# OpenSSH v2 DSA PubKey Authentication Not Working

## Crimjob

Hello All,

I've been racking my brain over this for a few weeks now, no matter what I try, I can't get it working.

I've followed multiple guides available on the net, including the official Gentoo guide, but I still get prompted for a password.

I have generated a DSA key, copied it to remotehost, placed it in authorized_keys, yet I still get prompted for the password as if it wasn't there (not even the passphrase I set for the key).

I'm trying to script an rsync without putting the password in the script. Here's my necessary output.

```
crimjob@localhost ~/.ssh $ ssh -v remotehost.net

OpenSSH_5.5p1, OpenSSL 0.9.8o 01 Jun 2010

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Connecting to remotehost.net [My IP] port 81.

debug1: Connection established.

debug1: identity file /home/crimjob/.ssh/id_rsa type -1

debug1: identity file /home/crimjob/.ssh/id_rsa-cert type -1

debug1: identity file /home/crimjob/.ssh/id_dsa type 2

debug1: identity file /home/crimjob/.ssh/id_dsa-cert type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5

debug1: match: OpenSSH_5.5 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_5.5

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-ctr hmac-md5 none

debug1: kex: client->server aes128-ctr hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Host '[remotehost.net]:81' is known and matches the RSA host key.

debug1: Found key in /home/crimjob/.ssh/known_hosts:1

debug1: ssh_rsa_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: Roaming not allowed by server

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,keyboard-interactive

debug1: Next authentication method: publickey

debug1: Trying private key: /home/crimjob/.ssh/id_rsa

debug1: Offering public key: /home/crimjob/.ssh/id_dsa

debug1: Authentications that can continue: publickey,keyboard-interactive

debug1: Next authentication method: keyboard-interactive

Password:

```

```
crimjob@localhost ~/.ssh $ ls -ltra

total 20

drwxr-xr-x 4 crimjob crimjob 4096 Nov  5 00:58 ..

-rw-r--r-- 1 crimjob crimjob 607 Nov  7 13:28 id_dsa.pub

-rw-r--r-- 1 crimjob crimjob 751 Nov  7 13:28 id_dsa

-rw-r--r-- 1 crimjob crimjob 415 Nov  7 13:31 known_hosts

drwxr-xr-x 2 crimjob crimjob 4096 Nov  7 13:31 .

```

```
crimjob@remotehost ~/.ssh $ ls -ltra

total 12

drwxrwx--- 7 crimjob crimjob 4096 Oct 15 04:55 ..

-rw-r--r-- 1 crimjob crimjob 607 Nov  7 13:28 authorized_keys

drwxrwx--- 2 crimjob crimjob 4096 Nov  7 13:32 .

