Yup, you're right: encrypted home directory.
On Sat, Apr 2, 2011 at 2:29 PM, Magosányi Árpád <m...@magwas.rulez.org> wrote: > I don't believe it is an openssl bug. > You may have configured your home directory to be automounted on login (for > example encrypted home directory with your password opening the encryption > key). > You might want to change the authorized keys file location (and if you are > indeed using encrypted home directory, use your ssh key through the agent to > open it). > > On 2011-04-02 20:14, GravyFace wrote: >> >> Just as the title says: using PuTTY 0.60 with a PuTTYGen'ed DSA 2048 >> key with passphrase on a Windows XP host to connect to Ubuntu 10.04.1 >> LTS (OpenSSH_5.3p1; OpenSSL 0.9.8k). >> >> The odd thing is, it only works when I've logged into the console >> session of the host as the same user (gravyface, the sudoer user) I'm >> trying to authenticate with via SSH. >> >> If I log out of the console _before_ I SSH in from PuTTY, I get a >> "Server refused our key" error; the only way I can SSH in is if I have >> the console session open/logged in _first_ and then I can SSH in no >> problem; once I'm in/authenticated, I can close the console session. >> >> Changed log output to DEBUG3 in sshd_config, and see the following on >> an unsuccessful attempt (while not logged into the console as the >> user) in auth.log: >> >> 608:Apr 2 13:51:24 CJRR-DB01 sshd[3039]: Connection from 10.10.10.254 >> port 3715 >> 609:Apr 2 13:51:24 CJRR-DB01 sshd[3039]: debug1: Client protocol >> version 2.0; client software version PuTTY_Release_0.60 >> 610:Apr 2 13:51:24 CJRR-DB01 sshd[3039]: debug1: no match: >> PuTTY_Release_0.60 >> 611:Apr 2 13:51:24 CJRR-DB01 sshd[3039]: debug1: Enabling >> compatibility mode for protocol 2.0 >> 612:Apr 2 13:51:24 CJRR-DB01 sshd[3039]: debug1: Local version string >> SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu6 >> 613:Apr 2 13:51:24 CJRR-DB01 sshd[3039]: debug2: fd 3 setting O_NONBLOCK >> 614:Apr 2 13:51:24 CJRR-DB01 sshd[3039]: debug2: Network child is on pid >> 3040 >> 615:Apr 2 13:51:24 CJRR-DB01 sshd[3039]: debug3: preauth child monitor >> started >> 616:Apr 2 13:51:24 CJRR-DB01 sshd[3039]: debug3: mm_request_receive >> entering >> 617:Apr 2 13:51:24 CJRR-DB01 sshd[3039]: debug3: monitor_read: >> checking request 0 >> 618:Apr 2 13:51:24 CJRR-DB01 sshd[3039]: debug3: mm_answer_moduli: >> got parameters: 1024 4096 8192 >> 619:Apr 2 13:51:24 CJRR-DB01 sshd[3039]: debug3: mm_request_send >> entering: type 1 >> 620:Apr 2 13:51:24 CJRR-DB01 sshd[3039]: debug2: monitor_read: 0 used >> once, disabling now >> 621:Apr 2 13:51:24 CJRR-DB01 sshd[3039]: debug3: mm_request_receive >> entering >> 622:Apr 2 13:51:24 CJRR-DB01 sshd[3039]: debug3: monitor_read: >> checking request 5 >> 623:Apr 2 13:51:24 CJRR-DB01 sshd[3039]: debug3: mm_answer_sign >> 624:Apr 2 13:51:24 CJRR-DB01 sshd[3039]: debug3: mm_answer_sign: >> signature 0x7f7ae924bef0(271) >> 625:Apr 2 13:51:24 CJRR-DB01 sshd[3039]: debug3: mm_request_send >> entering: type 6 >> 626:Apr 2 13:51:24 CJRR-DB01 sshd[3039]: debug2: monitor_read: 5 used >> once, disabling now >> 627:Apr 2 13:51:24 CJRR-DB01 sshd[3039]: debug3: mm_request_receive >> entering >> 628:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug3: monitor_read: >> checking request 7 >> 629:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug3: mm_answer_pwnamallow >> 630:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug3: Trying to reverse >> map address 10.10.10.254. >> 631:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug2: parse_server_config: >> config reprocess config len 676 >> 632:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug3: >> mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 >> 633:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug3: mm_request_send >> entering: type 8 >> 634:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug2: monitor_read: 7 used >> once, disabling now >> 635:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug3: mm_request_receive >> entering >> 636:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug3: monitor_read: >> checking request 50 >> 637:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug1: PAM: initializing >> for "gravyface" >> 638:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug1: PAM: setting >> PAM_RHOST to "10.10.10.254" >> 639:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug1: PAM: setting PAM_TTY to >> "ssh" >> 640:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug2: monitor_read: 50 >> used once, disabling now >> 641:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug3: mm_request_receive >> entering >> 642:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug3: monitor_read: >> checking request 3 >> 643:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug3: mm_answer_authserv: >> service=ssh-connection, style=, role= >> 644:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug2: monitor_read: 3 used >> once, disabling now >> 645:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug3: mm_request_receive >> entering >> 646:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug3: monitor_read: >> checking request 21 >> 647:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug3: mm_answer_keyallowed >> entering >> 648:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug3: >> mm_answer_keyallowed: key_from_blob: 0x7f7ae9257990 >> 649:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug1: Checking blacklist >> file /usr/share/ssh/blacklist.DSA-2047 >> 650:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug1: Checking blacklist >> file /etc/ssh/blacklist.DSA-2047 >> 651:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug1: temporarily_use_uid: >> 1000/1000 (e=0/0) >> 652:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug1: trying public key >> file /home/gravyface/.ssh/authorized_keys >> 653:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug1: restore_uid: 0/0 >> 654:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug1: temporarily_use_uid: >> 1000/1000 (e=0/0) >> 655:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug1: trying public key >> file /home/gravyface/.ssh/authorized_keys2 >> 656:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug1: restore_uid: 0/0 >> 657:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: Failed publickey for >> gravyface from 10.10.10.254 port 3715 ssh2 >> 658:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug3: >> mm_answer_keyallowed: key 0x7f7ae9257990 is not allowed >> 659:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug3: mm_request_send >> entering: type 22 >> 660:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug3: mm_request_receive >> entering >> 661:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug1: do_cleanup >> 662:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug1: PAM: cleanup >> 663:Apr 2 13:51:27 CJRR-DB01 sshd[3039]: debug3: PAM: >> sshpam_thread_cleanup entering >> >> >> /home/gravyface/.ssh/ is 700, /home/gravyface/.ssh/authorized_keys is >> 600, but like I said, if I login at the console as gravyface, ALT-TAB >> over to PuTTY and open a new session, it asks for the passphrase and >> works fine. >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
