Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1102288

Summary: AuthorizedKeysCommand does not work under the Match section
Product: Red Hat Enterprise Linux 7 Reporter: Patrik Kis <pkis>
Component: opensshAssignee: Petr Lautrbach <plautrba>
Status: CLOSED ERRATA QA Contact: Stanislav Zidek <szidek>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1CC: pkis, pvrabec
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openssh-6.6.1p1-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 09:27:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Patrik Kis 2014-05-28 16:50:31 UTC 
Description of problem:
AuthorizedKeysCommand and AuthorizedKeysCommandUser are not accepted if they are under Match section, e.g. restricted for an user.

Version-Release number of selected component (if applicable):
openssh-6.4p1-8.el7

How reproducible:
always

Steps to Reproduce:
1. edit or add the following to /etc/ssh/sshd_config
AuthorizedKeysFile  .ssh/authorized_keys_notexists
Match User pkis
    AuthorizedKeysCommand /usr/libexec/openssh/ssh-keycat
    AuthorizedKeysCommandUser root
2. restart sshd
3. Try to log in as user pkis, it will fail but should not

0 [root@rhel7 ~ ]# service sshd restart
Restarting sshd (via systemctl):                           [  OK  ]
0 [root@rhel7 ~ ]# grep -e "^\s*Authorized" -e "^\s*Match" /etc/ssh/sshd_config 
AuthorizedKeysFile	.ssh/authorized_keys_notexists
Match User pkis
AuthorizedKeysCommand /usr/libexec/openssh/ssh-keycat
AuthorizedKeysCommandUser root
0 [root@rhel7 ~ ]# 
0 [root@rhel7 ~ ]# ssh root@localhost
root@localhost's password: 

130 [root@rhel7 ~ ]# 
130 [root@rhel7 ~ ]# ssh pkis@localhost
pkis@localhost's password: 

130 [root@rhel7 ~ ]# 

4. If the AuthorizedKeysCommand* are in the global section it works:

0 [root@rhel7 ~ ]# service sshd restart
Restarting sshd (via systemctl):                           [  OK  ]
0 [root@rhel7 ~ ]# grep -e "^\s*Authorized" -e "^\s*Match" /etc/ssh/sshd_config 
AuthorizedKeysFile	.ssh/authorized_keys_notexists
AuthorizedKeysCommand /usr/libexec/openssh/ssh-keycat
AuthorizedKeysCommandUser root
0 [root@rhel7 ~ ]# 
0 [root@rhel7 ~ ]# ssh pkis@localhost
Last login: Wed May 28 18:47:31 2014 from localhost
[pkis@rhel7 ~]$ exit
logout
Connection to localhost closed.
0 [root@rhel7 ~ ]# ssh root@localhost
Last login: Wed May 28 18:33:39 2014 from 192.168.100.1
0 [root@rhel7 ~ ]# exit
logout
Connection to localhost closed.
0 [root@rhel7 ~ ]#
Comment 1 Petr Lautrbach 2014-05-29 08:50:28 UTC 
Could you set LogLevel to DEBUG3 and post logs for both cases?
Comment 2 Patrik Kis 2014-05-29 10:55:10 UTC 
This is the working case.

# tail /etc/ssh/sshd_config 
AuthorizedKeysFile  .ssh/authorized_keys_notexists
AuthorizedKeysCommand /usr/libexec/openssh/ssh-keycat
AuthorizedKeysCommandUser root
#
# /usr/sbin/sshd -Dddde
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 807
debug2: parse_server_config: config /etc/ssh/sshd_config len 807
debug3: /etc/ssh/sshd_config:28 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:30 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: /etc/ssh/sshd_config:42 setting SyslogFacility AUTHPRIV
debug3: /etc/ssh/sshd_config:77 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:81 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:92 setting GSSAPIAuthentication yes
debug3: /etc/ssh/sshd_config:94 setting GSSAPICleanupCredentials yes
debug3: /etc/ssh/sshd_config:110 setting UsePAM yes
debug3: /etc/ssh/sshd_config:116 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:123 setting UsePrivilegeSeparation sandbox		
debug3: /etc/ssh/sshd_config:140 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: /etc/ssh/sshd_config:141 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: /etc/ssh/sshd_config:142 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: /etc/ssh/sshd_config:143 setting AcceptEnv XMODIFIERS
debug3: /etc/ssh/sshd_config:146 setting Subsystem sftp	/usr/libexec/openssh/sftp-server
debug3: /etc/ssh/sshd_config:157 setting AuthorizedKeysFile .ssh/authorized_keys_notexists
debug3: /etc/ssh/sshd_config:158 setting AuthorizedKeysCommand /usr/libexec/openssh/ssh-keycat
debug3: /etc/ssh/sshd_config:159 setting AuthorizedKeysCommandUser root
debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type RSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key
debug1: private host key: #0 type 1 RSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type ECDSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key
debug1: private host key: #1 type 3 ECDSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-Dddde'
debug3: oom_adjust_setup
Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.

debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 807
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug3: recv_rexec_state: entering fd = 5
debug3: ssh_msg_recv entering
debug3: recv_rexec_state: done
debug2: parse_server_config: config rexec len 807
debug3: rexec:28 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: rexec:30 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: rexec:42 setting SyslogFacility AUTHPRIV
debug3: rexec:77 setting PasswordAuthentication yes
debug3: rexec:81 setting ChallengeResponseAuthentication no
debug3: rexec:92 setting GSSAPIAuthentication yes
debug3: rexec:94 setting GSSAPICleanupCredentials yes
debug3: rexec:110 setting UsePAM yes
debug3: rexec:116 setting X11Forwarding yes
debug3: rexec:123 setting UsePrivilegeSeparation sandbox		
debug3: rexec:140 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: rexec:141 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: rexec:142 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: rexec:143 setting AcceptEnv XMODIFIERS
debug3: rexec:146 setting Subsystem sftp	/usr/libexec/openssh/sftp-server
debug3: rexec:157 setting AuthorizedKeysFile .ssh/authorized_keys_notexists
debug3: rexec:158 setting AuthorizedKeysCommand /usr/libexec/openssh/ssh-keycat
debug3: rexec:159 setting AuthorizedKeysCommandUser root
debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type RSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key
debug1: private host key: #0 type 1 RSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type ECDSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key
debug1: private host key: #1 type 3 ECDSA
debug1: inetd sockets after dupping: 3, 3
Connection from ::1 port 57453
debug1: Client protocol version 2.0; client software version OpenSSH_6.4
debug1: match: OpenSSH_6.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4
debug2: fd 3 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing rlimit sandbox
debug2: Network child is on pid 23952
debug3: preauth child monitor started
debug1: SELinux support enabled [preauth]
debug3: ssh_selinux_change_context: setting context from 'unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023' to 'unconfined_u:system_r:sshd_net_t:s0-s0:c0.c1023' [preauth]
debug3: ssh_selinux_change_context: setcon unconfined_u:system_r:sshd_net_t:s0-s0:c0.c1023 from unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 failed with Permission denied [preauth]
debug3: privsep user:group 74:74 [preauth]
debug1: permanently_set_uid: 74/74 [preauth]
debug1: list_hostkey_types: ssh-rsa,ecdsa-sha2-nistp256 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256 [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm,aes256-gcm,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc.se [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm,aes256-gcm,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc.se [preauth]
debug2: kex_parse_kexinit: hmac-md5-etm,hmac-sha1-etm,umac-64-etm,umac-128-etm,hmac-sha2-256-etm,hmac-sha2-512-etm,hmac-ripemd160-etm,hmac-sha1-96-etm,hmac-md5-96-etm,hmac-md5,hmac-sha1,umac-64,umac-128,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit: hmac-md5-etm,hmac-sha1-etm,umac-64-etm,umac-128-etm,hmac-sha2-256-etm,hmac-sha2-512-etm,hmac-ripemd160-etm,hmac-sha1-96-etm,hmac-md5-96-etm,hmac-md5,hmac-sha1,umac-64,umac-128,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit: none,zlib [preauth]
debug2: kex_parse_kexinit: none,zlib [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit: first_kex_follows 0  [preauth]
debug2: kex_parse_kexinit: reserved 0  [preauth]
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01,ecdsa-sha2-nistp384-cert-v01,ecdsa-sha2-nistp521-cert-v01,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01,ssh-dss-cert-v01,ssh-rsa-cert-v00,ssh-dss-cert-v00,ssh-rsa,ssh-dss [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm,aes256-gcm,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc.se [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm,aes256-gcm,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc.se [preauth]
debug2: kex_parse_kexinit: hmac-md5-etm,hmac-sha1-etm,umac-64-etm,umac-128-etm,hmac-sha2-256-etm,hmac-sha2-512-etm,hmac-ripemd160-etm,hmac-sha1-96-etm,hmac-md5-96-etm,hmac-md5,hmac-sha1,umac-64,umac-128,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit: hmac-md5-etm,hmac-sha1-etm,umac-64-etm,umac-128-etm,hmac-sha2-256-etm,hmac-sha2-512-etm,hmac-ripemd160-etm,hmac-sha1-96-etm,hmac-md5-96-etm,hmac-md5,hmac-sha1,umac-64,umac-128,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit: none,zlib,zlib [preauth]
debug2: kex_parse_kexinit: none,zlib,zlib [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit: first_kex_follows 0  [preauth]
debug2: kex_parse_kexinit: reserved 0  [preauth]
debug2: mac_setup: found hmac-md5-etm [preauth]
debug1: kex: client->server aes128-ctr hmac-md5-etm none [preauth]
debug3: mm_request_send entering: type 120 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 120
debug3: mm_request_send entering: type 121
debug3: mm_request_receive_expect entering: type 121 [preauth]
debug3: mm_request_receive entering [preauth]
debug2: mac_setup: found hmac-md5-etm [preauth]
debug1: kex: server->client aes128-ctr hmac-md5-etm none [preauth]
debug3: mm_request_send entering: type 120 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 120
debug3: mm_request_send entering: type 121
debug3: mm_request_receive_expect entering: type 121 [preauth]
debug3: mm_request_receive entering [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug3: mm_key_sign entering [preauth]
debug3: mm_request_send entering: type 6 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_sign
debug3: mm_answer_sign: signature 0x7f8bc90f4b00(100)
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth]
debug3: mm_request_receive_expect entering: type 7 [preauth]
debug3: mm_request_receive entering [preauth]
debug2: kex_derive_keys [preauth]
debug2: set_newkeys: mode 1 [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug2: set_newkeys: mode 0 [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user sshinplace1 service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug3: mm_getpwnamallow entering [preauth]
debug3: mm_request_send entering: type 8 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 8
debug3: mm_answer_pwnamallow
debug3: Trying to reverse map address ::1.
debug2: parse_server_config: config reprocess config len 807
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 9
debug2: monitor_read: 8 used once, disabling now
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
debug3: mm_request_receive_expect entering: type 9 [preauth]
debug3: mm_request_receive entering [preauth]
debug2: input_userauth_request: setting up authctxt for sshinplace1 [preauth]
debug3: mm_start_pam entering [preauth]
debug3: mm_request_send entering: type 100 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 100
debug1: PAM: initializing for "sshinplace1"
debug1: PAM: setting PAM_RHOST to "localhost"
