X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=-0.2 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD
X-Spam-Check-By:	sourceware.org
From:	Clayton Evans <CEvans AT joshitech DOT com>
To:	"cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
Date:	Fri, 14 Oct 2011 13:43:57 -0500
Subject:	RE: openssh authentification
Message-ID:	<C1D4084E4F215A4F890E70E3675DF633491EC860C5@JTISBS8.joshitech.local>
References:	<C1D4084E4F215A4F890E70E3675DF633491EC860BE AT JTISBS8 DOT joshitech DOT local> <jifg97lcabu2le035n29f2mr1dk0pchod5 AT 4ax DOT com> <C1D4084E4F215A4F890E70E3675DF633491EC860C4 AT JTISBS8 DOT joshitech DOT local> <ferg9799a79cbj4q6djuote32bqup8rmo1 AT 4ax DOT com>
In-Reply-To:	<ferg9799a79cbj4q6djuote32bqup8rmo1@4ax.com>
MIME-Version:	1.0
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
X-MIME-Autoconverted:	from quoted-printable to 8bit by delorie.com id p9EIiNlu018403

> > > > debug1: Next authentication method: publickey
> > > > debug1: Offering RSA public key: /home/cevans/.ssh/id_rsa
> > > > debug3: send_pubkey_test
> > > > debug2: we sent a publickey packet, wait for reply
> > > > debug1: Authentications that can continue: 
> > > > publickey,password,keyboard-interactive
> > > > debug1: Offering DSA public key: /home/cevans/.ssh/id_dsa
> > > > debug3: send_pubkey_test
> > > > debug2: we sent a publickey packet, wait for reply
> > > > debug1: Authentications that can continue: 
> > > > publickey,password,keyboard-interactive
> > > > debug1: Offering ECDSA public key: /home/cevans/.ssh/id_ecdsa
> > > > debug3: send_pubkey_test
> > > > debug2: we sent a publickey packet, wait for reply
> > > > debug1: Authentications that can continue: 
> > > > publickey,password,keyboard-interactive
> > > > debug2: we did not send a packet, disable method
> > >
> > > So all three of those keys were offered, but none were accepted.  Are the public keys for those in your ~/.ssh/authorized_keys file on the > server?
> > 
> > I copied the .ssh/authorized_keys file from the client to the host before the ssh -vvv jti031 was done.
>
> OK, but that's not exactly what I asked.  The question is, is one of those public keys (/home/cevans/.ssh/id_rsa.pub, /home/cevans/.ssh/id_dsa.pub, or /home/cevans/.ssh/id_ecdsa.pub from the client) in ~/.ssh/authorized_keys on the server?

No, the id_*.pub files were not copied.   

I have now copied all three id_*.pub files from the client to the host.  I have rerun 'ssh -vvv jti031' with identical results. (At least diff finds the results to be identical.)

> > Do you by chance have any "from" restrictions on the keys in 
> > authorized_keys?  For example,
> >
> > from="localhost" ssh-rsa AAAAB3NzaC1yc...
> >
> > That could cause the server to reject the keys.
> 
> I have not intentionally added any "from" restrictions on the keys.  
> From your question I infer that this would be in the authorized_keys file.

Correct, see AUTHORIZED_KEYS FILE FORMAT in sshd(8).

> The lines in the authorized_keys file begin with ssh-rsa ..., ssh-dss 
> ...,
> ecdsa-sha2-nistp256 ....  The lines all end with a white space and 
> <userid>@<clientname>, where <userid> and <clientname> have my user id 
> and client machine name, jti023.

OK, so the answer to that is no.



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -