englich@<snip domain name> -l englich -v
OpenSSH_4.2p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Connecting to <snip domain name> [<snip ip>] port 22.
debug1: Connection established.
debug1: identity file /home/frans/.ssh/identity type -1
debug1: identity file /home/frans/.ssh/id_rsa type -1
debug1: identity file /home/frans/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.1
debug1: match: OpenSSH_4.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '<snip domain name>' is known and matches the RSA host key.
debug1: Found key in /home/frans/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/frans/.ssh/identity
debug1: Trying private key: /home/frans/.ssh/id_rsa
debug1: Offering public key: /home/frans/.ssh/id_dsa
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
bash-2.05b$
So, from what I can tell, the same error. Did I get file permissions wrong
again, or any idea of what I'm doing wrong?
Cheers,
Frans
PS. It's a pity ssh doesn't give more detailed error messages.