```

```
#       $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $

# This is the sshd server system-wide configuration file.  See

# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with

# OpenSSH is to specify options with their default value where

# possible, but leave them commented.  Uncommented options change a

# default value.

Port 81

#AddressFamily any

ListenAddress <MY IP>

#ListenAddress ::

# The default requires explicit activation of protocol 1

Protocol 2

# HostKey for protocol version 1

#HostKey /etc/ssh/ssh_host_key

# HostKeys for protocol version 2

#HostKey /etc/ssh/ssh_host_rsa_key

#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key

#KeyRegenerationInterval 1h

#ServerKeyBits 1024

# Logging

# obsoletes QuietMode and FascistLogging

#SyslogFacility AUTH

#LogLevel INFO

# Authentication:

LoginGraceTime 2m

PermitRootLogin no

#StrictModes yes

MaxAuthTries 6

MaxSessions 10

#RSAAuthentication yes

PubkeyAuthentication yes

AuthorizedKeysFile      ~/.ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

#RhostsRSAAuthentication no

# similar for protocol version 2

#HostbasedAuthentication no

# Change to yes if you don't trust ~/.ssh/known_hosts for

# RhostsRSAAuthentication and HostbasedAuthentication

#IgnoreUserKnownHosts no

# Don't read the user's ~/.rhosts and ~/.shosts files

#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!

PasswordAuthentication no

#PermitEmptyPasswords no

# Change to no to disable s/key passwords

#ChallengeResponseAuthentication yes

# Kerberos options

#KerberosAuthentication no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes

#KerberosGetAFSToken no

# GSSAPI options

#GSSAPIAuthentication no

#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,

# and session processing. If this is enabled, PAM authentication will

# be allowed through the ChallengeResponseAuthentication and

# PasswordAuthentication.  Depending on your PAM configuration,

# PAM authentication via ChallengeResponseAuthentication may bypass

# the setting of "PermitRootLogin without-password".

# If you just want the PAM account and session checks to run without

# PAM authentication, then enable this but set PasswordAuthentication

# and ChallengeResponseAuthentication to 'no'.

UsePAM yes

#AllowAgentForwarding yes

#AllowTcpForwarding yes

#GatewayPorts no

#X11Forwarding no

#X11DisplayOffset 10

#X11UseLocalhost yes

PrintMotd no

PrintLastLog no

#TCPKeepAlive yes

#UseLogin no

#UsePrivilegeSeparation yes

#PermitUserEnvironment no

#Compression delayed

#ClientAliveInterval 0

#ClientAliveCountMax 3

#UseDNS yes

#PidFile /var/run/sshd.pid

#MaxStartups 10

#PermitTunnel no

#ChrootDirectory none

# no default banner path

#Banner none

# override default of no subsystems

Subsystem       sftp    /usr/lib/misc/sftp-server

# Example of overriding settings on a per-user basis

#Match User anoncvs

#       X11Forwarding no

#       AllowTcpForwarding no

#       ForceCommand cvs server

allowusers crimjob

```

Does anyone have any ideas?

----------

## Crimjob

For arguements sake I added the public key from localhost to localhost's allowed_keys, and it seems to work as expected. I've done the exact same on remotehost, but it will not take my key

```
crimjob@localhost ~/.ssh $ ssh -v localhost

OpenSSH_5.5p1, OpenSSL 0.9.8o 01 Jun 2010

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Connecting to localhost [127.0.0.1] port 81.

debug1: Connection established.

debug1: identity file /home/crimjob/.ssh/id_rsa type -1

debug1: identity file /home/crimjob/.ssh/id_rsa-cert type -1

debug1: identity file /home/crimjob/.ssh/id_dsa type 2

debug1: identity file /home/crimjob/.ssh/id_dsa-cert type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5

debug1: match: OpenSSH_5.5 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_5.5

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-ctr hmac-md5 none

debug1: kex: client->server aes128-ctr hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Host '[localhost]:81' is known and matches the RSA host key.

debug1: Found key in /home/crimjob/.ssh/known_hosts:2

debug1: ssh_rsa_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: Roaming not allowed by server

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,keyboard-interactive

debug1: Next authentication method: publickey

debug1: Trying private key: /home/crimjob/.ssh/id_rsa

debug1: Offering public key: /home/crimjob/.ssh/id_dsa

debug1: Server accepts key: pkalg ssh-dss blen 434

debug1: PEM_read_PrivateKey failed

debug1: read PEM private key done: type <unknown>

Enter passphrase for key '/home/crimjob/.ssh/id_dsa':

```

----------

## tuber

Could you please try running with 

```
ssh -vvv
```

 instead of just 

```
ssh -v
```

?

