problem with sshd and authorized_keys

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!


I'm trying to use my sshd on my machine (let's call it M). I generated a
   dsa pair of keys on a client (C). I copied my C public key in
authorized_keys on M. And when I try to connect to M from C, it asks me
for my user password (not my paraphrase password). M is a known_hosts.

So, I tryed to connect from C to another server than M (not mine). With
the same things done, it worked fine.

I checked the version protocol and I try the verbose mode in my ssh client.

It's like if sshd refuses to read my authorized_keys file (rwxr__r__).
So I specified the exact file name in the sshd_config file, but nothing...

I also try to connect to M localy (ssh localhost) (with same account, so
I copied my into the authorized_keys in the same directory,
i.e. the account directory), same problem.



Verbose result from C connecting to M:

OpenSSH_3.4p1 Debian 1:3.4p1-0.0potato1, SSH protocols 1.5/2.0, OpenSSL
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
debug1: ssh_connect: needpriv 0
debug1: Connecting to M [M] port 22.
debug1: Connection established.
debug1: identity file /home/f-mayo01/.ssh/identity type 0
debug1: identity file /home/f-mayo01/.ssh/id_rsa type -1
debug1: identity file /home/f-mayo01/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version
OpenSSH_3.4p1 Debian 1:3.4p1-1
debug1: match: OpenSSH_3.4p1 Debian 1:3.4p1-1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-0.0potato1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 129/256
debug1: bits set: 1604/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'M' is known and matches the RSA host key.
debug1: Found key in /home/f-mayo01/.ssh/known_hosts:21
debug1: bits set: 1599/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: service_accept: ssh-userauth
debug1: authentications that can continue:
debug1: next auth method to try is publickey
debug1: try privkey: /home/f-mayo01/.ssh/id_rsa
debug1: try pubkey: /home/f-mayo01/.ssh/id_dsa
debug1: authentications that can continue:
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue:
debug1: next auth method to try is password

my sshd_config file:

# Package generated configuration file
# See the sshd(8) manpage for defails

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# ...but breaks Pam auth via kbdint, so we have to turn it off
# Use PAM authentication via keyboard-interactive so PAM modules can
# properly interface with the user (off due to PrivSep)
PAMAuthenticationViaKbdInt no
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 600
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys

# rhosts authentication should not be used
RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Uncomment to disable s/key passwords
#ChallengeResponseAuthentication no

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

X11Forwarding no
X11DisplayOffset 10
PrintMotd no
#PrintLastLog no
KeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/
#ReverseMappingCheck yes

Subsystem       sftp    /usr/lib/sftp-server

Site Timeline