I thought I had the same problem, with Server: Ubuntu server 8.04.1
and either/both of Client1: Ubuntu-eee 8.04.1 (slimmed down version of Ubuntu for Asus EEE PC; ssh client only installed) Client2: Ubuntu server 8.04.1 file and directory permissions are correct (& setting StrictModes to 'no' didn't help --I tried it just in case) I tried to follow instructions here: https://help.ubuntu.com/8.04/serverguide/C/openssh-server.html which are not entirely consistent with what I've since read elsewhere (e.g., here http://www.debian-administration.org/articles/152) when trying to understand why this wasn't working as expected. Why authorized_keys2? ssh-copy-id -i uses "authorized_keys" regardless of whether RSA or DSA is selected, not authorized_keys2. (hello?) (I learned about ssh-copy-id here http://principialabs.com/beginning- ssh-on-ubuntu where it's specifically referred to with Ubuntu) I tried copying authorized_keys to authorized_keys2, which didn't make any difference. The private key files have wrapped lines (@ 64 characters). Both ID_RSA and ID_DSA..Does it matter? Just tried RSA; this didn't work for me. ssh -v [EMAIL PROTECTED] yields (wiki is the server) OpenSSH 4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007 Reading configuration data /home/paul/.ssh/config Applying options for wiki Reading configuration data for /etc/ssh/ssh_config Applying options for * Connecting to 192.168.1.83 [192.168.1.83] port 22. Connection established identify file /home/paul/.ssh/identity type -1 identify file /home/paul/.ssh/id_rsa type -1 identify file /home/paul/.ssh/id_dsa type -1 Remote protocol version 2.0, remote software version OpenSSH_4.7p1 Debian-8ubuntu1.2 match: OpenSSH_4.7p1 Debian-8ubuntu1.2 pat OpenSSH* Enabling compatibility mode for protocol 2.0 Local version string SSH-20-OpenSSH_4.7p1 Debian-8ubuntu1.2 SSH2_MSG_KEXINIT sent expecting SSH2_MSG_NEWKEYS SSH2_MSG_NEWKEYS received SSH2_MSG_SERVICE_REQUEST sent SSH2_MSG_SERVICE_REQUEST received Authentications that can continue: publickey,password Next authentication method: publickey Trying private key: /home/paul/.ssh/identity Offering public key: /home/paul/id_rsa Authentications that can continue: publickey,password Trying private key: /home/paul/.ssh/id_dsa Next authentication method: password [EMAIL PROTECTED]'s password: I'm about to try a desktop version of 8.04.1 (keys are generated on Ubuntu server version only so far) but thought I'd post this in the meantime. If it's not a bug then it may be that the installation docs need some revision (for dummies / victims of Murphy' law). OK. Just tried with Ubuntu desktop running on an old laptop (LPC); I installed the OpenSSH server software, generated keys, copied the public key to the EEE pc (to ~/.ssh -- same account name). I renamed the existing authorized_keys in case there was anything wrong with it and then renamed the public key file (first DSA; then repeated this for RSA) and set permissions to 600 (advice in OpenSSH FAQ). I made no changes to the sshd_config or ssh_config files. captured debug follows [EMAIL PROTECTED]:~/.ssh$ ssh -v [EMAIL PROTECTED] OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007 debug1: Reading configuration data /home/paul/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to lpc [192.168.1.64] port 22. debug1: Connection established. debug1: identity file /home/paul/.ssh/identity type -1 debug1: identity file /home/paul/.ssh/id_rsa type 1 debug1: identity file /home/paul/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7p1 Debian-8ubuntu1.2 debug1: match: OpenSSH_4.7p1 Debian-8ubuntu1.2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1.2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'lpc' is known and matches the RSA host key. debug1: Found key in /home/paul/.ssh/known_hosts:3 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /home/paul/.ssh/identity debug1: Offering public key: /home/paul/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/paul/.ssh/id_dsa debug1: Next authentication method: password [EMAIL PROTECTED]'s password: <pause> Re-reads https://help.ubuntu.com/8.04/serverguide/C/openssh-server.html > the host > between hosts > remote host So, it's all perfectly clear which is which here? (small lightbulb illuminates; why are private keys being tried?) I assumed that the remote machine with the public key would be the one initiating communication, which is not entirely illogical: Reasoning: 1 server many clients 1 private key shareable public key client-server communication is called client-server not server-client communication. Naive expectation: client with public key initiates communication (I'm looking at this so I can rsync over ssh; the remote device is the client from a storage perspective) Reality: client with private key initiates communication with servers: 1 client many servers At a minimum, the doc (https://help.ubuntu.com/8.04/serverguide/C /openssh-server.html) should read You should now be able to SSH to the remote host without being prompted for a password. ===== The word remote is missing and the word "to" could usefully be emphasised. A diagram for added clarity would be even better. My guess as to why one key failed and one worked for Max is that he changed ends, so to speak, but I may be wrong. I subsequently found this http://ubuntuforums.org/showthread.php?t=238672 which I find clearer than the original write-up. I think you can close this one. However, I hope the docs can be expanded a little (in time for 8.10 would be good) to keep others from falling into the same trap. -- openssh-server does not find dsa keys authorized_keys file https://bugs.launchpad.net/bugs/236931 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
