Hi.
I have a linux server, and a bunch of solaris clients. I've set it up
the authorized keys file for each user on the clients to contain the
rsa public key of the respective user. This holds true for root as
well.
There are no issues with root logging in to the solaris clients using
public key authorisation. However, no other user can log in to the
solaris machines using public keys. The ssh waits at a password
prompt.
The error message that I see when running the server in debug mode is
------------------------------------------------
debug1: trying public key file /home/nostromo/.ssh/authorized_keys
debug1: matching key found: file /home/nostromo/.ssh/authorized_keys,
line 2
Found matching RSA key: a8:5b:3a:0e:cd:f2:c3:70:bb:9c:42:1b:df:
65:45:69
debug1: restore_uid: 0/0
debug1: ssh_rsa_verify: signature correct
debug2: Starting PAM service sshd-pubkey for method publickey
debug3: Trying to reverse map address 10.1.1.1.
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
Failed publickey for nostromo from 10.1.1.1 port 54592 ssh2
debug1: userauth-request for user nostromo service ssh-connection
method keyboard-interactive
debug1: attempt 3 initial attempt 0 failures 3 initial failures 0
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug2: Starting PAM service sshd-kbdint for method keyboard-
interactive
debug2: Calling pam_authenticate()
debug2: PAM echo off prompt: Password:
------------------------------------------------
As you can see, the matching key is found but reports failure using
public key for the user.
Any ideas?
-a

On Sat, 28 Jun 2008 18:20:40 -0700, Anoop wrote:

> I have a linux server, and a bunch of solaris clients. I've set it up
> the authorized keys file for each user on the clients to contain the
> rsa public key of the respective user. This holds true for root as
> well.
> There are no issues with root logging in to the solaris clients using
> public key authorisation. However, no other user can log in to the
> solaris machines using public keys. The ssh waits at a password
> prompt.

Restore the original /etc/ssh/sshd_config file on Solaris. You are *not*
supposed to be able to use ssh as root.

Dave Uhring wrote:
> On Sat, 28 Jun 2008 18:20:40 -0700, Anoop wrote:
>
>> I have a linux server, and a bunch of solaris clients. I've set it up
>> the authorized keys file for each user on the clients to contain the
>> rsa public key of the respective user. This holds true for root as
>> well.
>> There are no issues with root logging in to the solaris clients using
>> public key authorisation. However, no other user can log in to the
>> solaris machines using public keys. The ssh waits at a password
>> prompt.
>
> Restore the original /etc/ssh/sshd_config file on Solaris. You are *not*
> supposed to be able to use ssh as root.
>


But I don't think the fact he has allowed root to log in via ssh is
anything to do with the reason in this case.

On 2008-06-29 08:24:16 +0100, Dave <foo@coo.com> said:

> Dave Uhring wrote:
>> On Sat, 28 Jun 2008 18:20:40 -0700, Anoop wrote:
>>
>>> I have a linux server, and a bunch of solaris clients. I've set it up
>>> the authorized keys file for each user on the clients to contain the
>>> rsa public key of the respective user. This holds true for root as
>>> well.
>>> There are no issues with root logging in to the solaris clients using
>>> public key authorisation. However, no other user can log in to the
>>> solaris machines using public keys. The ssh waits at a password
>>> prompt.
>>
>> Restore the original /etc/ssh/sshd_config file on Solaris. You are *not*
>> supposed to be able to use ssh as root.
>>
>
>
> But I don't think the fact he has allowed root to log in via ssh is
> anything to do with the reason in this case.

What name services (NIS, LDAP) are being used on all the machines?

Cheers,

Chris

Anoop <anoop.rajendra@gmail.com> writes:
>
>I have a linux server, and a bunch of solaris clients. I've set it up
>the authorized keys file for each user on the clients to contain the
>rsa public key of the respective user. This holds true for root as
>well.
>There are no issues with root logging in to the solaris clients using
>public key authorisation. However, no other user can log in to the
>solaris machines using public keys. The ssh waits at a password
>prompt.
>

Are there any complaints from sshd about writable directories in
the logfiles? Are the home directories for your normal users
automounted?

-Greg
--
Do NOT reply via e-mail.
Reply in the newsgroup.

On Sun, 29 Jun 2008 08:24:16 +0100, Dave wrote:
> Dave Uhring wrote:

>> Restore the original /etc/ssh/sshd_config file on Solaris. You are *not*
>> supposed to be able to use ssh as root.
>
> But I don't think the fact he has allowed root to log in via ssh is
> anything to do with the reason in this case.

Probably so, but what else did the OP bork when permitting root login? In
any case, starting from a known workable configuration is better than
starting from $DEITY knows where.

On Jun 29, 6:20*am, Dave Uhring <daveuhr...@yahoo.com> wrote:
> On Sun, 29 Jun 2008 08:24:16 +0100, Dave wrote:
> > Dave Uhring wrote:
> >> Restore the original /etc/ssh/sshd_config file on Solaris. *You are *not*
> >> supposed to be able to use ssh as root.
>
> > But I don't think the fact he has allowed root to log in via ssh is
> > anything to do with the reason in this case.
>
> Probably so, but what else did the OP bork when permitting root login? *In
> any case, starting from a known workable configuration is better than
> starting from $DEITY knows where.

The user directories are automounted.

The only thing changed in the sshd_config are "PermitRootLogin"
parameter

On Sun, 29 Jun 2008 10:03:52 -0700, Anoop wrote:

> On Jun 29, 6:20*am, Dave Uhring <daveuhr...@yahoo.com> wrote:
>> On Sun, 29 Jun 2008 08:24:16 +0100, Dave wrote:
>> > Dave Uhring wrote:
>> >> Restore the original /etc/ssh/sshd_config file on Solaris. *You are *not*
>> >> supposed to be able to use ssh as root.
>>
>> > But I don't think the fact he has allowed root to log in via ssh is
>> > anything to do with the reason in this case.
>>
>> Probably so, but what else did the OP bork when permitting root login? *In
>> any case, starting from a known workable configuration is better than
>> starting from $DEITY knows where.
>
> The user directories are automounted.

Perhaps you mean "user home directories"?

> The only thing changed in the sshd_config are "PermitRootLogin"
> parameter

Restore the original configuration from an unmodifed sshd_config and see
if the problem persists.

What version of Solaris are you using? Where did your sshd package come
from?

On Jun 29, 10:17*am, Dave Uhring <daveuhr...@yahoo.com> wrote:
> On Sun, 29 Jun 2008 10:03:52 -0700, Anoop wrote:
> > On Jun 29, 6:20*am, Dave Uhring <daveuhr...@yahoo.com> wrote:
> >> On Sun, 29 Jun 2008 08:24:16 +0100, Dave wrote:
> >> > Dave Uhring wrote:
> >> >> Restore the original /etc/ssh/sshd_config file on Solaris. *You are *not*
> >> >> supposed to be able to use ssh as root.
>
> >> > But I don't think the fact he has allowed root to log in via ssh is
> >> > anything to do with the reason in this case.
>
> >> Probably so, but what else did the OP bork when permitting root login? *In
> >> any case, starting from a known workable configuration is better than
> >> starting from $DEITY knows where.
>
> > The user directories are automounted.
>
> Perhaps you mean "user home directories"?

Yes I do.

>
> > The only thing changed in the sshd_config are "PermitRootLogin"
> > parameter
>
> Restore the original configuration from an unmodifed sshd_config and see
> if the problem persists.

It still persists.
>
> What version of Solaris are you using? *Where did your sshd package come
> from?

Solaris 10. sshd comes from the SUNWsshdu package.

-a

quoting Anoop (Sun, 29 Jun 2008 10:48:07 -0700 (PDT)):
> It still persists.

Did you check the logfile about permission issues?
Can't remember seeing an answer to that suggestion yet.

--
Dick Hoogendijk -- PGP/GnuPG key: 01D2433D
++ http://nagual.nl/ | SunOS 10u5 05/08 ++