touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #05038
[Bug 362427] Re: Public key ssh auth doesn't work with my Encrypted Home Directory
Hi guys,
I am not really an experienced user and haven't actually applied the solution proposed in comment #12 , but
as I understand the authorized public key is added in .ssh/authorized_keys,
so, wouldn't it be possible to put another public key using a live cd and then login using the corresponding private key ?
Best Regards,
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/362427
Title:
Public key ssh auth doesn't work with my Encrypted Home Directory
Status in eCryptfs:
Invalid
Status in “ecryptfs-utils” package in Ubuntu:
Invalid
Status in “openssh” package in Ubuntu:
Invalid
Bug description:
Spent all night to understand why public key ssh auth doesn't work. It
seems to me that issue only affects Jaunty. Please have a look at the
details below.
So, the configuration is:
1. Client
- lsb_release: Ubuntu 8.10 intrepid
- ssh-client: OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
2. Server A
- lsb_release: Ubuntu 8.04.2 hardy
- sshd: OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
3. Server B
- lsb_release: Ubuntu 9.04 jaunty
- sshd: OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
Server A and Server B have the same /etc/ssh/sshd_config:
RSAAuthentication yes
PubkeyAuthentication yes
StrictModes no
I turned StrictModes to "no", but every server has the same
permissions on user's .ssh folder and .ssh/authorized_keys file.
authorized_keys is the same on Server A and Server B.
So, I am able to connect with public key from Client machine to Server
A, but I can't connect to Server B.
I run ssh client and sshd on Server B in debug mode, please find logs
attached.
Most important strings from auth.log:
...
Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_request_receive entering
Apr 16 20:58:47 ubuntu sshd[21728]: debug3: monitor_read: checking request 21
Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_answer_keyallowed entering
Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_answer_keyallowed: key_from_blob: 0xb9084978
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: trying public key file /home/sasha/.ssh/authorized_keys
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: restore_uid: 0/0
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: trying public key file /home/sasha/.ssh/authorized_keys2
Apr 16 20:58:47 ubuntu sshd[21728]: debug1: restore_uid: 0/0
Apr 16 20:58:47 ubuntu sshd[21728]: Failed publickey for sasha from 10.0.0.11 port 51194 ssh2
Apr 16 20:58:47 ubuntu sshd[21728]: debug3: mm_answer_keyallowed: key 0xb9084978 is not allowed
...
To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/362427/+subscriptions