# [SOLVED] ssh access - asking for password

## Joseph_sys

I'm puzzled why ssh is asking me for password when I try to login into one user but not another.

I can login without password to user "thelma" on a remote system:

-rw------- 1 thelma thelma 1207 Jan 10  2010 authorized_keys2

but for user "fd" it keeps asking me for password:

-rw------- 1 fd fd 1207 Jun 18 14:12 authorized_keys2

I've copied file "authorized_keys2" from user "thelma" to "fd" and restart the sshd; so why is it asking me for password for one user but not for the other?

authorized_keys2 - has my public_key and both users are on the same machineLast edited by Joseph_sys on Sun Jun 19, 2011 2:19 am; edited 1 time in total

----------

## Hu

Does your local configuration specify not to use the same key file for both users?  Is the remote sshd ignoring the authorized_keys2 file?  What does the debug output for each end say?

----------

## Joseph_sys

 *Hu wrote:*   

> Does your local configuration specify not to use the same key file for both users?  Is the remote sshd ignoring the authorized_keys2 file?  What does the debug output for each end say?

 

How do I find out if my local configuration specify not to use the same key?

Which option is it in sshd_conig?

Here are the last few output with ssh -vvvvvv thelma@ip_address (connection goes through)

```
 

debug2: key: /home/joseph/.ssh/id_dsa (0x67d950)

debug2: key: /home/joseph/.ssh/id_ecdsa ((nil))

debug1: Authentications that can continue: publickey,keyboard-interactive

debug3: start over, passed a different list publickey,keyboard-interactive

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Trying private key: /home/joseph/.ssh/id_rsa

debug3: no such identity: /home/joseph/.ssh/id_rsa

debug1: Offering DSA public key: /home/joseph/.ssh/id_dsa

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: Server accepts key: pkalg ssh-dss blen 434

debug2: input_userauth_pk_ok: fp bc:e4:d0:3d:20:bb:81:2e:cc:6c:3f:1c:30:41:69:e4

debug3: sign_and_send_pubkey: DSA bc:e4:d0:3d:20:bb:81:2e:cc:6c:3f:1c:30:41:69:e4

debug1: read PEM private key done: type DSA

debug1: Authentication succeeded (publickey).

Authenticated to 192.168.139.1 ([192.168.139.1]:22).

debug1: Final hpn_buffer_size = 131072

debug1: HPN Disabled: 0, HPN Buffer Size: 131072

debug1: channel 0: new [client-session]

debug1: Enabled Dynamic Window Scaling
```

Now, the same for another user ssh -vvvvvv fb@ip_address (connection ask for password) 

```

debug2: key: /home/joseph/.ssh/id_dsa (0x67d950)

debug2: key: /home/joseph/.ssh/id_ecdsa ((nil))

debug1: Authentications that can continue: publickey,keyboard-interactive

debug3: start over, passed a different list publickey,keyboard-interactive

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Trying private key: /home/joseph/.ssh/id_rsa

debug3: no such identity: /home/joseph/.ssh/id_rsa

debug1: Offering DSA public key: /home/joseph/.ssh/id_dsa

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: Authentications that can continue: publickey,keyboard-interactive

debug1: Trying private key: /home/joseph/.ssh/id_ecdsa

debug3: no such identity: /home/joseph/.ssh/id_ecdsa

debug2: we did not send a packet, disable method

debug3: authmethod_lookup keyboard-interactive

debug3: remaining preferred: password

debug3: authmethod_is_enabled keyboard-interactive

debug1: Next authentication method: keyboard-interactive

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug2: input_userauth_info_req

debug2: input_userauth_info_req: num_prompts 1

Password:
```

----------

## Joseph_sys

It seems to me I'm not the only one with this problem, I run onto another guy who has similar problem:

http://www.linuxquestions.org/questions/red-hat-31/ssh-client-works-on-all-but-one-machine-811040/

----------

## cach0rr0

working

```

debug1: Offering DSA public key: /home/joseph/.ssh/id_dsa

```

non-working

```

debug3: no such identity: /home/joseph/.ssh/id_ecdsa 

```

Also, if you want to use only key-based SSH, this is literally all you need in sshd_config

```

Protocol 2

PubkeyAuthentication yes

AuthorizedKeysFile      .ssh/authorized_keys

PasswordAuthentication no

ChallengeResponseAuthentication no

UsePAM yes

PrintMotd no

PrintLastLog no

Subsystem       sftp    /usr/lib64/misc/sftp-server

```

Note you may need to change the paths for sftp, and for authorized_keys (since you used authorized_keys2)

----------

## Joseph_sys

SOLVED!

I found the solution, but I'm puzzled about it.

I stopped /etc/sshd and start it manually in debug mode 

```
/usr/sbin/sshd -Dd
```

now login from remote computer and I got:

```
Authentication refused: bad ownership or modes for directory /home/fd
```

I had:

drwxrwxr-x 31 fd     users   4096 Jun 18 14:54 fd

I changed to: 

chmod 750 /home/fd 

and that worked.  Can anybody explain to me why ssh refused to work in mode: "775" ?

it will work in 755 or 750 but not in 775

----------

## Hu

By design, sshd is very picky about the permissions of the authorized_keys file and every directory containing it, all the way out to /.  The most common sticking point is that you must not allow group write or other write on any of the directories.

----------