debug1: PAM: setting PAM_TTY to "ssh"
debug2: monitor_read: 100 used once, disabling now
debug3: mm_inform_authserv entering [preauth]
debug3: mm_request_send entering: type 4 [preauth]
debug3: mm_inform_authrole entering [preauth]
debug3: mm_request_send entering: type 80 [preauth]
debug2: input_userauth_request: try method none [preauth]
debug3: userauth_finish: failure partial=0 next methods="publickey,gssapi-keyex,gssapi-with-mic,password" [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 4
debug3: mm_answer_authserv: service=ssh-connection, style=
debug2: monitor_read: 4 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 80
debug3: mm_answer_authrole: role=
debug2: monitor_read: 80 used once, disabling now
debug1: userauth-request for user sshinplace1 service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug2: input_userauth_request: try method publickey [preauth]
debug1: test whether pkalg/pkblob are acceptable [preauth]
debug3: mm_key_allowed entering [preauth]
debug3: mm_request_send entering: type 22 [preauth]
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
debug3: mm_request_receive_expect entering: type 23 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 22
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x7f8bc910e250
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug3: Running AuthorizedKeysCommand: "/usr/libexec/openssh/ssh-keycat sshinplace1" as "root"
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 0/0 (e=0/0)
Found matching RSA key: 74:78:49:2d:ae:33:fd:f3:4b:58:35:48:f5:fc:b5:86
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: key 0x7f8bc910e250 is allowed
debug3: mm_request_send entering: type 23
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa [preauth]
Postponed publickey for sshinplace1 from ::1 port 57453 ssh2 [preauth]
debug1: userauth-request for user sshinplace1 service ssh-connection method publickey [preauth]
debug1: attempt 2 failures 0 [preauth]
debug2: input_userauth_request: try method publickey [preauth]
debug3: mm_key_allowed entering [preauth]
debug3: mm_request_send entering: type 22 [preauth]
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
debug3: mm_request_receive_expect entering: type 23 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 22
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x7f8bc910e250
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug3: Running AuthorizedKeysCommand: "/usr/libexec/openssh/ssh-keycat sshinplace1" as "root"
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 0/0 (e=0/0)
Found matching RSA key: 74:78:49:2d:ae:33:fd:f3:4b:58:35:48:f5:fc:b5:86
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: key 0x7f8bc910e250 is allowed
debug3: mm_request_send entering: type 23
debug3: mm_key_verify entering [preauth]
debug3: mm_request_send entering: type 24 [preauth]
debug3: mm_key_verify: waiting for MONITOR_ANS_KEYVERIFY [preauth]
debug3: mm_request_receive_expect entering: type 25 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 24
debug1: ssh_rsa_verify: signature correct
debug3: mm_answer_keyverify: key 0x7f8bc910fed0 signature verified
debug3: mm_request_send entering: type 25
debug3: mm_request_receive_expect entering: type 102
debug3: mm_request_receive entering
debug1: do_pam_account: called
debug3: PAM: do_pam_account pam_acct_mgmt = 0 (Success)
debug3: mm_request_send entering: type 103
Accepted publickey for sshinplace1 from ::1 port 57453 ssh2: RSA 74:78:49:2d:ae:33:fd:f3:4b:58:35:48:f5:fc:b5:86
debug1: monitor_child_preauth: sshinplace1 has been authenticated by privileged process
debug3: mm_get_keystate: Waiting for new keys
debug3: mm_request_receive_expect entering: type 26
debug3: mm_request_receive entering
debug3: mm_newkeys_from_blob: 0x7f8bc90f7c90(138)
debug2: mac_setup: found hmac-md5-etm
debug3: mm_get_keystate: Waiting for second key
debug3: mm_newkeys_from_blob: 0x7f8bc90f7c90(138)
debug2: mac_setup: found hmac-md5-etm
debug3: mm_get_keystate: Getting compression state
debug3: mm_get_keystate: Getting Network I/O buffers
debug3: mm_request_receive_expect entering: type 122
debug3: mm_request_receive entering
debug3: mm_request_send entering: type 123
debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa [preauth]
debug3: mm_do_pam_account entering [preauth]
debug3: mm_request_send entering: type 102 [preauth]
debug3: mm_request_receive_expect entering: type 103 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_do_pam_account returning 1 [preauth]
debug3: mm_send_keystate: Sending new keys: 0x7f8bc90f9db0 0x7f8bc90fb890 [preauth]
debug3: mm_newkeys_to_blob: converting 0x7f8bc90f9db0 [preauth]
debug3: mm_newkeys_to_blob: converting 0x7f8bc90fb890 [preauth]
debug3: mm_send_keystate: New keys have been sent [preauth]
debug3: mm_send_keystate: Sending compression state [preauth]
debug3: mm_request_send entering: type 26 [preauth]
debug3: mm_send_keystate: Finished sending state [preauth]
debug3: mm_request_send entering: type 122 [preauth]
debug3: mm_request_receive_expect entering: type 123 [preauth]
debug3: mm_request_receive entering [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_share_sync: Share sync
debug3: mm_share_sync: Share sync end
debug3: ssh_sandbox_parent_finish: finished
debug1: temporarily_use_uid: 1004/1004 (e=0/0)
debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
debug1: restore_uid: 0/0
debug1: SELinux support enabled
debug3: ssh_selinux_setup_variables: setting execution context
debug1: PAM: establishing credentials
debug3: PAM: opening session
User child is on pid 23956
debug1: PAM: establishing credentials
debug3: ssh_selinux_setup_variables: setting execution context
debug1: permanently_set_uid: 1004/1004
ssh_selinux_copy_context: setcon failed with Permission denied
debug2: set_newkeys: mode 0
debug2: set_newkeys: mode 1
debug1: Entering interactive session for SSH2.
debug2: fd 8 setting O_NONBLOCK
debug2: fd 9 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype no-more-sessions want_reply 0
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug3: mm_request_send entering: type 28
debug3: mm_request_receive entering
debug3: monitor_read: checking request 28
debug3: mm_answer_pty entering
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug3: ssh_selinux_setup_pty: setting TTY context on /dev/pts/2
debug3: ssh_selinux_setup_pty: done
debug3: mm_request_send entering: type 29
debug3: mm_answer_pty: tty /dev/pts/2 ptyfd 7
debug3: mm_pty_allocate: waiting for MONITOR_ANS_PTY
debug3: mm_request_receive_expect entering: type 29
debug3: mm_request_receive entering
debug1: session_pty_req: session 0 alloc /dev/pts/2
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug2: Setting env 0: XMODIFIERS=@im=none
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug2: Setting env 1: LANG=en_US.UTF-8
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IPV6_TCLASS 0x10
debug2: channel 0: rfd 12 isatty
debug2: fd 12 setting O_NONBLOCK
debug3: fd 10 is O_NONBLOCK
debug1: Setting controlling tty using TIOCSCTTY.

