From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-172970-listarch-cygwin=sourceware.org@cygwin.com>
Received: (qmail 18468 invoked by alias); 14 Oct 2011 17:07:31 -0000
Received: (qmail 18454 invoked by uid 22791); 14 Oct 2011 17:07:27 -0000
X-SWARE-Spam-Status: No, hits=0.2 required=5.0	tests=AWL,BAYES_00,RP_MATCHES_RCVD,TW_RW
X-Spam-Check-By: sourceware.org
Received: from mail.joshitech.com (HELO remote.joshitech.com) (64.207.231.34)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Fri, 14 Oct 2011 17:07:10 +0000
Received: from JTISBS8.joshitech.local ([fe80::9c28:12d4:7aa3:fe9f]) by JTISBS8.joshitech.local ([fe80::9c28:12d4:7aa3:fe9f%13]) with mapi; Fri, 14 Oct 2011 12:07:09 -0500
From: Clayton Evans <CEvans@joshitech.com>
To: "cygwin@cygwin.com" <cygwin@cygwin.com>
Date: Fri, 14 Oct 2011 17:07:00 -0000
Subject: RE: openssh authentification
Message-ID: <C1D4084E4F215A4F890E70E3675DF633491EC860C4@JTISBS8.joshitech.local>
References: <C1D4084E4F215A4F890E70E3675DF633491EC860BE@JTISBS8.joshitech.local> <jifg97lcabu2le035n29f2mr1dk0pchod5@4ax.com>
In-Reply-To: <jifg97lcabu2le035n29f2mr1dk0pchod5@4ax.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-IsSubscribed: yes
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
X-SW-Source: 2011-10/txt/msg00255.txt.bz2

> > debug1: Next authentication method: publickey
> > debug1: Offering RSA public key: /home/cevans/.ssh/id_rsa
> > debug3: send_pubkey_test
> > debug2: we sent a publickey packet, wait for reply
> > debug1: Authentications that can continue:=20
> > publickey,password,keyboard-interactive
> > debug1: Offering DSA public key: /home/cevans/.ssh/id_dsa
> > debug3: send_pubkey_test
> > debug2: we sent a publickey packet, wait for reply
> > debug1: Authentications that can continue:=20
> > publickey,password,keyboard-interactive
> > debug1: Offering ECDSA public key: /home/cevans/.ssh/id_ecdsa
> > debug3: send_pubkey_test
> > debug2: we sent a publickey packet, wait for reply
> > debug1: Authentications that can continue:=20
> > publickey,password,keyboard-interactive
> > debug2: we did not send a packet, disable method
>
> So all three of those keys were offered, but none were accepted.  Are the=
 public keys for those in your ~/.ssh/authorized_keys file on the > server?
>
> Do you by chance have any "from" restrictions on the keys in authorized_k=
eys?  For example,
>
> from=3D"localhost" ssh-rsa AAAAB3NzaC1yc...
>
> That could cause the server to reject the keys.
>
> > debug1: Next authentication method: password cevans@jti031's password:
> > debug3: packet_send2: adding 64 (len 59 padlen 5 extra_pad 64)
> > debug2: we sent a password packet, wait for reply
> > debug1: Authentications that can continue:=20
> > publickey,password,keyboard-interactive
> > Permission denied, please try again.
>
> Not sure what would cause that.
>=20
>=20

I copied the .ssh/authorized_keys file from the client to the host before t=
he ssh -vvv jti031 was done.

I have not intentionally added any "from" restrictions on the keys.  From y=
our question I infer that this would be in the authorized_keys file.  The l=
ines in the authorized_keys file begin with ssh-rsa ..., ssh-dss ..., ecdsa=
-sha2-nistp256 ....  The lines all end with a white space and <userid>@<cli=
entname>, where <userid> and <clientname> have my user id and client machin=
e name, jti023.

Permissions in .ssh on the client are:
$ ls -l
total 19
-rw-r--r-- 1 cevans Administrators 1816 Oct 13 15:24 authorized_keys
-rw------- 1 cevans Administrators  668 Oct 13 15:24 id_dsa
-rw-r--r-- 1 cevans Administrators  603 Oct 13 15:24 id_dsa.pub
-rw------- 1 cevans Administrators  227 Oct 13 15:24 id_ecdsa
-rw-r--r-- 1 cevans Administrators  175 Oct 13 15:24 id_ecdsa.pub
-rw------- 1 cevans Administrators 1679 Oct 13 15:24 id_rsa
-rw-r--r-- 1 cevans Administrators  395 Oct 13 15:24 id_rsa.pub
-rw------- 1 cevans Administrators  978 Oct 13 15:24 identity
-rw-r--r-- 1 cevans Administrators  643 Oct 13 15:24 identity.pub
-rw-r--r-- 1 cevans Administrators  182 Oct 13 15:43 known_hosts

$ ls -ld .ssh
drwx------+ 1 cevans Administrators 0 Oct 14 09:23 .ssh

Permissions on the host are:
-rw-------+ 1 CEvans Administrators 1679 Oct  3 15:13 id_rsa
-rw-r--r--+ 1 CEvans Administrators  395 Oct  3 15:13 id_rsa.pub
-rw-r--r--+ 1 CEvans Administrators  603 Oct  3 15:13 id_dsa.pub
-rw-------+ 1 CEvans Administrators  668 Oct  3 15:13 id_dsa
-rw-r--r--+ 1 CEvans Administrators  175 Oct  3 15:14 id_ecdsa.pub
-rw-------+ 1 CEvans Administrators  227 Oct  3 15:14 id_ecdsa
-rw-------+ 1 CEvans Administrators  978 Oct  3 15:14 identity
-rw-r--r--+ 1 CEvans Administrators  643 Oct  3 15:14 identity.pub
-rw-r--r--+ 1 CEvans Administrators   48 Oct  4 16:36 authorization
-rw-------+ 1 CEvans Administrators 1816 Oct 13 15:24 authorized_keys

drwxr-xr-x+ 1 CEvans Administrators 0 Oct 14 09:46 /cygdrive/d/home/cevans/=
.ssh

Clayton Evans

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple