Good point. I did a hex dump of the current key file. There's exactly one newline at the end of each key (including the last one.)
On Fri, Oct 10, 2014 at 9:39 AM, Brian H. Ward <[email protected]> wrote: > If I remember right, the keys work independently, but not when > concatenated together? That smells like a missing EOL (in the first one). I > don't think ssh needs an EOL on the last line, but it definitely needs it > in between the public keys. > > On Fri, Oct 10, 2014 at 10:35 AM, Wesley Duffee-Braun <[email protected]> > wrote: > >> "We have another server that's identical except it's a physical machine, >> it's working perfectly." >> >> So what is working on that machine? is that the machine you can connect >> to without issue, or is that the machine where the authorized_keys live and >> you can ssh out of that box to others without a password? >> >> Have you tried (when you put keys back in the authorized_keys file) >> re-arranging their order? >> >> On Fri, Oct 10, 2014 at 9:28 AM, Curt Lundgren <[email protected]> >> wrote: >> >>> File and directory ownership and permissions are correct. >>> >>> Normally I create (and expand, if necessary) the authorized_keys file by >>> doing a cat on the existing file, if any, and the new key file. This >>> doesn't add newlines, and none of these files have ever seen a Windows >>> system. I did a hex dump of the current file; there's a single newline at >>> the end of each key. >>> >>> What has me confused is that I can copy any of the key files as >>> authorized_keys and login works perfectly. Cat two or more of them >>> together, it refuses to work. >>> >>> A couple of GSSAPI options were on; I turned them off and restarted >>> sshd. Still no joy. >>> >>> Thanks for the tips and hints! >>> >>> On Fri, Oct 10, 2014 at 9:04 AM, Tilghman Lesher <[email protected]> >>> wrote: >>> >>>> On Thu, Oct 9, 2014 at 5:25 PM, Curt Lundgren <[email protected]> >>>> wrote: >>>> > All was well in Linux-land until yesterday when I added another host >>>> key to >>>> > .ssh/authorized_keys. It's running CentOS 6.5, a VM under VMware. >>>> > >>>> > .ssh/ is owned by root:root. Its files are similarly owned and both >>>> > authorized_keys and known_hosts have 600 permissions. >>>> >>>> You're ssh'ing as root? The files and directory should be owned by >>>> the same user as you're ssh'ing as. Also, did you become root with >>>> 'sudo -s', 'sudo su -', or another command that institutes the >>>> environment? 'sudo su' doesn't, which may mess up things like that. >>>> >>>> > OpenSSH is version 5.3p1. >>>> > >>>> > After yesterday I can use a key file from any host, just one host, >>>> and it >>>> > works perfectly. Cat together the keys from two or more hosts and it >>>> asks >>>> > for a password. >>>> >>>> I would explicitly check for aberrant newlines in the file. If you're >>>> looking at the file with xterm, most editors will naturally resize, >>>> when you vary the width of the terminal. Look for lines that aren't >>>> wrapping continuously. All individual keys should be on a single >>>> line. I've had this problem where I manually copied a key with the >>>> mouse, and the editor inserted a newline in the middle of a key. >>>> >>>> Also check for a Windows newline (\r) in any of the files. You can >>>> remove them with: tr -d '\015' <oldfile >newfile >>>> >>>> > I don't have hair to tear out, does anyone have ideas what might be >>>> going >>>> > on? We have another server that's identical except it's a physical >>>> machine, >>>> > it's working perfectly. >>>> >>>> My general inclination is that you've got a bad character in one of >>>> the files, and as soon as ssh sees that, it aborts parsing. >>>> >>>> One last thing to check is that you have Kerberos and GSSAPI >>>> authentication turned off in /etc/ssh/sshd_config. This is a Red Hat >>>> derived platform, and they have a habit of turning alternate >>>> authentication systems on, which may mess with authorized_keys >>>> authentication. >>>> >>>> -- >>>> Tilghman >>>> >>>> -- >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "NLUG" group. >>>> To post to this group, send email to [email protected] >>>> To unsubscribe from this group, send email to >>>> [email protected] >>>> For more options, visit this group at >>>> http://groups.google.com/group/nlug-talk?hl=en >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "NLUG" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "NLUG" group. >>> To post to this group, send email to [email protected] >>> To unsubscribe from this group, send email to >>> [email protected] >>> For more options, visit this group at >>> http://groups.google.com/group/nlug-talk?hl=en >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "NLUG" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> http://www.wesleyduffeebraun.com >> <http://www.ashevillephotobooth.com> >> >> -- >> -- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/nlug-talk?hl=en >> >> --- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > and accordingly all experience hath shewn, that mankind are more disposed > to suffer, while evils are sufferable, than to right themselves by > abolishing the forms to which they are accustomed -- thomas jefferson > > -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