----------

## Crimjob

Interesting results, thanks for the reply!

```
crimjob@localhost ~/.ssh $ ssh -vvv remotehost.net

OpenSSH_5.5p1, OpenSSL 0.9.8o 01 Jun 2010

debug1: Reading configuration data /etc/ssh/ssh_config

debug2: ssh_connect: needpriv 0

debug1: Connecting to remotehost.net [My IP] port 81.

debug1: Connection established.

debug1: identity file /home/crimjob/.ssh/id_rsa type -1

debug1: identity file /home/crimjob/.ssh/id_rsa-cert type -1

debug3: Not a RSA1 key file /home/crimjob/.ssh/id_dsa.

debug2: key_type_from_name: unknown key type '-----BEGIN'

debug3: key_read: missing keytype

debug2: key_type_from_name: unknown key type 'Proc-Type:'

debug3: key_read: missing keytype

debug2: key_type_from_name: unknown key type 'DEK-Info:'

debug3: key_read: missing keytype

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug2: key_type_from_name: unknown key type '-----END'

debug3: key_read: missing keytype

debug1: identity file /home/crimjob/.ssh/id_dsa type 2

debug1: identity file /home/crimjob/.ssh/id_dsa-cert type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5

debug1: match: OpenSSH_5.5 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_5.5

debug2: fd 3 setting O_NONBLOCK

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-g                                                                                        roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh                                                                                        .com,ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12                                                                                        8,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rij                                                                                        ndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12                                                                                        8,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rij                                                                                        ndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160                                                                                        ,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160                                                                                        ,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-g                                                                                        roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12                                                                                        8,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rij                                                                                        ndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12                                                                                        8,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rij                                                                                        ndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160                                                                                        ,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160                                                                                        ,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: mac_setup: found hmac-md5

debug1: kex: server->client aes128-ctr hmac-md5 none

debug2: mac_setup: found hmac-md5

debug1: kex: client->server aes128-ctr hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug2: dh_gen_key: priv key bits set: 137/256

debug2: bits set: 507/1024

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug3: put_host_port: [My IP]:81

debug3: put_host_port: [remotehost.net]:81

debug3: check_host_in_hostfile: host [remotehost.net]:81 filename /home/crimjob/.s                                                                                        sh/known_hosts

debug3: check_host_in_hostfile: host [remotehost.net]:81 filename /home/crimjob/.s                                                                                        sh/known_hosts

debug3: check_host_in_hostfile: match line 1

debug3: check_host_in_hostfile: host [My IP]:81 filename /home/crimjob/.ssh/known_hosts

debug3: check_host_in_hostfile: host [My IP]:81 filename /home/crimjob/.ssh/known_hosts

debug3: check_host_in_hostfile: match line 1

debug1: Host '[remotehost.net]:81' is known and matches the RSA host key.

debug1: Found key in /home/crimjob/.ssh/known_hosts:1

debug2: bits set: 516/1024

debug1: ssh_rsa_verify: signature correct

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: Roaming not allowed by server

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug2: key: /home/crimjob/.ssh/id_rsa ((nil))

debug2: key: /home/crimjob/.ssh/id_dsa (0x8fb4fd8)

debug1: Authentications that can continue: publickey,keyboard-interactive

debug3: start over, passed a different list publickey,keyboard-interactive

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Trying private key: /home/crimjob/.ssh/id_rsa

debug3: no such identity: /home/crimjob/.ssh/id_rsa

debug1: Offering public key: /home/cwaddilove/.ssh/id_dsa

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: Authentications that can continue: publickey,keyboard-interactive

debug2: we did not send a packet, disable method

debug3: authmethod_lookup keyboard-interactive

debug3: remaining preferred: password

debug3: authmethod_is_enabled keyboard-interactive

debug1: Next authentication method: keyboard-interactive

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug2: input_userauth_info_req

debug2: input_userauth_info_req: num_prompts 1

Password:

```

----------

## Crimjob

Does anyone have any ideas? I thought the debug output would help, but all I've found online is something pointing to the fact the key is encrypted and openssh can;t decrypt it properly.

----------

## SamuliSuominen

 *Quote:*   

> 
> 
> crimjob@localhost ~/.ssh $ ssh -vvv remotehost.net
> 
> OpenSSH_5.5p1, OpenSSL 0.9.8o 01 Jun 2010 
> ...

 

openssl-0.9.8o ? openssl-1.0.0a is current stable. Have you done following commands after openssl upgrade?

# revdep-rebuild --library libssl.so.0.9.8

# revdep-rebuild --library libcrypto.so.0.9.8

That is, if your openssl is at version 1.0.0a-r3

----------

## Crimjob

Trying that now, although both OpenSSL versions were same on host / server.

