This is quite a mistery for me. I usually use passwordless RSA authentication to login into my remote *nix servers with ssh and sftp. Never had any problem until now.
I cannot connect to an Ubuntu 9.10 machine:
user@myclient$ ssh -i .ssh/Ganymede_key user@ganymede.server.com
[...]
debug1: Host 'ganymede.server.com' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:14
debug2: bits set: 494/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: .ssh/Ganymede_key (0xb96a0ef8)
debug2: key: .ssh/Ganymede_key ((nil))
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: .ssh/Ganymede_key
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: .ssh/Ganymede_key
debug1: read PEM private key done: type RSA
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Then it falls back to password authentication. If I disable password authentication on the remote machine my connection attempt just fails with a "Permission denied (publickey)." state.
Same thing for sftp from command line.
The "funny" thing is that the exact same RSA key works like a charm with a Filezilla sftp session instead:
12:08:00 Trace: Offered public key from "/home/user/.filezilla/keys/Ganymede_key"
12:08:00 Trace: Offer of public key accepted, trying to authenticate using it.
12:08:01 Trace: Access granted
12:08:01 Trace: Opened channel for session
12:08:01 Trace: Started a shell/command
12:08:01 Status: Connected to ganymede.server.com
12:08:02 Trace: CSftpControlSocket::ConnectParseResponse()
12:08:02 Trace: CSftpControlSocket::ResetOperation(0)
12:08:02 Trace: CControlSocket::ResetOperation(0)
12:08:02 Status: Retrieving directory listing...
12:08:02 Trace: CSftpControlSocket::SendNextCommand()
12:08:02 Trace: CSftpControlSocket::ChangeDirSend()
12:08:02 Command: pwd
12:08:02 Response: Current directory is: "/root"
12:08:02 Trace: CSftpControlSocket::ResetOperation(0)
12:08:02 Trace: CControlSocket::ResetOperation(0)
12:08:02 Trace: CSftpControlSocket::ParseSubcommandResult(0)
12:08:02 Trace: CSftpControlSocket::ListSubcommandResult()
12:08:02 Trace: CSftpControlSocket::ResetOperation(0)
12:08:02 Trace: CControlSocket::ResetOperation(0)
12:08:02 Status: Directory listing successful
Any thoughts?
M
Best Answer
Your first trace looks somewhat strange. As jneves points out ssh assumes that the file contains your public and private keys. The documentation says that the "identity" is the private key.
If you do indeed have two keys in one file (had no idea it is possible) you should probably separate them. In any case it seems like you are not conforming to the documentation.