That was a typo in the message. Actually, it looks like the problem
might be shadow passwords, but I thought I should be able to connect
as myself only. Here's a section from "sshd -d5":

sshd: SSH Secure Shell 3.2.9 on sparc-sun-solaris2.9
debug[29882]: SshHostKeyIO/sshhostkeyio.c:154: Reading private host key from /export/home/jburelba/.ssh2/hostkey
debug[29885]: SshUserFile/sshuserfile.c:740: uid = 14823, euid = 14823
debug[29882]: SshUserFiles/sshkeyblob2.c:573: key blob magic = 0x00000000
debug[29886]: SshUserFile/sshuserfile.c:740: uid = 14823, euid = 14823
debug[29882]: SshHostKeyIO/sshhostkeyio.c:165: Key comment: 1024-bit dsa hostkey
debug[29882]: SshHostKeyIO/sshhostkeyio.c:194: Reading public host key from /export/home/jburelba/.ssh2/hostkey.pub
debug[29882]: SshUserFiles/sshkeyblob2.c:573: key blob magic = 0x00000000
debug[29882]: SshHostKeyIO/sshhostkeyio.c:279: Host key algorithms (from disk): ssh-dss
debug[29887]: SshUserFile/sshuserfile.c:740: uid = 14823, euid = 14823
debug[29888debug[]: SshUserFile/sshuserfile.c:740: uid = 14823, euid = 14823
29882]: SshCertEdb/cmi-edb.c:265: EDB: Adding database: ssh.http
debug[29882]: SshCertEdb/cmi-edb.c:298: EDB: Removing database: ssh.ldap
debug[29882]: SshCertEdb/cmi-edb.c:265: EDB: Adding database: ssh.ldap
debug[29882]: SshCertEdb/cmi-edb.c:298: EDB: Removing database: ssh.ldap
debug[29882]: SshCertEdb/cmi-edb.c:265: EDB: Adding database: ssh.ldap
debug[29882]: SshCertEdb/cmi-edb.c:265: EDB: Adding database: ssh.http
debug[29882]: Becoming server.
debug[29882]: Creating listener
debug[29882]: SshUnixTcp/sshunixtcp.c:800: Making TCP listener
debug[29882]: SshUnixTcp/sshunixtcp.c:837: Making IPv4 and IPv6 TCP listeners
debug[29882]: Listener created
debug[29882]: no udp listener created.
debug[29882]: Sshd2/sshd2.c:3300: Trying to create pidfile /var/run/sshd2_2022.pid
debug[29882]: Sshd2/sshd2.c:3307: Trying to create pidfile /etc/ssh2/sshd2_2022.pid
debug[29882]: Running event loop
debug[29882]: SshEventLoop/sshunixeloop.c:934: Starting the event loop.
debug[29882]: SshSigChld/sigchld.c:130: SIGCHLD received.
debug[29882]: SshSigChld/sigchld.c:130: SIGCHLD received.
debug[29882]: Sshd2/sshd2.c:2007: new_connection_callback
debug[29882]: Sshd2/sshd2.c:1855: remote hostname is "barcelona".
debug[29882]: Sshd2/sshd2.c:1934: Wrapping stream with ssh_server_wrap...
debug[29882]: ssh_server_wrap: creating transport protocol
debug[29882]: Ssh2Transport/trcommon.c:1968: Setting new keys and algorithms
debug[29882]: Ssh2Transport/trcommon.c:1988: Allocating cipher: name: none, key_len: 16.
debug[29882]: Ssh2Transport/trcommon.c:1968: Setting new keys and algorithms
debug[29882]: Ssh2Transport/trcommon.c:1988: Allocating cipher: name: none, key_len: 16.
debug[29882]: Ssh2Transport/trcommon.c:3676: My version: SSH-2.0-3.2.9 SSH Secure Shell
debug[29882]: SshAuthMethodServer/sshauthmethods.c:73: Added method "publickey" to candidates.
debug[29882]: SshAuthMethodServer/sshauthmethods.c:73: Added "publickey" to usable methods.
debug[29882]: SshAuthMethodServer/sshauthmethods.c:73: Added "hostbased" to usable methods.
debug[29882]: SshAuthMethodServer/sshauthmethods.c:73: Added "pam-1@ssh.com" to usable methods.
debug[29882]: SshAuthMethodServer/sshauthmethods.c:73: Added "password" to usable methods.
debug[29882]: SshAuthMethodServer/sshauthmethods.c:73: Added "keyboard-interactive" to usable methods.
debug[29882]: ssh_server_wrap: creating userauth protocol
debug[29882]: Ssh2Common/sshcommon.c:455: creating SshCommon object
debug[29882]: Ssh2Common/sshcommon.c:537: local ip = 165.112.22.230, local port = 2022
debug[29882]: Ssh2Common/sshcommon.c:539: remote ip = 165.112.22.230, remote port = 63548
debug[29882]: Ssh2Common/sshcommon.c:541: initializing channel types and requests
debug[29882]: Ssh2Common/sshcommon.c:630: Creating connection protocol.
debug[29882]: SshConnection/sshconn.c:1945: Wrapping...
debug[29882]: Ssh2Common/sshcommon.c:639: connection protocol created
debug[29882]: Sshd2/sshd2.c:1972: done.
debug[29882]: new_connection_callback returning
debug[29882]: Ssh2Transport/trcommon.c:641: Reading version number.
debug[29882]: Remote version: SSH-1.99-3.2.9 SSH Secure Shell
debug[29882]: Major: 3 Minor: 2 Revision: 9
debug[29882]: Ssh2Transport/trcommon.c:1045: Constructing the first key exchange packet.
debug[29882]: Ssh2Transport/trcommon.c:2578: local kexinit: kex algs = diffie-hellman-group1-sha1
debug[29882]: Ssh2Transport/trcommon.c:2588: local kexinit: host key algs = ssh-dss
debug[29882]: Ssh2Transport/trcommon.c:2596: local kexinit: ciphers c to s = aes128-cbc,3des-cbc,twofish128-cbc,cast128-cbc,twofish-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc,arcfour
debug[29882]: Ssh2Transport/trcommon.c:2604: local kexinit: ciphers s to c = aes128-cbc,3des-cbc,twofish128-cbc,cast128-cbc,twofish-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc,arcfour
debug[29882]: Ssh2Transport/trcommon.c:2610: local kexinit: macs c to s = hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
debug[29882]: Ssh2Transport/trcommon.c:2616: local kexinit: macs s to c = hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
debug[29882]: Ssh2Transport/trcommon.c:2622: local kexinit: compressions c to s = none,zlib
debug[29882]: Ssh2Transport/trcommon.c:2628: local kexinit: compressions s to c = none,zlib
debug[29882]: Ssh2Transport/trcommon.c:2639: local kexinit: first_packet_follows = FALSE
debug[29882]: Ssh2Transport/trcommon.c:555: Outgoing empty, sending empty ignore packet.
debug[29882]: Ssh2Transport/trcommon.c:1908: Getting a SSH_MSG_KEXINIT packet from connection.
debug[29882]: Ssh2Transport/trcommon.c:1908: Getting a SSH_MSG_KEXINIT packet from connection.
debug[29882]: Ssh2Transport/trcommon.c:1842: Processing received SSH_MSG_KEXINIT.
debug[29882]: Ssh2Transport/trcommon.c:1169: Computing algorithms from key exchange.
debug[29882]: Ssh2Transport/trcommon.c:1216: client: kex = diffie-hellman-group1-sha1, hk_alg = ssh-dss,ssh-rsa,x509v3-sign-dss,x509v3-sign-rsa
debug[29882]: Ssh2Transport/trcommon.c:1218: server: kex = diffie-hellman-group1-sha1, hk_alg = ssh-dss
debug[29882]: Ssh2Transport/trcommon.c:1367: lang s to c: `', lang c to s: `'
debug[29882]: Ssh2Transport/trcommon.c:1378: first_kex_packet_follows: TRUE
debug[29882]: Ssh2Transport/trcommon.c:1433: c_to_s: cipher aes128-cbc, mac hmac-sha1, compression none
debug[29882]: Ssh2Transport/trcommon.c:1436: s_to_c: cipher aes128-cbc, mac hmac-sha1, compression none
debug[29882]: Ssh2Transport/trcommon.c:1466: Chosen host key algorithm: ssh-dss, Chosen kex algorithm: diffie-hellman-group1-sha1, Guessed right
debug[29882]: Ssh2Transport/trcommon.c:2119: Receiving first key exchange packet.
debug[29882]: Ssh2Transport/trcommon.c:2048: Key check finalized. Key is accepted.
debug[29882]: Ssh2Transport/trcommon.c:1077: Constructing the second key exchange packet.
debug[29882]: Ssh2Compat/ssh2compat.c:89: Private key is not an RSA key, so nothing needs to be done. (type = 'dl-modp')
debug[29882]: Ssh2Transport/trcommon.c:555: Outgoing empty, sending empty ignore packet.
