From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 21036 invoked by alias); 14 Oct 2011 18:44:18 -0000 Received: (qmail 21024 invoked by uid 22791); 14 Oct 2011 18:44:16 -0000 X-SWARE-Spam-Status: No, hits=-0.2 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from mail.joshitech.com (HELO remote.joshitech.com) (64.207.231.34) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Fri, 14 Oct 2011 18:44:02 +0000 Received: from JTISBS8.joshitech.local ([fe80::9c28:12d4:7aa3:fe9f]) by JTISBS8.joshitech.local ([fe80::9c28:12d4:7aa3:fe9f%13]) with mapi; Fri, 14 Oct 2011 13:43:58 -0500 From: Clayton Evans To: "cygwin@cygwin.com" Date: Fri, 14 Oct 2011 18:44:00 -0000 Subject: RE: openssh authentification Message-ID: References: In-Reply-To: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-IsSubscribed: yes Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com X-SW-Source: 2011-10/txt/msg00258.txt.bz2 > > > > debug1: Next authentication method: publickey > > > > debug1: Offering RSA public key: /home/cevans/.ssh/id_rsa > > > > debug3: send_pubkey_test > > > > debug2: we sent a publickey packet, wait for reply > > > > debug1: Authentications that can continue:=20 > > > > publickey,password,keyboard-interactive > > > > debug1: Offering DSA public key: /home/cevans/.ssh/id_dsa > > > > debug3: send_pubkey_test > > > > debug2: we sent a publickey packet, wait for reply > > > > debug1: Authentications that can continue:=20 > > > > publickey,password,keyboard-interactive > > > > debug1: Offering ECDSA public key: /home/cevans/.ssh/id_ecdsa > > > > debug3: send_pubkey_test > > > > debug2: we sent a publickey packet, wait for reply > > > > debug1: Authentications that can continue:=20 > > > > publickey,password,keyboard-interactive > > > > debug2: we did not send a packet, disable method > > > > > > So all three of those keys were offered, but none were accepted. Are= the public keys for those in your ~/.ssh/authorized_keys file on the > ser= ver? > >=20 > > I copied the .ssh/authorized_keys file from the client to the host befo= re the ssh -vvv jti031 was done. > > OK, but that's not exactly what I asked. The question is, is one of thos= e public keys (/home/cevans/.ssh/id_rsa.pub, /home/cevans/.ssh/id_dsa.pub, = or /home/cevans/.ssh/id_ecdsa.pub from the client) in ~/.ssh/authorized_key= s on the server? No, the id_*.pub files were not copied.=20=20=20 I have now copied all three id_*.pub files from the client to the host. I = have rerun 'ssh -vvv jti031' with identical results. (At least diff finds t= he results to be identical.) > > Do you by chance have any "from" restrictions on the keys in=20 > > authorized_keys? For example, > > > > from=3D"localhost" ssh-rsa AAAAB3NzaC1yc... > > > > That could cause the server to reject the keys. >=20 > I have not intentionally added any "from" restrictions on the keys.=20=20 > From your question I infer that this would be in the authorized_keys file. Correct, see AUTHORIZED_KEYS FILE FORMAT in sshd(8). > The lines in the authorized_keys file begin with ssh-rsa ..., ssh-dss=20 > ..., > ecdsa-sha2-nistp256 .... The lines all end with a white space and=20 > @, where and have my user id=20 > and client machine name, jti023. OK, so the answer to that is no. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple