openssh server should warn that .ssh/authorized_keys is not accessible (causing ssh pubkey authentication to fail silently)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
portable OpenSSH |
Fix Released
|
Unknown
|
|||
openssh (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Client: Ubuntu 9.10
Server: Debian Lenny
This may be a bug in ubuntu client or in debian server.
SSH pubkey was working normally.
I today tried to passwd -l one of the users. After that time I noticed ssh pubkey login stoped working.
New account was crated on server (new user) with allowed pubkeys, but he is still not working as well (even though he was never passwd -l or nothing)
ssh pubkey works to root
ssh pubkey fails to any other user, including new user. Users is in AllowUsers
grep -i root /etc/ssh/
AllowUsers root rafal svnwork userfoo
PermitRootLogin yes
Login to root (works)
Client:
debug1: SSH2_MSG_
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: rafal1-rafal@lcwood
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: lcac_rafal_
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: rafalsvn-
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: rafaladmin-
debug1: Server accepts key: pkalg ssh-rsa blen 1045
Server:
Jan 9 23:32:33 vz1947 sshd[19677]: Failed publickey for root from 83.24.63.165 port 59835 ssh2
Jan 9 23:32:33 vz1947 sshd[19677]: debug3: mm_answer_
Jan 9 23:32:33 vz1947 sshd[19677]: debug3: mm_request_send entering: type 22
Jan 9 23:32:33 vz1947 sshd[19677]: debug3: mm_request_receive entering
Jan 9 23:32:33 vz1947 sshd[19677]: debug3: monitor_read: checking request 21
Jan 9 23:32:33 vz1947 sshd[19677]: debug3: mm_answer_
Jan 9 23:32:33 vz1947 sshd[19677]: debug3: mm_answer_
Jan 9 23:32:33 vz1947 sshd[19677]: debug1: Checking blacklist file /usr/share/
Jan 9 23:32:33 vz1947 sshd[19677]: debug1: Checking blacklist file /etc/ssh/
Jan 9 23:32:33 vz1947 sshd[19677]: debug1: temporarily_
Jan 9 23:32:33 vz1947 sshd[19677]: debug1: trying public key file /root/.
Jan 9 23:32:33 vz1947 sshd[19677]: debug1: fd 4 clearing O_NONBLOCK
Jan 9 23:32:33 vz1947 sshd[19677]: debug3: secure_filename: checking '/root/.ssh'
Jan 9 23:32:33 vz1947 sshd[19677]: debug3: secure_filename: checking '/root'
Jan 9 23:32:33 vz1947 sshd[19677]: debug3: secure_filename: terminating check at '/root'
Jan 9 23:32:33 vz1947 sshd[19677]: debug1: matching key found: file /root/.
Jan 9 23:32:33 vz1947 sshd[19677]: Found matching RSA key: 1b:7b:5b:
Login to userfoo (fails). Login is done from same client console (where I have same keys in ssh-add) just a moment after doing successfully ssh root@... that did worked via pubkey.
Pubkey does not work; Normal login via password works.
Client:
debug1: SSH2_MSG_
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: rafal1-rafal@lcwood
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: lcac_rafal_
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: rafalsvn-
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: rafaladmin-
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/rafal/
debug1: Trying private key: /home/rafal/
debug1: Trying private key: /home/rafal/
debug1: Next authentication method: password
Server:
Jan 10 00:54:16 vz1947 sshd[32763]: Connection from 83.24.63.165 port 56559
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: Client protocol version 2.0; client software version OpenSSH_5.1p1 Debian-6ubuntu2
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: match: OpenSSH_5.1p1 Debian-6ubuntu2 pat OpenSSH*
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: Enabling compatibility mode for protocol 2.0
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: Local version string SSH-2.0-
Jan 10 00:54:16 vz1947 sshd[32763]: debug2: fd 3 setting O_NONBLOCK
Jan 10 00:54:16 vz1947 sshd[32763]: debug2: Network child is on pid 32765
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: preauth child monitor started
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_request_receive entering
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: monitor_read: checking request 0
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_answer_moduli: got parameters: 1024 1024 8192
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_request_send entering: type 1
Jan 10 00:54:16 vz1947 sshd[32763]: debug2: monitor_read: 0 used once, disabling now
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_request_receive entering
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: monitor_read: checking request 5
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_answer_sign
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_answer_sign: signature 0x8a69030(271)
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_request_send entering: type 6
Jan 10 00:54:16 vz1947 sshd[32763]: debug2: monitor_read: 5 used once, disabling now
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_request_receive entering
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: monitor_read: checking request 7
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_answer_
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: Trying to reverse map address 83.24.63.165.
Jan 10 00:54:16 vz1947 sshd[32763]: debug2: parse_server_
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_answer_
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_request_send entering: type 8
Jan 10 00:54:16 vz1947 sshd[32763]: debug2: monitor_read: 7 used once, disabling now
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_request_receive entering
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: monitor_read: checking request 48
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: PAM: initializing for "userfoo"
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: PAM: setting PAM_RHOST to "dmh165.