debug[29882]: Ssh2Transport/trcommon.c:555: Outgoing empty, sending empty ignore packet.
debug[29882]: Ssh2Transport/trcommon.c:1968: Setting new keys and algorithms
debug[29882]: Ssh2Transport/trcommon.c:1988: Allocating cipher: name: aes128-cbc, key_len: 16.
debug[29882]: Ssh2Transport/trcommon.c:2254: Receiving SSH_MSG_NEWKEYS.
debug[29882]: Ssh2Transport/trcommon.c:2254: Receiving SSH_MSG_NEWKEYS.
debug[29882]: Ssh2Transport/trcommon.c:2254: Receiving SSH_MSG_NEWKEYS.
debug[29882]: Ssh2Transport/trcommon.c:1968: Setting new keys and algorithms
debug[29882]: Ssh2Transport/trcommon.c:1988: Allocating cipher: name: aes128-cbc, key_len: 16.
debug[29882]: Ssh2Transport/trcommon.c:2393: Waiting for a service request packet.
debug[29882]: Ssh2Transport/trcommon.c:2393: Waiting for a service request packet.
debug[29882]: Ssh2Transport/trcommon.c:2884: BLOCKING: up service accept wait
debug[29882]: Ssh2Transport/trcommon.c:555: Outgoing empty, sending empty ignore packet.
debug[29882]: Ssh2Transport/trcommon.c:2304: Sending startup packet to application layer.
debug[29882]: Ssh2Transport/trcommon.c:2343: Sending algorithms to application layer.
debug[29882]: SshUnixUser/sshunixuser.c:408: Can't find jburelba's shadow - access denied.
debug[29882]: Sshd2/sshd2.c:1142: user 'jburelba' service 'ssh-connection' client_ip '165.112.22.230' client_port '63548' completed ''
debug[29882]: Sshd2/sshd2.c:1195: Number of groups: 2.
debug[29882]: Sshd2/sshd2.c:1200: Adding group: eos, 100.
debug[29882]: Sshd2/sshd2.c:1200: Adding group: sysadmin, 14.
debug[29882]: Sshd2/sshd2.c:1572: output: publickey
debug[29882]: Ssh2AuthCommonServer/auths-common.c:414: User jburelba's login is not allowed due to system policy
debug[29882]: Ssh2AuthCommonServer/auths-common.c:41: publickey authentication failed. Login to account jburelba not allowed or account non-existent.
debug[29882]: Sshd2/sshd2.c:1142: user 'jburelba' service 'ssh-connection' client_ip '165.112.22.230' client_port '63548' completed ''
debug[29882]: Sshd2/sshd2.c:1572: output:
debug[29882]: Ssh2Transport/trcommon.c:1511: Processing received SSH_MSG_DISCONNECT
debug[29882]: Ssh2Transport/trcommon.c:595: Disconnecting: reason code: 14 message: 'No further authentication methods available.'


On Mon, Jul 24, 2006 at 11:24:02AM +0200, Nathan Jackson-Eeles scribbled:
> Jonathan,
>
> Don't know whether you fixed this or not, but I've just got round to
> reading this post.
>
> The server is reporting the following to the client:
> debug: server offers auth methods ''.
>
> I would check the syntax of your AllowedAuthentications in your
> sshd2_config.
>
> I'm not sure whether it's just a typo in your mail, but it should
> begin with a capital "A":
>
> AllowedAuthentications publickey
>
> HTH,
>
> Nathan
>
>
>
> On 5/30/06, Jonathan Burelbach wrote:
> >I am trying to setup sshd to run as a non-root user to limit connections
> >to and from certain hosts. I'm running ssh.com v3.2.9 on Solaris 9
> >on an e25k and I am able to start sshd as myself, but login using keys
> >doesn't work. I've got "allowedAuthentications" set to just "publickey"
> >since passwd won't work and authorization and identification files are
> >correct since I can login remotely using keys. Any one have any clues?
> >
> >TIA.
> >
> >The daemon tells me:
> >
> > jburelba@barcelona: ~ 323 -> /usr/local/sbin/sshd -v
> > debug[23292]: SshConfig/sshconfig.c:2838: Metaconfig parsing stopped at
> > line 3.
> > debug[23292]: SshConfig/sshconfig.c:3130: Read 10 params from config
> > file.
> > sshd: SSH Secure Shell 3.2.9 on sparc-sun-solaris2.9
> > debug[23292]: SshHostKeyIO/sshhostkeyio.c:194: Reading public host key
> > from /export/home/jburelba/.ssh2/hostkey.pub
> > debug[23292]: SshHostKeyIO/sshhostkeyio.c:279: Host key algorithms (from
> > disk): ssh-dss
> > debug[23292]: Becoming server.