debug2: channel 0: read<=0 rfd 12 len -1
debug2: channel 0: read failed
debug2: channel 0: close_read
debug2: channel 0: input open -> drain
debug2: channel 0: ibuf empty
debug2: channel 0: send eof
debug2: channel 0: input drain -> closed
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 23957
debug1: session_exit_message: session 0 channel 0 pid 23957
debug2: channel 0: request exit-status confirm 0
debug1: session_exit_message: release channel 0
debug2: channel 0: write failed
debug2: channel 0: close_write
debug2: channel 0: send eow
debug2: channel 0: output open -> closed
debug3: mm_request_send entering: type 30
debug3: mm_request_receive entering
debug3: monitor_read: checking request 30
debug3: mm_answer_pty_cleanup entering
debug1: session_by_tty: session 0 tty /dev/pts/2
debug3: mm_session_close: session 0 pid 23956
debug3: mm_session_close: tty /dev/pts/2 ptyfd 7
debug1: session_pty_cleanup: session 0 release /dev/pts/2
debug3: session_unused: session id 0 unused
debug2: channel 0: send close
debug3: channel 0: will not send data after close
debug2: notify_done: reading
debug3: channel 0: will not send data after close
debug2: channel 0: rcvd close
Received disconnect from ::1: 11: disconnected by user
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug3: mm_request_send entering: type 122
debug3: mm_request_receive entering
debug3: monitor_read: checking request 122
debug3: mm_request_send entering: type 123
debug3: mm_request_receive_expect entering: type 123
debug3: mm_request_receive entering
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: PAM: cleanup
debug1: PAM: closing session
debug1: PAM: deleting credentials
debug3: PAM: sshpam_thread_cleanup entering
Comment 3 Patrik Kis 2014-05-29 10:56:08 UTC 
And this where it fails.

