SSH Key Auth - Win client Fedora Server

Darrin Chandler dwchandler at stilyagin.com
Fri Mar 16 13:19:02 MST 2007


On Fri, Mar 16, 2007 at 12:58:33PM -0700, Bryan O'Neal wrote:
> 
> I generated my RSA keys on the windows client. 
> 
> I made sure RSAAuth, PubkeyAuth, and Auth... Key... Files... lines were
> uncommented out of my sshd_config and restarted the service on the
> server. 
> 
> I copied the id_rsa.pub file from the client to the server and cat'ed it
> to ~/.ssh/authorized_keys. 
> 
> Changed the permissions on authorized_keys to -rw-r--r-- and attempted
> to make a connection. 

<snip>

> debug: Ssh2AuthPubKeyClient: Trying 1 key candidates.
> 
> debug: server offers auth methods 'publickey,gssapi-with-mic,password'.
> 
> debug: Ssh2AuthPubKeyClient: All keys declined by server, disabling
> method.
> 
> debug: Ssh2AuthClient: Method 'publickey' disabled.
> 
> debug: server offers auth methods 'publickey,gssapi-with-mic,password'.
> 
> debug: Ssh2AuthPasswdClient: Starting password auth...

So your client is indeed trying to use the key. Seems good there.

No keys match with what the server has. The next place to check is the
server logs. Without seeing the conversation on the server side, here's
my guess... You took the pub key from windows and put it directly,
without modification, into authorized_keys on the server. The Windows
clients I've seen generate key files in a form incompatible with
OpenSSH. But they are easy to massage into shape. On the Linux side,
your authorized_keys file should contain a single line per key in a form
like:

ssh-rsa AAAA<lots-of-base64-stuff>XpF= you at example.com

Your Windows software probably produced a multi-line public key that
looks similar to PGP stuff you sometimes see in email. You'll need to
extract out the base64 key info and make it a single line similar to the
above, and that's what you need in authorized_keys.

-- 
Darrin Chandler                   |  Phoenix BSD Users Group
dwchandler at stilyagin.com          |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/darrin/  |


More information about the PLUG-discuss mailing list