I'm sorry, +r or +w for everyone or world. Only owner should have +r or +w.
On Mon, Mar 22, 2010 at 11:20 AM, Zack Payton <zpayton@xxxxxxxxx> wrote:
> What are the permissions on your home directory for the user that is failing.
> Also what are the permissions for ~/.ssh/ of the user that is failing?
>
> If either of these are set to +r or +w, ssh will skip public key and
> go to password authentication.
>
> Z
>
> On Fri, Mar 19, 2010 at 5:50 PM, Jon Price <jonelwoodprice@xxxxxxxxx> wrote:
>> Hi,
>>
>> Public key authentication seems to work for one account but does NOT
>> work (prompts for password) for another account.
>> Why might this be?
>>
>> I have a problem with public key authentication. This all happens on
>> the same server ("server1") which runs Solaris 10 and OpenSSH 5.3p1.
>> There are two scenarios. Neither scenario should prompt for password
>> because I added "jon" account's public key into the
>> .ssh/authorized_keys file's for both the ndio account and the jon2
>> account. However, Scenario 1 prompts for password (problem) and
>> Scenario 2 does NOT prompt for password (good).
>>
>> Scenario 1 -- prompts for password (problem)
>> Start as user "jon". Run ssh -v -v -v -Y ndio@server1
>> this prompts for password
>>
>> Scenario 2 -- does NOT prompt for password (good)
>> Start as user "jon". Run ssh -v -v -v -Y jon2@server1
>> Goes right to command prompt for user jon2
>>
>> Below is debug output for both cases.
>> It is clear that public key authentication worked for scenario 2 and
>> that it did NOT work for scenario 1
>>
>> But what could be the cause of the problem for scenario 1?
>>
>> ------------------------------------------------------------
>> Scenario1 - Problem (prompts for password)
>>
>> <snip>
>>
>> These messages are identical to the "success" case below..
>>
>> debug1: Next authentication method: publickey
>> debug1: Trying private key: /export/home/jon/.ssh/identity
>> debug3: no such identity: /export/home/jon/.ssh/identity
>> debug1: Offering public key: /export/home/jon/.ssh/id_rsa
>> debug3: send_pubkey_test
>> debug2: we sent a publickey packet, wait for reply
>> debug3: Wrote 368 bytes for a total of 1477
>>
>> This is where messages become different than the success case below...
>> Note that NO messages are left out here. debug3: Wrote 368 ..... msg
>> is followed by the debug1: Authentications that can continue .... msg.
>>
>> debug1: Authentications that can continue:
>> publickey,password,keyboard-interactive
>> debug1: Trying private key: /export/home/jon/.ssh/id_dsa
>> debug3: no such identity: /export/home/jon/.ssh/id_dsa
>> debug2: we did not send a packet, disable method
>> debug3: authmethod_lookup keyboard-interactive
>> debug3: remaining preferred: password
>> debug3: authmethod_is_enabled keyboard-interactive
>>
>>
>> ----------------------------------------------------------
>> Scenario 2 - Good (No prompt for password)
>>
>> These messages are identical to the failure case above..
>> <snip>
>> debug1: Next authentication method: publickey
>> debug1: Trying private key: /export/home/jon/.ssh/identity
>> debug3: no such identity: /export/home/jon/.ssh/identity
>> debug1: Offering public key: /export/home/jon/.ssh/id_rsa
>> debug3: send_pubkey_test
>> debug2: we sent a publickey packet, wait for reply
>> debug3: Wrote 368 bytes for a total of 1477
>>
>> This is where messages become different than the failure case above.
>> Note that NO messages are left out here. debug3: Wrote 368 ..... msg
>> is followed by the debug1: Server accepts key: ... msg.
>>
>> debug1: Server accepts key: pkalg ssh-rsa blen 277
>> debug2: input_userauth_pk_ok: fp a2:ee:ea:88:cd:8e:c3:c9:c5:63:dd:30:ea:55:93:db
>> debug3: sign_and_send_pubkey
>> debug1: read PEM private key done: type RSA
>> debug3: Wrote 640 bytes for a total of 2117
>> debug1: Authentication succeeded (publickey).
>> debug1: channel 0: new [client-session]
>> debug3: ssh_session2_open: channel_new: 0
>> debug2: channel 0: send open
>> debug1: Requesting no-more-sessions@xxxxxxxxxxx
>> debug1: Entering interactive session.
>> <snip>
>> -----------------------------------------------------------------------------------------
>>
>> End
>>
>
