[olug] PAM

William E. Kempf wekempf at cox.net
Thu Feb 6 15:40:53 UTC 2003 

> On Wed, 5 Feb 2003, William E. Kempf wrote:
>
>>
>> > At Wed, 05 Feb 03, Unidentified Flying Banana William E. Kempf,
>> said:
>> >> I've got a RedHat 7.1 box on which I think the PAM config files
>> have been messed up.  I suspect this because when I ssh to this box
>> when I have the clients public key in the servers
>> .ssh/authorized_keys file, it still asks me for a password.  I know
>> the PAM config files have been modified, but don't know what
>> modifications were done.  Is there any way to return to the
>> originally installed PAM files, or any other way to go about fixing
>> my problem?
>> >
>> > I won't claim that this can't be PAM related, but it seems to be
>> that it's more likely a Secure Shell issue.
>> >
>> > I would suggest doing the following:
>> >
>> >   o Ensure that the ~/.ssh/authorized_keys file on the server is
>> >     "valid".  Check it against the ssh public key, and make sure
>> there
>> > are no line breaks or anything like that in it.
>>
>> I've tried to verify this, and here's a capsule of what I've done.
>>
>> [wekempf ~]$ rm -rf .ssh/*
>> [wekempf ~]$ ssh-keygen -t rsa
>> Generating public/private rsa key pair.
>> Enter file in which to save the key (/home/wekempf/.ssh/id_rsa): Enter
>> passphrase (empty for no passphrase):
>> Enter same passphrase again:
>> Your identification has been saved in /home/wekempf/.ssh/id_rsa. Your
>> public key has been saved in /home/wekempf/.ssh/id_rsa.pub. The key
>> fingerprint is:
>> 2f:97:d7:87:a3:72:35:cf:9c:36:f4:60:79:ec:6d:47 wekempf at client
>> [wekempf ~]$ scp .ssh/id_rsa.pub server:mykey
>
> Try: scp .ssh/id_rsa.pub server:~/.ssh/authorized_keys
>
> Any authorized keys must be in a "known" location. The default location
> is:
>
> ~/.ssh/authorized_keys
>
> man ssh for details.

Uhmm... read a little closer.  I *do* copy the key to
~/.ssh/authorized_keys.  I've done this in seperate steps to insure no
mistakes were made along the way.

>> The authenticity of host 'server (???.???.???.???)' can't be
>> established. RSA key fingerprint is
>> 84:6d:4f:12:8c:0c:9b:97:4f:f0:89:0d:36:b7:6d:e8. Are you sure you want
>> to continue connecting (yes/no)? yes
>> Warning: Permanently added 'server,???.???.???.???' (RSA) to the list
>> of known
>> hosts.
>> wekempf at server's password:
>> id_rsa.pub           100% |*****************************|   227
>> 00:00 [wekempf ~]$ ssh csdsvr10
>> wekempf at server's password:
>> Last login: Wed Feb  5 14:48:39 2003 from client
>> [wekempf wekempf]$ rm -rf .ssh/*
>> [wekempf wekempf]$ cp mykey .ssh/authorized_keys

There it is!

-- 
William E. Kempf
wekempf at cox.net

More information about the OLUG mailing list