Joao Ferreira Gmail wrote: > a) user jane on one system transfers her public DSA key to account john > at a given remote host. it works. jane accesses john's account without > typing a password. > > b) now the same user jane transfers her public DSA key to account mary > at the _same_ remote host. it does not work. she get's prompted for a > passord (she get's access by typing mary's password) > > my guess is that there must be some difference between john and mary > accounts. I can not realise what it is (shell is bash on both). Usually people trip over permissions being too open. Assuming you are using /home try this to look at the permissions. $ ls -ld /home /home/mary /home/mary/.ssh /home/mary/.ssh/authorized_keys drwxr-xr-x 9 root root 4096 Feb 28 2011 /home drwxr-xr-x 126 mary mary 16384 Oct 20 23:17 /home/mary drwx------ 2 mary mary 4096 Sep 29 18:31 /home/mary/.ssh -rw-r--r-- 1 mary mary 809 Oct 28 2010 /home/mary/.ssh/authorized_keys All of those directories should be writable only by the owner and the owner should be mary. The typical problem is that people will have one of those files to be group writable. In that case sshd refuses the authorized_keys file due to the possibility that another user can write to the file. > Please find bellow the output of "ssh -vvv ...." for both situations. The verbose output of the sshd would be more helpful. Easiest to run it on another port temporarily. # /usr/sbin/sshd -d -p 2222 And then try to log into it on that other port. jane@localhost:~$ ssh -p 2222 localhost You might see an error like this one on the sshd server debug side: Authentication refused: bad ownership or modes for directory /home/mary Bob
Attachment:
signature.asc
Description: Digital signature