Are you having trouble with SSH authentication when using public key authentication? i.e. OpenSSH doesn’t like your key? Running SSH in debugging mode produces an output like the following?


[thebitguru@dreamer .ssh]$ ssh -vvv YYY@XXXXX.com

OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to XXXXXX.com [64.22.96.40] port 22.
debug1: Connection established.
debug1: identity file /home/thebitguru/.ssh/identity type -1
debug3: Not a RSA1 key file /home/thebitguru/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '——-BEGIN’
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'Proc-Type:’
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'DEK-Info:’
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
… ///// Removed for clarity /////
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '——-END’
debug3: key_read: missing keytype
debug1: identity file /home/thebitguru/.ssh/id_rsa type 1
debug1: identity file /home/thebitguru/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6
… ///// Removed for clarity /////
debug3: check_host_in_hostfile: match line 8
debug1: Host 'XXXXXX.com’ is known and matches the RSA host key.
debug1: Found key in /home/thebitguru/.ssh/known_hosts:9
debug2: bits set: 526/1024
debug1: ssh_rsa_verify: signature correct
… ///// Removed for clarity /////
debug2: key: /home/thebitguru/.ssh/id_rsa (0×8093f00)
debug2: key: /home/thebitguru/.ssh/identity ((nil))
debug2: key: /home/thebitguru/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-with-mic,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/thebitguru/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /home/thebitguru/.ssh/identity
debug3: no such identity: /home/thebitguru/.ssh/identity
debug1: Trying private key: /home/thebitguru/.ssh/id_dsa
debug3: no such identity: /home/thebitguru/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password

You need to change the permissions on authorized_keys2 file on the server to be only owner writable. A good option is: chmod 600 ~/.ssh/*

Once again this solution was posted deep down in a mailing list archive. The credit goes to Stephen Biggs for posting the explanation in this mailing list thread.

Back to blog...