-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This does not answer your stated question, but it is good info for you to have. Once you get the key working, alter your sshd_config file so that root logins must have a key, rather than a password. WAY more secure. PermitRootLogin without-password Unca Xitron sean darcy wrote: > I can ssh for my laptop to the server as a user, but using root from > same laptop to same server fails. root can login with password. In > both cases run ssh-keygen on laptop, copy id_rsa.pub to server, cat > id_rsa.pub >> authorized_keys, restart sshd on server. On client .ssh > is 700, .ssh/id_rsa is 700. On server .ssh is 700, authorized_keys is > 644 ( same as user ). > > What am I missing?? > > sean > > On client: > > [root@daddy ~]# ssh -vv intel64-office > OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug2: ssh_connect: needpriv 0 > debug1: Connecting to intel64-office [10.10.11.1] port 22. > debug1: Connection established. > debug1: permanently_set_uid: 0/0 > debug1: identity file /root/.ssh/identity type -1 > debug2: key_type_from_name: unknown key type '-----BEGIN' > debug2: key_type_from_name: unknown key type '-----END' > debug1: identity file /root/.ssh/id_rsa type 1 > debug2: key_type_from_name: unknown key type '-----BEGIN' > debug2: key_type_from_name: unknown key type '-----END' > debug1: identity file /root/.ssh/id_dsa type 2 > debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2 > debug1: match: OpenSSH_5.2 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.2 > debug2: fd 3 setting O_NONBLOCK > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx > debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_setup: found hmac-md5 > debug1: kex: server->client aes128-ctr hmac-md5 none > debug2: mac_setup: found hmac-md5 > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug2: dh_gen_key: priv key bits set: 128/256 > debug2: bits set: 506/1024 > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Host 'intel64-office' is known and matches the RSA host key. > debug1: Found key in /root/.ssh/known_hosts:6 > debug2: bits set: 532/1024 > debug1: ssh_rsa_verify: signature correct > debug2: kex_derive_keys > debug2: set_newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug2: set_newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug2: key: /root/.ssh/id_rsa (0xd24640) > debug2: key: /root/.ssh/id_dsa (0xd24658) > debug2: key: /root/.ssh/identity ((nil)) > debug1: Authentications that can continue: publickey,gssapi-with-mic,password > debug1: Next authentication method: gssapi-with-mic > debug1: Unspecified GSS failure. Minor code may provide more information > No credentials cache found > > debug1: Unspecified GSS failure. Minor code may provide more information > No credentials cache found > > debug1: Unspecified GSS failure. Minor code may provide more information > > > debug2: we did not send a packet, disable method > debug1: Next authentication method: publickey > debug1: Offering public key: /root/.ssh/id_rsa > debug2: we sent a publickey packet, wait for reply > debug1: Authentications that can continue: publickey,gssapi-with-mic,password > debug1: Offering public key: /root/.ssh/id_dsa > debug2: we sent a publickey packet, wait for reply > debug1: Authentications that can continue: publickey,gssapi-with-mic,password > debug1: Trying private key: /root/.ssh/identity > debug2: we did not send a packet, disable method > debug1: Next authentication method: password > > On server: > > Apr 18 10:04:41 intel64-office sshd[2612]: debug1: Forked child 30747. > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: rexec start in 5 > out 5 newsock 5 pipe 7 sock 8 > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: inetd sockets > after dupping: 3, 3 > Apr 18 10:04:41 intel64-office sshd[30747]: Connection from > 10.10.11.69 port 33776 > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: Client protocol > version 2.0; client software version OpenSSH_5.2 > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: match: OpenSSH_5.2 > pat OpenSSH* > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: Enabling > compatibility mode for protocol 2.0 > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: Local version > string SSH-2.0-OpenSSH_5.2 > Apr 18 10:04:41 intel64-office sshd[30749]: debug1: permanently_set_uid: 74/74 > Apr 18 10:04:41 intel64-office sshd[30749]: debug1: > list_hostkey_types: ssh-rsa,ssh-dss > Apr 18 10:04:41 intel64-office sshd[30749]: debug1: SSH2_MSG_KEXINIT sent > Apr 18 10:04:41 intel64-office