"AllowGroups wheel users"

Did u try adding the user created by you in wheel group?

(ie) /etc/group file

On 5/28/06, Eni wrote:
> Hi,
>
> thanks for answering me
>
> My /etc/ssh/sshd_config looks currently like this:
> ---
> Port 5583
> Protocol 2
> AllowUsers admin user
> AddressFamily inet
> PasswordAuthentication no
> ChallengeResponseAuthentication no
> Subsystem sftp /usr/lib/misc/sftp-server
> AllowGroups wheel users
> LoginGraceTime 20
> PermitEmptyPasswords no
> PermitRootLogin no
> X11Forwarding no
> PrintLastLog yes
> HostbasedAuthentication no
> --
>
> After your email I've set "PubkeyAuthentication yes" to, but it don't
> change the problem or the error messages
>
> uhm, that sshd_config is a backup from my old server-system and there
> ssh had work very well.
>
> Greets,
> Eni
>
> Dony Pierre wrote:
> > Can you verify if you have set PubkeyAuthentication yes in your /etc/ss=

h/sshd-config on your ssh server.
> >
> > Regards.
> > Pierre.
> >
> >
> > -----Original Message-----
> > From: Eni [mailto:eni@gothic-family.net]
> > Sent: samedi 27 mai 2006 0:49
> > To: secureshell@securityfocus.com
> > Subject: permission denied (publickey)
> >
> > Hi,
> >
> > please, excuse my terrible english, but can anyone help?
> > I re-installed my server with Gentoo Linux and after that i get this:
> >
> > ---
> > $ ssh user@server
> > permission denied (publickey).
> > ---
> >
> > /var/log/auth.log says:
> > ---
> > sshd[8159]: User 'username' from 'domain' not allowed because not liste=

d in AllowUsers
> > ---
> >
> > But the user is listed in /etc/ssh/sshd_config at "AllowUsers" for sure=

!
> >
> >
> > ---debug---
> >
> > $ ssh -vv -2 -l user@remotebox -p 5583
> > OpenSSH_4.3p2, OpenSSL 0.9.7i 14 Oct 2005
> > debug1: Reading configuration data /etc/ssh/ssh_config
> > debug2: ssh_connect: needpriv 0
> > debug1: Connecting to 'IP' ['IP'] port 5583.
> > debug1: Connection established.
> > debug1: identity file /home/'localuser'/.ssh/id_rsa type -1
> > debug1: identity file /home/'localuser'/.ssh/id_dsa type -1
> > debug1: Remote protocol version 2.0, remote software version OpenSSH_4.=

3
> > debug1: match: OpenSSH_4.3 pat OpenSSH*
> > debug1: Enabling compatibility mode for protocol 2.0
> > debug1: Local version string SSH-2.0-OpenSSH_4.3
> > debug2: fd 3 setting O_NONBLOCK
> > debug1: SSH2_MSG_KEXINIT sent
> > debug1: SSH2_MSG_KEXINIT received
> > debug2: kex_parse_kexinit:
> > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-h=

ellman-group1-sha1
> > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> > debug2: kex_parse_kexinit:
> > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcf=

our,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr=
,aes256-ctr
> > debug2: kex_parse_kexinit:
> > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcf=

our,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr=
,aes256-ctr
> > debug2: kex_parse_kexinit:
> > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-=

96,hmac-md5-96
> > debug2: kex_parse_kexinit:
> > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-=

96,hmac-md5-96
> > debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
> > debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
> > debug2: kex_parse_kexinit:
> > debug2: kex_parse_kexinit:
> > debug2: kex_parse_kexinit: first_kex_follows 0
> > debug2: kex_parse_kexinit: reserved 0
> > debug2: kex_parse_kexinit:
> > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-h=

ellman-group1-sha1
> > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> > debug2: kex_parse_kexinit:
> > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcf=

our,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr=
,aes256-ctr
> > debug2: kex_parse_kexinit:
> > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcf=

our,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr=
,aes256-ctr
> > debug2: kex_parse_kexinit:
> > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-=

96,hmac-md5-96
> > debug2: kex_parse_kexinit:
> > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-=

96,hmac-md5-96
> > debug2: kex_parse_kexinit: none,zlib@openssh.com
> > debug2: kex_parse_kexinit: none,zlib@openssh.com
> > debug2: kex_parse_kexinit:
> > debug2: kex_parse_kexinit:
> > debug2: kex_parse_kexinit: first_kex_follows 0
> > debug2: kex_parse_kexinit: reserved 0
> > debug2: mac_init: found hmac-md5
> > debug1: kex: server->client aes128-cbc hmac-md5 none
> > debug2: mac_init: found hmac-md5
> > debug1: kex: client->server aes128-cbc hmac-md5 none
> > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> > debug2: dh_gen_key: priv key bits set: 144/256
> > debug2: bits set: 482/1024
> > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> > debug1: Host 'IP' is known and matches the RSA host key.
> > debug1: Found key in /home/localuser/.ssh/known_hosts:3
> > debug2: bits set: 502/1024
> > debug1: ssh_rsa_verify: signature correct
> > debug2: kex_derive_keys
> > debug2: set_newkeys: mode 1
> > debug1: SSH2_MSG_NEWKEYS sent
> > debug1: expecting SSH2_MSG_NEWKEYS
> > debug2: set_newkeys: mode 0
> > debug1: SSH2_MSG_NEWKEYS received
> > debug1: SSH2_MSG_SERVICE_REQUEST sent
> > debug2: service_accept: ssh-userauth
> > debug1: SSH2_MSG_SERVICE_ACCEPT received
> > debug2: key: /home/localuser/.ssh/id_rsa ((nil))
> > debug2: key: /home/localuser/.ssh/id_dsa ((nil))
> > debug1: Authentications that can continue: publickey
> > debug1: Next authentication method: publickey
> > debug1: Trying private key: /home/localuser/.ssh/id_rsa
> > debug1: Trying private key: /home/localuser/.ssh/id_dsa
> > debug2: we did not send a packet, disable method
> > debug1: No more authentication methods to try.
> > Permission denied (publickey).
> >
> > ---debug end---
> >
> > I generated the Keys with:
> > ---
> > "ssh-keygen -b 2048 -t rsa -f ${HOME}/.ssh/user_server"
> > ---
> >
> > Then copied it to the remote server to
> > /home/user/.ssh/authorized_keys
> > and set chmod 600 to authorized_keys.
> >
> > I can't find the problem, please help.
> >
> > Thanks in advance,
> > Eni (Denise Paschen)
> >
> > --
> > <<< Gentoo Linux | Fluxbox >>>
> > _ _
> > ( )_( ) Sorry, I'm Late.
> > (=B0 =B0) But I Got Lost On The Road Of Life.
> > >=B0< http://www.gothic-family.net/eni

> >
> >
> >
> > -----------------------------------------
> > Visit our website! http://www.nbb.be
> >
> > "DISCLAIMER: The content of this e-mail message should not be
> > construed as binding on the part of the National Bank of Belgium
> > (NBB) unless otherwise and previously stated. The opinions
> > expressed in this message are solely those of the author and do not
> > necessarily reflect NBB viewpoints, particularly when the content
> > of this message, or part thereof, is private by nature or does not
> > fall within the professional scope of its author."
> >
> >

>
>
> --
> <<< Gentoo Linux | Fluxbox >>>
> _ _
> ( )_( ) Sorry, I'm Late.
> (=B0 =B0) But I Got Lost On The Road Of Life.
> >=B0< http://www.gothic-family.net/eni

>
>
>