I have a problem with logging in using keys (on Debian).
Logging from machine CLIENT to SERVER works, but only, if we log in as
user root.
Example 1 - login from CLIENT - "checkuser" on SERVER has uid != 0 -
doesn't work.
checkuser has UID 1001, just like /home/checkuser/*
$ ssh -l checkuser -i id_rsa 192.168.11.83 -v
(...)
checkuser@192.168.111.183's password:
Server log:
Sep 6 11:56:12 thecus sshd[18730]: debug1: Client protocol version 2.0;
client software version OpenSSH_4.3
Sep 6 11:56:12 thecus sshd[18730]: debug1: match: OpenSSH_4.3 pat OpenSSH*
Sep 6 11:56:12 thecus sshd[18730]: debug1: Enabling compatibility mode
for protocol 2.0
Sep 6 11:56:12 thecus sshd[18730]: debug1: Local version string
SSH-2.0-OpenSSH_4.3p2 Debian-3
Sep 6 11:56:13 thecus sshd[18730]: Failed none for checkuser from
192.168.11.81 port 54204 ssh2
Sep 6 11:56:13 thecus sshd[18730]: debug1: temporarily_use_uid:
1001/1001 (e=0/0)
Sep 6 11:56:13 thecus sshd[18730]: debug1: trying public key file
/home/checkuser/.ssh/authorized_keys
Sep 6 11:56:13 thecus sshd[18730]: debug1: restore_uid: 0/0
Sep 6 11:56:13 thecus sshd[18730]: debug1: temporarily_use_uid:
1001/1001 (e=0/0)
Sep 6 11:56:13 thecus sshd[18730]: debug1: trying public key file
/home/checkuser/.ssh/authorized_keys2
Sep 6 11:56:13 thecus sshd[18730]: debug1: restore_uid: 0/0
Example 2 - login from CLIENT - "checkuser" on SERVER has uid == 0 - works.
checkuser has UID 0, just like /home/checkuser/*
$ ssh -l checkuser -i id_rsa 192.168.11.83 -v
(...)
root@thecus:~#
Server log:
Sep 6 11:54:34 thecus sshd[18688]: debug1: Local version string
SSH-2.0-OpenSSH_4.3p2 Debian-3
Sep 6 11:54:35 thecus sshd[18688]: Failed none for checkuser from
192.168.111.181 port 54164 ssh2
Sep 6 11:54:35 thecus sshd[18688]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Sep 6 11:54:35 thecus sshd[18688]: debug1: trying public key file
/home/checkuser/.ssh/authorized_keys
Sep 6 11:54:35 thecus sshd[18688]: debug1: matching key found: file
/home/checkuser/.ssh/authorized_keys, line 1
Sep 6 11:54:35 thecus sshd[18688]: Found matching RSA key:
70:a6:fc:89:e7:d8:f9:67:e6:86:27:6e:ee:63:61:5e
Sep 6 11:54:35 thecus sshd[18688]: debug1: restore_uid: 0/0
Sep 6 11:54:35 thecus sshd[18688]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Sep 6 11:54:35 thecus sshd[18688]: debug1: trying public key file
/home/checkuser/.ssh/authorized_keys
Sep 6 11:54:35 thecus sshd[18688]: debug1: matching key found: file
/home/checkuser/.ssh/authorized_keys, line 1
Sep 6 11:54:35 thecus sshd[18688]: Found matching RSA key:
70:a6:fc:89:e7:d8:f9:67:e6:86:27:6e:ee:63:61:5e
Sep 6 11:54:35 thecus sshd[18688]: debug1: restore_uid: 0/0
Sep 6 11:54:35 thecus sshd[18688]: debug1: ssh_rsa_verify: signature
correct
Sep 6 11:54:35 thecus sshd[18688]: Accepted publickey for checkuser
from 192.168.111.181 port 54164 ssh2
Sep 6 11:54:35 thecus sshd[18688]: debug1: monitor_child_preauth:
checkuser has been authenticated by privileged process
Sep 6 11:54:35 thecus sshd[18688]: debug1: Entering interactive session
for SSH2.
Unfortunately, I'm unable to debug the problem.
There are no entries in sshd_config which allow/disallow logging in of
certain users.
--
Tomasz Chmielewski
http://wpkg.org