> > debug[23292]: Creating listener
> > debug[23292]: Listener created
> > debug[23292]: no udp listener created.
> > debug[23292]: Running event loop
> > debug[23292]: Sshd2/sshd2.c:2007: new_connection_callback
> > debug[23292]: Sshd2/sshd2.c:1934: Wrapping stream with ssh_server_wrap...
> > debug[23292]: ssh_server_wrap: creating transport protocol
> > debug[23292]: Ssh2Transport/trcommon.c:3676: My version: SSH-2.0-3.2.9
> > SSH Secure Shell
> > debug[23292]: ssh_server_wrap: creating userauth protocol
> > debug[23292]: Ssh2Common/sshcommon.c:537: local ip = 127.0.0.1, local
> > port = 2022
> > debug[23292]: Ssh2Common/sshcommon.c:539: remote ip = 127.0.0.1, remote
> > port = 58829
> > debug[23292]: SshConnection/sshconn.c:1945: Wrapping...
> > debug[23292]: Sshd2/sshd2.c:1972: done.
> > debug[23292]: new_connection_callback returning
> > debug[23292]: Remote version: SSH-1.99-3.2.9 SSH Secure Shell
> > debug[23292]: Major: 3 Minor: 2 Revision: 9
> > debug[23292]: Ssh2Transport/trcommon.c:1367: lang s to c: `', lang c to
> > s: `'
> > debug[23292]: Ssh2Transport/trcommon.c:1433: c_to_s: cipher aes128-cbc,
> > mac hmac-sha1, compression none
> > debug[23292]: Ssh2Transport/trcommon.c:1436: s_to_c: cipher aes128-cbc,
> > mac hmac-sha1, compression none
> > debug[23292]: SshUnixUser/sshunixuser.c:408: Can't find jburelba's
> > shadow - access denied.
> > debug[23292]: Sshd2/sshd2.c:1142: user 'jburelba' service
> > 'ssh-connection' client_ip '127.0.0.1' client_port '58829' completed ''
> > debug[23292]: Sshd2/sshd2.c:1195: Number of groups: 2.
> > debug[23292]: Sshd2/sshd2.c:1200: Adding group: eos, 100.
> > debug[23292]: Sshd2/sshd2.c:1200: Adding group: sysadmin, 14.
> > debug[23292]: Sshd2/sshd2.c:1572: output: publickey
> > debug[23292]: Ssh2AuthCommonServer/auths-common.c:414: User jburelba's
> > login is not allowed due to system policy
> > debug[23292]: Ssh2AuthCommonServer/auths-common.c:41: publickey
> > authentication failed. Login to account jburelba not allowed or account
> > non-existent.
> > debug[23292]: Sshd2/sshd2.c:1142: user 'jburelba' service
> > 'ssh-connection' client_ip '127.0.0.1' client_port '58829' completed ''
> > debug[23292]: Sshd2/sshd2.c:1572: output:
> > debug[23292]: Ssh2Common/sshcommon.c:169: DISCONNECT received: No
> > further authentication methods available.
> > debug[23292]: Sshd2/sshd2.c:366: locally_generated = FALSE
> > debug[23292]: Ssh2Common/sshcommon.c:662: Destroying SshCommon object.
> > debug[23292]: SshConnection/sshconn.c:1997: Destroying SshConn object.
> >
> >
> >And the client says:
> >
> > jburelba@barcelona: ~ 341 -> /usr/local/bin/ssh -v localhost -p 2022
> > debug: SshConfig/sshconfig.c:2838: Metaconfig parsing stopped at line 3.
> > debug: SshConfig/sshconfig.c:3130: Read 0 params from config file.
> > debug: Ssh2/ssh2.c:1707: User config file not found, using defaults.
> > (Looked for '/export/home/jburelba/.ssh2/ssh2_config')
> > debug: Connecting to localhost, port 2022... (SOCKS not used)
> > debug: Ssh2Transport/trcommon.c:3676: My version: SSH-1.99-3.2.9 SSH
> > Secure Shell
> > debug: client supports 3 auth methods:
> > 'publickey,keyboard-interactive,password'
> > debug: Ssh2Common/sshcommon.c:537: local ip = 127.0.0.1, local port =
> > 58829
> > debug: Ssh2Common/sshcommon.c:539: remote ip = 127.0.0.1, remote port =
> > 2022
> > debug: SshConnection/sshconn.c:1945: Wrapping...
