What are the permissions on your home directory for the user that is failing.
Also what are the permissions for ~/.ssh/ of the user that is failing?
If either of these are set to +r or +w, ssh will skip public key and
go to password authentication.
Z
On Fri, Mar 19, 2010 at 5:50 PM, Jon Price <jonelwoodprice@xxxxxxxxx> wrote:
> Hi,
>
> Public key authentication seems to work for one account but does NOT
> work (prompts for password) for another account.
> Why might this be?
>
> I have a problem with public key authentication. This all happens on
> the same server ("server1") which runs Solaris 10 and OpenSSH 5.3p1.
> There are two scenarios. Neither scenario should prompt for password
> because I added "jon" account's public key into the
> .ssh/authorized_keys file's for both the ndio account and the jon2
> account. However, Scenario 1 prompts for password (problem) and
> Scenario 2 does NOT prompt for password (good).
>
> Scenario 1 -- prompts for password (problem)
> Start as user "jon". Run ssh -v -v -v -Y ndio@server1
> this prompts for password
>
> Scenario 2 -- does NOT prompt for password (good)
> Start as user "jon". Run ssh -v -v -v -Y jon2@server1
> Goes right to command prompt for user jon2
>
> Below is debug output for both cases.
> It is clear that public key authentication worked for scenario 2 and
> that it did NOT work for scenario 1
>
> But what could be the cause of the problem for scenario 1?
>
> ------------------------------------------------------------
> Scenario1 - Problem (prompts for password)
>
> <snip>
>
> These messages are identical to the "success" case below..
>
> debug1: Next authentication method: publickey
> debug1: Trying private key: /export/home/jon/.ssh/identity
> debug3: no such identity: /export/home/jon/.ssh/identity
> debug1: Offering public key: /export/home/jon/.ssh/id_rsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug3: Wrote 368 bytes for a total of 1477
>
> This is where messages become different than the success case below...
> Note that NO messages are left out here. debug3: Wrote 368 ..... msg
> is followed by the debug1: Authentications that can continue .... msg.
>
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: Trying private key: /export/home/jon/.ssh/id_dsa
> debug3: no such identity: /export/home/jon/.ssh/id_dsa
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup keyboard-interactive
> debug3: remaining preferred: password
> debug3: authmethod_is_enabled keyboard-interactive
>
>
> ----------------------------------------------------------
> Scenario 2 - Good (No prompt for password)
>
> These messages are identical to the failure case above..
> <snip>
> debug1: Next authentication method: publickey
> debug1: Trying private key: /export/home/jon/.ssh/identity
> debug3: no such identity: /export/home/jon/.ssh/identity
> debug1: Offering public key: /export/home/jon/.ssh/id_rsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug3: Wrote 368 bytes for a total of 1477
>
> This is where messages become different than the failure case above.
> Note that NO messages are left out here. debug3: Wrote 368 ..... msg
> is followed by the debug1: Server accepts key: ... msg.
>
> debug1: Server accepts key: pkalg ssh-rsa blen 277
> debug2: input_userauth_pk_ok: fp a2:ee:ea:88:cd:8e:c3:c9:c5:63:dd:30:ea:55:93:db
> debug3: sign_and_send_pubkey
> debug1: read PEM private key done: type RSA
> debug3: Wrote 640 bytes for a total of 2117
> debug1: Authentication succeeded (publickey).
> debug1: channel 0: new [client-session]
> debug3: ssh_session2_open: channel_new: 0
> debug2: channel 0: send open
> debug1: Requesting no-more-sessions@xxxxxxxxxxx
> debug1: Entering interactive session.
> <snip>
> -----------------------------------------------------------------------------------------
>
> End
>
