[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Keyed SSH login problem

I'm having a great deal of difficulty setting up two computers to log into one another for automated backup purposes. For the moment, I'm just trying to get one machine to log into the other non-interactively, and since it's over the internet I was going to use SSH.
Generated a v2 DSA public/private keypair on host1 under /home/sync/.ssh/sync-host1 and sync-host1.pub 
SCP'd the public key over to host2
Added the .pub to ~/.ssh/authorized_keys2 (and authorized_keys FWIW)
Now when I try and SSH from host1 with it (please note, names have been changed to protect the innocent); 

sync@host1:~$ ssh -v -2 -i .ssh/sync-host1 sync@host2
OpenSSH_3.8.1p1 Debian 1:3.8.1p1-8, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to host2 [192.168.1.5] port 22.
debug1: Connection established.
debug1: identity file .ssh/sync-host1 type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3 
debug1: match: OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 Debian 1:3.8.1p1-8
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'host2' is known and matches the RSA host key.
debug1: Found key in /home/sync/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive 
debug1: Next authentication method: publickey
debug1: Offering public key: .ssh/sync-host1
debug1: Authentications that can continue: publickey,password,keyboard-interactive 
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive 
debug1: Next authentication method: password
sync@host2's password:

Gah!
Both users were set up with the --disabled-password option to block normal login procedures. At first I thought it was my SSHD AllowGroups parameter (which blocks out all users other than those in wheel and, latterly, the auto-sync groups).
At first I put this down to bad ownerships that entailed from copying files to and fro from two machines that had no direct access to one another, as evidenced by these entries in /var/log/auth.log on host2:
Oct 11 16:50:46 host2 sshd[11023]: Authentication refused: bad ownership or modes for file /home/sync/.ssh/authorized_keys Oct 11 16:50:46 host2 sshd[11023]: Authentication refused: bad ownership or modes for directory /home/sync/.ssh Oct 11 16:50:48 host2 sshd[11023]: Failed password for sync from host1 port 34574 ssh2 
Oct 11 16:50:48 host2 last message repeated 2 times
I then chmodded the whole tree as 600 with user/group ownership for the local sync user, and the log entries changed to the rather less helpful:
Oct 11 17:11:56 host2 sshd[11059]: Failed password for sync from host1 port 34578 ssh2
I've been banging my head against it for a few days now, and am completely stumped as to what the problem is. Does anyone here have any ideas? Have I done something chronically stupid, or are the gremlins really out to get me this time? 

Any help much appreciated!
Reply to: