Hi Aaron,

The client offers the key to the server, so the server is failing to accept it.

Did you check the permissions for the ~/.ssh directory on the server?
If set too loose, this could cause problems.

Regards,

Nathan


On 6/30/06, Aaron Peterson wrote:
> I use 6 rhel boxes that should all be configured identically, but
> apparently are not. I was setting up logins with keys to use ssh from
> one to the other, and they all work but one. I need some help
> figuring out why this might be.
>
> I generated a dsa key for clienthost and brokenhost with "ssh-keygen
> -t dsa -b 2048" and just hit enter to use the default file name and no
> passphrase. I added the id_dsa.pub contents to authorized_keys in
> ~/.ssh on the brokenhost. This procedure worked for connecting to all
> of the 6 servers except brokenhost. Perhaps someone can tell me why.
> Unfortunately I don't have root on these servers, and cannot look at
> the sshd_config.
>
> the "ssh -vv brokenhost" follows:
>
> [user@clienthost user]$ ssh -vv brokenhost
> OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Rhosts Authentication disabled, originating port will not be trusted.
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to brokenhost [192.168.1.30] port 22.
> debug1: Connection established.
> debug1: identity file /home/user/.ssh/identity type -1
> debug1: identity file /home/user/.ssh/id_rsa type -1
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug2: key_type_from_name: unknown key type '-----END'
> debug1: identity file /home/user/.ssh/id_dsa type 2
> debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2
> debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug2: dh_gen_key: priv key bits set: 131/256
> debug2: bits set: 1525/3191
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'brokenhost' is known and matches the RSA host key.
> debug1: Found key in /home/user/.ssh/known_hosts:12
> debug2: bits set: 1617/3191
> debug1: ssh_rsa_verify: signature correct
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/user/.ssh/identity
> debug1: Trying private key: /home/user/.ssh/id_rsa
> debug1: Offering public key: /home/user/.ssh/id_dsa
> debug2: we sent a publickey packet, wait for reply
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug2: we did not send a packet, disable method
> debug1: Next authentication method: keyboard-interactive
> debug2: userauth_kbdint
> debug2: we sent a keyboard-interactive packet, wait for reply
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug2: we did not send a packet, disable method
> debug1: Next authentication method: password
> user@brokenhost's password:
>