Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
August 26, 2015, 4:44 am
rate this thread
e only PubkeyAuthentication. The server was built with `--without-ssh1`. Th
e configuration is partially successful. I can log-in, but other users cann
ot. I have it narrowed down to an interaction between authorized_keys and i
d_<type>.[.pub]. Now I am trying to understand what the requirements are.
Here's the short problem description (the longer one is below): If the user
's public key is in authorized_keys only, then log-in fails. If the public
key is in authorized_keys and on the file system at id_<type>.pub, the log-
Why are user failing to log-in when their public keys are only provided in
authorized_keys? What are the requirements that I am missing?
Everyone has their public keys in their respective `.ssh/authorized_keys` f
ile. There are two differences between me and the other users. First, my `.
ssh` directory includes both `id_<type>` and `id_<type>.pub`. Second, my au
thorized_keys file includes all four key types, while others authorized_key
s only has the one public key they sent me.
If I delete my `id_<type>` and `id_<type>.pub`, and leave only the `.ssh/au
thorized_keys`, then I experience log-in failures, too. Here's what it look
$ ssh -p 1522 jwalton@PowerMac
Permission denied (publickey,keyboard-interactive).
I'm fairly certain I have observed the requirements of AUTHORIZED_KEYS FILE
FORMAT from sshd(8).
My sshd_config validates with -T, and includes the lines:
I've been through sshd(8) and sshd_config(5), but I don't see requirements
more than authorized_keys is needed.
Specifies whether public key authentication is allowed. The
default is ``yes''. Note that this option applies to protocol
version 2 only.
Specifies the file that contains the public keys that can be used
for user authentication. The format is described in the
AUTHORIZED_KEYS FILE FORMAT section of sshd(8).
AuthorizedKeysFile may contain tokens of the form %T which are
substituted during connection setup. The following tokens are
defined: %% is replaced by a literal '%', %h is replaced by the
home directory of the user being authenticated, and %u is
replaced by the username of that user. After expansion,
AuthorizedKeysFile is taken to be an absolute path or one rela-
tive to the user's home directory. Multiple files may be listed,
separated by whitespace. The default is ``.ssh/authorized_keys
Re: Log-in Failures and requirements for PubkeyAuthentication
What type of keys are they? openssh 7.1 disables DSS keys by default, so
if the users' keys are of type ssh-dss then unless you enable these in
sshd_config (by adding the line "PubkeyAcceptedKeyTypes +ssh-dss") the
users will not be able to connect.
- » sshd: fatal: Unable to negotiate a key exchange method [preauth]
- — Next thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum