[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SSH publickey auth



Am Fr, den 08.07.2005 schrieb Michael Yep um 22:03:

Don't top-post, please.

> I was under the impression that with this setup I would not have to 
> enter a password

No, it requests to enter the pubkey passphrase.

>>Enter passphrase for key '/cygdrive/c/Documents and 
> >>Settings/myep/.ssh/id_rsa':
> >>Ctrl-C

> Notice how it trys publickey auth and then it fails, and then tries 
> password auth.

Can you mark the line where you see that? I frankly don't see that.

> debug1: ssh_rsa_verify: signature correct
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug2: key: /cygdrive/c/Documents and Settings/myep/.ssh/identity (0x0)
> debug2: key: /cygdrive/c/Documents and Settings/myep/.ssh/id_rsa 
> (0x100e9c40)
> debug2: key: /cygdrive/c/Documents and Settings/myep/.ssh/id_dsa (0x0)
> debug1: Authentications that can continue: 
> publickey,gssapi-with-mic,password
> debug3: start over, passed a different list 
> publickey,gssapi-with-mic,password
> debug3: preferred publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /cygdrive/c/Documents and 
> Settings/myep/.ssh/identity
> debug3: no such identity: /cygdrive/c/Documents and 
> Settings/myep/.ssh/identity
> debug1: Offering public key: /cygdrive/c/Documents and 
> Settings/myep/.ssh/id_rsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug1: Server accepts key: pkalg ssh-rsa blen 149
> debug2: input_userauth_pk_ok: fp 
> a9:b1:ac:29:22:15:54:47:2d:f0:42:12:78:39:df:cb
> debug3: sign_and_send_pubkey
> debug1: PEM_read_PrivateKey failed
> debug1: read PEM private key done: type <unknown>

If you want to disable password auth as a fallback method you must
disable that method in sshd_config.

And please: don't use passphrase-less public keys! That has a security
drawback. Use ssh-agent for not often entering the passphrase during a
desktop session.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp 
Serendipity 22:29:49 up 13 days, 5:21, load average: 0.05, 0.15, 0.19 

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]