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: PAM: setting PAM_TTY to "ssh"
Jan 10 00:54:16 vz1947 sshd[32763]: debug2: monitor_read: 48 used once, disabling now
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_request_receive entering
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: monitor_read: checking request 3
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_answer_authserv: service=
Jan 10 00:54:16 vz1947 sshd[32763]: debug2: monitor_read: 3 used once, disabling now
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_request_receive entering
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: monitor_read: checking request 11
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_answer_
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_request_send entering: type 12
Jan 10 00:54:16 vz1947 sshd[32763]: Failed none for userfoo from 83.24.63.165 port 56559 ssh2
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_request_receive entering
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: monitor_read: checking request 21
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_answer_
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_answer_
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: Checking blacklist file /usr/share/
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: Checking blacklist file /etc/ssh/
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: temporarily_
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: trying public key file /home/userfoo/
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: restore_uid: 0/0
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: temporarily_
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: trying public key file /home/userfoo/
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: restore_uid: 0/0
Jan 10 00:54:16 vz1947 sshd[32763]: Failed publickey for userfoo from 83.24.63.165 port 56559 ssh2
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_answer_
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_request_send entering: type 22
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_request_receive entering
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: monitor_read: checking request 21
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_answer_
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_answer_
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: Checking blacklist file /usr/share/
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: Checking blacklist file /etc/ssh/
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: temporarily_
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: trying public key file /home/userfoo/
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: restore_uid: 0/0
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: temporarily_
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: trying public key file /home/userfoo/
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: restore_uid: 0/0
Jan 10 00:54:16 vz1947 sshd[32763]: Failed publickey for userfoo from 83.24.63.165 port 56559 ssh2
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_answer_
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_request_send entering: type 22
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_request_receive entering
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: monitor_read: checking request 21
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_answer_
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_answer_
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: Checking blacklist file /usr/share/
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: Checking blacklist file /etc/ssh/
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: temporarily_
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: trying public key file /home/userfoo/
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: restore_uid: 0/0
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: temporarily_
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: trying public key file /home/userfoo/
Jan 10 00:54:16 vz1947 sshd[32763]: debug1: restore_uid: 0/0
Jan 10 00:54:16 vz1947 sshd[32763]: Failed publickey for userfoo from 83.24.63.165 port 56559 ssh2
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_answer_
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_request_send entering: type 22
Jan 10 00:54:16 vz1947 sshd[32763]: debug3: mm_request_receive entering
Jan 10 00:54:17 vz1947 sshd[32763]: debug3: monitor_read: checking request 21
Jan 10 00:54:17 vz1947 sshd[32763]: debug3: mm_answer_
Jan 10 00:54:17 vz1947 sshd[32763]: debug3: mm_answer_
Jan 10 00:54:17 vz1947 sshd[32763]: debug1: Checking blacklist file /usr/share/
Jan 10 00:54:17 vz1947 sshd[32763]: debug1: Checking blacklist file /etc/ssh/
Jan 10 00:54:17 vz1947 sshd[32763]: debug1: temporarily_
Jan 10 00:54:17 vz1947 sshd[32763]: debug1: trying public key file /home/userfoo/
Jan 10 00:54:17 vz1947 sshd[32763]: debug1: restore_uid: 0/0
Jan 10 00:54:17 vz1947 sshd[32763]: debug1: temporarily_
Jan 10 00:54:17 vz1947 sshd[32763]: debug1: trying public key file /home/userfoo/
Jan 10 00:54:17 vz1947 sshd[32763]: debug1: restore_uid: 0/0
Jan 10 00:54:17 vz1947 sshd[32763]: Failed publickey for userfoo from 83.24.63.165 port 56559 ssh2
Jan 10 00:54:17 vz1947 sshd[32763]: debug3: mm_answer_
VPS: root@vz1947(
ssh-rsa AAAAB3NzaC1yc2E
VPS: root@vz1947(
ssh-rsa AAAAB3NzaC1yc2E
VPS: root@vz1947(
6617c1802b8884a
VPS: root@vz1947(
6617c1802b8884a
VPS: root@vz1947(
File: `/root/
Size: 1429 Blocks: 8 IO Block: 4096 regular file
Device: 50h/80d Inode: 138149922 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2010-01-09 23:55:28.000000000 +0000
Modify: 2010-01-09 21:58:10.000000000 +0000
Change: 2010-01-09 21:58:10.000000000 +0000
File: `/home/
Size: 1429 Blocks: 8 IO Block: 4096 regular file
Device: 50h/80d Inode: 32736673 Links: 1
Access: (0600/-rw-------) Uid: ( 1000/ userfoo) Gid: ( 1000/ userfoo)
Access: 2010-01-09 23:55:24.000000000 +0000
Modify: 2010-01-09 23:51:45.000000000 +0000
Change: 2010-01-09 23:51:59.000000000 +0000
VPS: root@vz1947(
File: `/root/.ssh/'
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 50h/80d Inode: 38633473 Links: 2
Access: (0700/drwx------) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2010-01-09 23:55:08.000000000 +0000
Modify: 2010-01-09 21:58:10.000000000 +0000
Change: 2010-01-09 21:58:10.000000000 +0000
File: `/home/
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 50h/80d Inode: 32736671 Links: 2
Access: (0600/drw-------) Uid: ( 1000/ userfoo) Gid: ( 1000/ userfoo)
Access: 2010-01-09 23:51:59.000000000 +0000
Modify: 2010-01-09 23:51:45.000000000 +0000
Change: 2010-01-09 23:51:59.000000000 +0000
ProblemType: Bug
Architecture: amd64
Date: Sat Jan 9 23:59:02 2010
DistroRelease: Ubuntu 9.10
NonfreeKernelMo
Package: ssh (not installed)
ProcEnviron:
LANGUAGE=
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSign
SourcePackage: openssh
Uname: Linux 2.6.31-16-generic x86_64
Related branches
visibility: | public → private |
visibility: | private → public |
Changed in openssh: | |
importance: | Undecided → Unknown |
status: | New → Unknown |
Changed in openssh: | |
status: | Unknown → Fix Released |
after chmod 700 /home/userfoo/.ssh/ ; /etc/init.d/ssh restart still identical problem