rsa authentication working in RH 7.2 but not RH 9.0

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I could ssh to my Linux box running RH 7.2 with rsa keys and no
password authentication. Before installing RH 9 on a new hard disk, I
backed up a copy of the keys, the sshd_config file, and the
authorized_keys. After the upgrade, I unzipped everything back to the
~/.ssh subdirectory and copied sshd_config to /etc/ssh. But now i
cannot log in with the keys. i can still log in with password
authentication. I also tried regenerating new keys, but this is not
working either. It seems like the authorized_keys file is not being

 I would really appreciate some advice and thanks in advance.
Below is the output from an ssh session, the ~/.ssh directory, and the
sshd_config file. Thanks.

mith% ssh -v -i wingmm_rsa ngse@

OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 23: Deprecated option "FallBackToRsh"
debug1: /etc/ssh_config line 24: Deprecated option "UseRsh"
debug1: Rhosts Authentication disabled, originating port will not be
debug1: ssh_connect: needpriv 0
debug1: Connecting to [] port 22.
debug1: Connection established.
debug1: identity file wingmm_rsa type 1
debug1: Remote protocol version 2.0, remote software version
debug1: match: OpenSSH_3.5p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT receiveddebug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 131/256
debug1: bits set: 1585/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '' is known and matches the RSA host key.
debug1: Found key in
debug1: bits set: 1588/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: service_accept: ssh-userauth
debug1: authentications that can continue:
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue:
debug1: no more auth methods to try
Permission denied (publickey,keyboard-interactive).
debug1: Calling cleanup 0x4bc74(0x0)

***** ~/.ssh ****

-rw-r--r--    1 ngse     ngse          218 Jul 17 17:37
authorized_keysrw-------    1 ngse     ngse          951 Jul 17 17:03

**** my sshd_config
#       $OpenBSD: sshd_config,v 1.48 2002/02/19 02:50:59 deraadt Exp $

# This is the sshd server system-wide configuration file.  See sshd(8)
# for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
#Protocol 2,1Port 22
#Protocol 2,1
Protocol 2
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFOyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 600
#PermitRootLogin yes
#StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      /home/nges/.ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in
#RhostsRSAAuthentication no
# similar for protocol version 2 similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
# KerberosAuthentication automatically enabled if keyfile exists
#KerberosAuthentication yes
#KerberosOrLocalPasswd yesAFSTokenPassing automatically enabled if
k_hasafs() is true
#AFSTokenPassing yes

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of
#PAMAuthenticationViaKbdInt yes

#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yesMaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no

# override default of no subsystems
Subsystem       sftp    /usr/libexec/openssh/sftp-server

#KeepAlive yes
#UseLogin no

#MaxStartups 10
# no default banner path

#KerberosTicketCleanup yes

# AFSTokenPassing automatically enabled if k_hasafs() is true
#AFSTokenPassing yes

#HostbasedAuthentication no

debug1: kex: server->client aes128-cbc hmac-md5 none

Re: rsa authentication working in RH 7.2 but not RH 9.0

Examine the server syslog and debug output.

  Richard Silverman

Site Timeline