SSH publickey auth
Alexander Dalloz
ad+lists at uni-x.org
Fri Jul 8 20:34:41 UTC 2005
Am Fr, den 08.07.2005 schrieb Michael Yep um 22:03:
Don't top-post, please.
> I was under the impression that with this setup I would not have to
> enter a password
No, it requests to enter the pubkey passphrase.
>>Enter passphrase for key '/cygdrive/c/Documents and
> >>Settings/myep/.ssh/id_rsa':
> >>Ctrl-C
> Notice how it trys publickey auth and then it fails, and then tries
> password auth.
Can you mark the line where you see that? I frankly don't see that.
> debug1: ssh_rsa_verify: signature correct
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug2: key: /cygdrive/c/Documents and Settings/myep/.ssh/identity (0x0)
> debug2: key: /cygdrive/c/Documents and Settings/myep/.ssh/id_rsa
> (0x100e9c40)
> debug2: key: /cygdrive/c/Documents and Settings/myep/.ssh/id_dsa (0x0)
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
> debug3: start over, passed a different list
> publickey,gssapi-with-mic,password
> debug3: preferred publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /cygdrive/c/Documents and
> Settings/myep/.ssh/identity
> debug3: no such identity: /cygdrive/c/Documents and
> Settings/myep/.ssh/identity
> debug1: Offering public key: /cygdrive/c/Documents and
> Settings/myep/.ssh/id_rsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug1: Server accepts key: pkalg ssh-rsa blen 149
> debug2: input_userauth_pk_ok: fp
> a9:b1:ac:29:22:15:54:47:2d:f0:42:12:78:39:df:cb
> debug3: sign_and_send_pubkey
> debug1: PEM_read_PrivateKey failed
> debug1: read PEM private key done: type <unknown>
If you want to disable password auth as a fallback method you must
disable that method in sshd_config.
And please: don't use passphrase-less public keys! That has a security
drawback. Use ssh-agent for not often entering the passphrase during a
desktop session.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp
Serendipity 22:29:49 up 13 days, 5:21, load average: 0.05, 0.15, 0.19
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050708/2ed03569/attachment-0001.sig>
More information about the fedora-list
mailing list