Let me explain a bit more. SSH connects to computer B and computer B asks for that users password before allowing connection. No passphrase was entered during keygen and the .pub key has been forwarded using ssh-copy-id to computer B. Ssh-copy-id (after sending to computer B) then suggests attempting connection with ssh [address] and all other users, connection is accepted with password (as it should.) I will re-examine file and user permissions as I believe that has to be the area I have missed something. But (as of this writing) I believe that all permissions are set correctly for all users. Will keep all posted. Now, a slightly different minor issue. I received some strange error messages regarding my initial message. Am I posting to the correct mailing list or should it be security-help (at) securityfocus.com list? On Tue, 2008-03-04 at 08:33 +0100, Ger Apeldoorn wrote: > Hi, > > - What kind of SSH server are you using? > - Perhaps the file permissions are too liberal on the users .ssh > directory or files. > Make sure /home/[user] is only writable by the user and make the > /home/[user]/.ssh directory read/write only for the owner. > > Check /var/log/auth.log for clues. > > Good luck! > > Ger Apeldoorn > > > Bob Wooden wrote: > > I have a working SSH environment that works, allowing other users (of > > the same computer) to SSH into a server through a functional VPN tunnel > > (VPN handled by a firewall.) > > > > I have exchanged public keys in the same manner in all cases. Two users > > can successfully logged in with their exchanged public key and no manual > > password typing is required. One user, despite the same exchange > > manner, continues to be asked for a password on SSH connection. > > > > Knowing that SSH connects with the other two users that function > > correctly, I am dumbfounded as to why this one user will not connect > > without asking for manual intervention. I can see that all information, > > for each user, is in the same location and indeed present. But, this > > one user will not connect without typing in it's password. > > > > What am I overlooking? > > >