> > debug: SshReadLine/sshreadline.c:2427: Initializing ReadLine...
> > debug: Remote version: SSH-2.0-3.2.9 SSH Secure Shell
> > debug: Major: 3 Minor: 2 Revision: 9
> > debug: Ssh2Transport/trcommon.c:1367: lang s to c: `', lang c to s: `'
> > debug: Ssh2Transport/trcommon.c:1433: c_to_s: cipher aes128-cbc, mac
> > hmac-sha1, compression none
> > debug: Ssh2Transport/trcommon.c:1436: s_to_c: cipher aes128-cbc, mac
> > hmac-sha1, compression none
> > debug: SshKeyFile/sshkeyfile.c:373: file
> > /export/home/jburelba/.ssh2/hostkeys/key_2022_localhost.pub does not
> > exist.
> > debug: SshKeyFile/sshkeyfile.c:373: file
> > /etc/ssh2/hostkeys/key_2022_localhost.pub does not exist.
> > Host key not found from database.
> > Key fingerprint:
> > xuzil-vunov-migug-becur-kehib-zyfob-zedyn-kemeg-kahor-sysyf-muxux
> > You can get a public key's fingerprint by running
> > % ssh-keygen -F publickey.pub
> > on the keyfile.
> > Are you sure you want to continue connecting (yes/no)? yes
> > Host key saved to
> > /export/home/jburelba/.ssh2/hostkeys/key_2022_localhost.pub
> > host key for localhost, accepted by jburelba Tue May 30 2006 14:53:05
> > -0500
> > debug: Ssh2Common/sshcommon.c:332: Received SSH_CROSS_STARTUP packet
> > from connection protocol.
> > debug: Ssh2Common/sshcommon.c:382: Received SSH_CROSS_ALGORITHMS packet
> > from connection protocol.
> > WARNING ** WARNING ** WARNING ** WARNING ** WARNING
> >
> > This is a U.S. Government computer system, which may be accessed and used
> > only for authorized Government business by authorized personnel.
> > Unauthorized access or use of this computer system may subject violators
> > to
> > criminal, civil, and/or administrative action. All information on this
> > computer system may be intercepted, recorded, read, copied, and
> > disclosed by
> > and to authorized personnel for official purposes, including criminal
> > investigations. Such information includes sensitive data encrypted to
> > comply
> > with confidentiality and privacy requirements. Access or use of this
> > computer
> > system by any person, whether authorized or unauthorized, constitutes
> > consent
> > to these terms. There is no right of privacy in this system.
> >
> > WARNING ** WARNING ** WARNING ** WARNING ** WARNING
> >
> >
> > debug: server offers auth methods 'publickey'.
> > debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1794: Starting pubkey auth...
> > debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1739: Agent is running,
> > asking keys...
> > debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1549: Got 3 keys from the
> > agent.
> > debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1666: adding keyfile
> > "/export/home/jburelba/.ssh2/id_dsa_1024_b" to candidates
> > debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1666: adding keyfile
> > "/export/home/jburelba/.ssh2/id_rsa_2048_a" to candidates
> > debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1666: adding keyfile
> > "/export/home/jburelba/.ssh2/id_dsa_2048_a" to candidates
> > debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1529: Trying 6 key candidates.
> > debug: server offers auth methods ''.
> > debug: Ssh2Common/sshcommon.c:169: DISCONNECT received: No further
> > authentication methods available.
> > debug: SshReadLine/sshreadline.c:2485: Uninitializing ReadLine...
> > warning: Authentication failed.
> > Disconnected; no more authentication methods available (No further
> > authentication methods available.).
> > debug: Ssh2Common/sshcommon.c:662: Destroying SshCommon object.
> > debug: SshConnection/sshconn.c:1997: Destroying SshConn object.
> > Exit 78
> >
> >
> >
> >--
> >=========+=========+=========+=========+=========+ =========+=========+
> >Jonathan Burelbach jburelba@mail.nih.gov
> >Unix Systems Administrator jburelbach@nih.gov
> >NIH/CIT/DCSS/SOSB;12 South Dr.;Bldg 12B/2N207;Bethesda (301) 496-7372
> >


--
=========+=========+=========+=========+=========+ =========+=========+
Jonathan Burelbach jburelba@mail.nih.gov
Unix Systems Administrator jburelbach@nih.gov
NIH/CIT/DCSS/SOSB;12 South Dr.;Bldg 12B/2N207;Bethesda (301) 496-7372