For giggles I even tried wiping out .ssh dir, and using ssh-installkeys to generate and install keys on the remote server, which is still producing the same results and similar log lines.

----------

## Crimjob

Looks like I've got some updating to do on remotehost, I did see however that ssh-keygen was updated. Once everything is done, I'll try again fresh and post my results.

----------

## Crimjob

Hmm I was much more hopeful seeing what was happening, but after cleaning and fixing everything up on remotehost, openssl is up to date, but trying again from scratch has still failed.

```
crimjob@localhost ~ $ ssh -vvv remotehost

OpenSSH_5.5p1, OpenSSL 1.0.0a 1 Jun 2010

debug1: Reading configuration data /etc/ssh/ssh_config

debug2: ssh_connect: needpriv 0

debug1: Connecting to remotehost [My IP] port 81.

debug1: Connection established.

debug3: Not a RSA1 key file /home/crimjob/.ssh/id_dsa.

debug2: key_type_from_name: unknown key type '-----BEGIN'

debug3: key_read: missing keytype

debug2: key_type_from_name: unknown key type 'Proc-Type:'

debug3: key_read: missing keytype

debug2: key_type_from_name: unknown key type 'DEK-Info:'

debug3: key_read: missing keytype

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug2: key_type_from_name: unknown key type '-----END'

debug3: key_read: missing keytype

debug1: identity file /home/crimjob/.ssh/id_dsa type 2

debug1: identity file /home/crimjob/.ssh/id_dsa-cert type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5

debug1: match: OpenSSH_5.5 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_5.5

debug2: fd 3 setting O_NONBLOCK

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: mac_setup: found hmac-md5

debug1: kex: server->client aes128-ctr hmac-md5 none

debug2: mac_setup: found hmac-md5

debug1: kex: client->server aes128-ctr hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug2: dh_gen_key: priv key bits set: 118/256

debug2: bits set: 501/1024

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug3: put_host_port: [My IP]:81

debug3: put_host_port: [remotehost]:81

debug3: check_host_in_hostfile: host [remotehost]:81 filename /home/crimjob/.ssh/known_hosts

debug3: check_host_in_hostfile: host [remotehost]:81 filename /home/crimjob/.ssh/known_hosts

debug3: check_host_in_hostfile: match line 1

debug3: check_host_in_hostfile: host [My IP]:81 filename /home/crimjob/.ssh/known_hosts

debug3: check_host_in_hostfile: host [My IP]:81 filename /home/crimjob/.ssh/known_hosts

debug3: check_host_in_hostfile: match line 1

debug1: Host '[remotehost]:81' is known and matches the RSA host key.

debug1: Found key in /home/crimjob/.ssh/known_hosts:1

debug2: bits set: 529/1024

debug1: ssh_rsa_verify: signature correct

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: Roaming not allowed by server

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug2: key: /home/crimjob/.ssh/id_dsa (0x8d19710)

debug1: Authentications that can continue: publickey,keyboard-interactive

debug3: start over, passed a different list publickey,keyboard-interactive

debug3: preferred publickey,keyboard-interactive

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Offering public key: /home/crimjob/.ssh/id_dsa

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: Authentications that can continue: publickey,keyboard-interactive

debug2: we did not send a packet, disable method

debug3: authmethod_lookup keyboard-interactive

debug3: remaining preferred:

debug3: authmethod_is_enabled keyboard-interactive

debug1: Next authentication method: keyboard-interactive

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug2: input_userauth_info_req

debug2: input_userauth_info_req: num_prompts 1

Password:
```

----------

## tuber

In /etc/ssh/sshd_config, try changing this line:

```
AuthorizedKeysFile      ~/.ssh/authorized_keys
```

 to 

```
AuthorizedKeysFile      .ssh/authorized_keys
```

 That is remove the "~/". Don't forget to restart sshd.

----------

## krinn

in sshd server config enable

```
StrictModes no
```

and report failure/success

----------

