The server seems not to accept the public key it receives in the first
scenario.
You can find out why if you start the sshd with debug level logging
(similar to the -vvv for the client).
One reason could be that the permissions on the home directory of jon2
are wrong; sshd checks if they are safe and if not refuses to read
.ssh/* in that home dir.
Or did you copy authorized_keys from one account to the other and forget
to chown it? I have done so quite a few times. :-(
Dirk
Am 20.03.10 01:50, schrieb Jon Price:
Hi,
Public key authentication seems to work for one account but does NOT
work (prompts for password) for another account.
Why might this be?
I have a problem with public key authentication. This all happens on
the same server ("server1") which runs Solaris 10 and OpenSSH 5.3p1.
There are two scenarios. Neither scenario should prompt for password
because I added "jon" account's public key into the
.ssh/authorized_keys file's for both the ndio account and the jon2
account. However, Scenario 1 prompts for password (problem) and
Scenario 2 does NOT prompt for password (good).
Scenario 1 -- prompts for password (problem)
Start as user "jon". Run ssh -v -v -v -Y ndio@server1
this prompts for password
Scenario 2 -- does NOT prompt for password (good)
Start as user "jon". Run ssh -v -v -v -Y jon2@server1
Goes right to command prompt for user jon2
Below is debug output for both cases.
It is clear that public key authentication worked for scenario 2 and
that it did NOT work for scenario 1
But what could be the cause of the problem for scenario 1?
------------------------------------------------------------
Scenario1 - Problem (prompts for password)
<snip>
These messages are identical to the "success" case below..
debug1: Next authentication method: publickey
debug1: Trying private key: /export/home/jon/.ssh/identity
debug3: no such identity: /export/home/jon/.ssh/identity
debug1: Offering public key: /export/home/jon/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 368 bytes for a total of 1477
This is where messages become different than the success case below...
Note that NO messages are left out here. debug3: Wrote 368 ..... msg
is followed by the debug1: Authentications that can continue .... msg.
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Trying private key: /export/home/jon/.ssh/id_dsa
debug3: no such identity: /export/home/jon/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
----------------------------------------------------------
Scenario 2 - Good (No prompt for password)
These messages are identical to the failure case above..
<snip>
debug1: Next authentication method: publickey
debug1: Trying private key: /export/home/jon/.ssh/identity
debug3: no such identity: /export/home/jon/.ssh/identity
debug1: Offering public key: /export/home/jon/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 368 bytes for a total of 1477
This is where messages become different than the failure case above.
Note that NO messages are left out here. debug3: Wrote 368 ..... msg
is followed by the debug1: Server accepts key: ... msg.
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: fp a2:ee:ea:88:cd:8e:c3:c9:c5:63:dd:30:ea:55:93:db
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type RSA
debug3: Wrote 640 bytes for a total of 2117
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@xxxxxxxxxxx
debug1: Entering interactive session.
<snip>
-----------------------------------------------------------------------------------------
End