sshd[30749]: debug1: SSH2_MSG_KEXINIT received > Apr 18 10:04:41 intel64-office sshd[30749]: debug1: kex: > client->server aes128-ctr hmac-md5 none > Apr 18 10:04:41 intel64-office sshd[30749]: debug1: kex: > server->client aes128-ctr hmac-md5 none > Apr 18 10:04:41 intel64-office sshd[30749]: debug1: > SSH2_MSG_KEX_DH_GEX_REQUEST received > Apr 18 10:04:41 intel64-office sshd[30749]: debug1: > SSH2_MSG_KEX_DH_GEX_GROUP sent > Apr 18 10:04:41 intel64-office sshd[30749]: debug1: expecting > SSH2_MSG_KEX_DH_GEX_INIT > Apr 18 10:04:41 intel64-office sshd[30749]: debug1: > SSH2_MSG_KEX_DH_GEX_REPLY sent > Apr 18 10:04:41 intel64-office sshd[30749]: debug1: SSH2_MSG_NEWKEYS sent > Apr 18 10:04:41 intel64-office sshd[30749]: debug1: expecting SSH2_MSG_NEWKEYS > Apr 18 10:04:41 intel64-office sshd[30749]: debug1: SSH2_MSG_NEWKEYS received > Apr 18 10:04:41 intel64-office sshd[30749]: debug1: KEX done > Apr 18 10:04:41 intel64-office sshd[30749]: debug1: userauth-request > for user root service ssh-connection method none > Apr 18 10:04:41 intel64-office sshd[30749]: debug1: attempt 0 failures 0 > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: PAM: initializing for "root" > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: PAM: setting > PAM_RHOST to "daddy-hp" > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: PAM: setting > PAM_TTY to "ssh" > Apr 18 10:04:41 intel64-office sshd[30749]: debug1: userauth-request > for user root service ssh-connection method publickey > Apr 18 10:04:41 intel64-office sshd[30749]: debug1: attempt 1 failures 0 > Apr 18 10:04:41 intel64-office sshd[30749]: debug1: test whether > pkalg/pkblob are acceptable > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: > temporarily_use_uid: 0/0 (e=0/0) > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: trying public key > file /root/.ssh/authorized_keys > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: restore_uid: 0/0 > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: > temporarily_use_uid: 0/0 (e=0/0) > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: trying public key > file /root/.ssh/authorized_keys2 > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: restore_uid: 0/0 > Apr 18 10:04:41 intel64-office sshd[30747]: Failed publickey for root > from 10.10.11.69 port 33776 ssh2 > Apr 18 10:04:41 intel64-office sshd[30749]: debug1: userauth-request > for user root service ssh-connection method publickey > Apr 18 10:04:41 intel64-office sshd[30749]: debug1: attempt 2 failures 1 > Apr 18 10:04:41 intel64-office sshd[30749]: debug1: test whether > pkalg/pkblob are acceptable > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: > temporarily_use_uid: 0/0 (e=0/0) > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: trying public key > file /root/.ssh/authorized_keys > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: restore_uid: 0/0 > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: > temporarily_use_uid: 0/0 (e=0/0) > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: trying public key > file /root/.ssh/authorized_keys2 > Apr 18 10:04:41 intel64-office sshd[30747]: debug1: restore_uid: 0/0 > Apr 18 10:04:41 intel64-office sshd[30747]: Failed publickey for root > from 10.10.11.69 port 33776 ssh2 > Apr 18 10:04:45 intel64-office sshd[30749]: debug1: userauth-request > for user root service ssh-connection method password > Apr 18 10:04:45 intel64-office sshd[30749]: debug1: attempt 3 failures 2 > Apr 18 10:04:45 intel64-office sshd[30747]: debug1: PAM: password > authentication accepted for root > Apr 18 10:04:45 intel64-office sshd[30747]: debug1: do_pam_account: called > Apr 18 10:04:45 intel64-office sshd[30747]: Accepted password for root > from 10.10.11.69 port 33776 ssh2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJJ7Jo7AAoJEI4JEV90z/PrYyAP/0QGz7Vyjm7Hf3UWl3ZEp7CM NpBZXS/kQDVWFxtK4PtQa7he1+yMEwOAXctP2pltBcGi+xVqIgqwJIjOCpCi4Y24 t81IfrfqkvI5WjXPb/FNfXV792Bel9qlOCSrXD2iN8OmYqVh484thzfUGm2KCLb6 yysvKbYnj++8GoUfmlaOQHlGCRyqfEOzP1q9rrreBF14lwAU6PA5R3z34LU8bNL0 N60fLQLtbIZ3Z6eCSA/LJqrNrdRlLVuLpu29Pk/pqGt9qBPbTFlQ+6xpTsbwjj7u Hl9r28VKoVXaf/3Xa7w8zjErxQG8QXb9TQ1HHNVlf+x6GYfSkUjdoN0J9NAG70O4 LmZd4winf1A3Rr+ulzigZxZuPN+vvtt6lUcF5ab5P5mh1Cl++HLRzkMF5/CEccgm 0gtdPAVO+zQEztRvbxF0Si6IKTbupuYUDxvMdzTySFfRe3lRAASB12cqV3eOO3Xf MDe5MRhGQ/Rk93huQf+dNyJ1RT1Jpg51M7ZYNnnCzCs/IqTyFaU6vWKJBz8MDOPX dQkm7RCp+zjFmzNkMU2jOLzPVgs5N2BPRAW/LXP63ob81nq7+nYhlstWdsC8CBQp tJlfDZjJkD6viRhbob5+d4+F0P1YZr+7WU7tTCDfVVsQmG2Glrwj7YVb1HC4Nk8F 39OBATE6IjI+0uro60kj =t6tG -----END PGP SIGNATURE-----