# tail /etc/ssh/sshd_config 
AuthorizedKeysFile  .ssh/authorized_keys_notexists
Match User sshinplace1
AuthorizedKeysCommand /usr/libexec/openssh/ssh-keycat
AuthorizedKeysCommandUser root
#
# /usr/sbin/sshd -Dddde
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 830
debug2: parse_server_config: config /etc/ssh/sshd_config len 830
debug3: /etc/ssh/sshd_config:28 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:30 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: /etc/ssh/sshd_config:42 setting SyslogFacility AUTHPRIV
debug3: /etc/ssh/sshd_config:77 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:81 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:92 setting GSSAPIAuthentication yes
debug3: /etc/ssh/sshd_config:94 setting GSSAPICleanupCredentials yes
debug3: /etc/ssh/sshd_config:110 setting UsePAM yes
debug3: /etc/ssh/sshd_config:116 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:123 setting UsePrivilegeSeparation sandbox		
debug3: /etc/ssh/sshd_config:140 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: /etc/ssh/sshd_config:141 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: /etc/ssh/sshd_config:142 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: /etc/ssh/sshd_config:143 setting AcceptEnv XMODIFIERS
debug3: /etc/ssh/sshd_config:146 setting Subsystem sftp	/usr/libexec/openssh/sftp-server
debug3: /etc/ssh/sshd_config:157 setting AuthorizedKeysFile .ssh/authorized_keys_notexists
debug3: checking syntax for 'Match User sshinplace1'
debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type RSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key
debug1: private host key: #0 type 1 RSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type ECDSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key
debug1: private host key: #1 type 3 ECDSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-Dddde'
debug3: oom_adjust_setup
Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.

debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 830
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug3: recv_rexec_state: entering fd = 5
debug3: ssh_msg_recv entering
debug3: recv_rexec_state: done
debug2: parse_server_config: config rexec len 830
debug3: rexec:28 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: rexec:30 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: rexec:42 setting SyslogFacility AUTHPRIV
debug3: rexec:77 setting PasswordAuthentication yes
debug3: rexec:81 setting ChallengeResponseAuthentication no
debug3: rexec:92 setting GSSAPIAuthentication yes
debug3: rexec:94 setting GSSAPICleanupCredentials yes
debug3: rexec:110 setting UsePAM yes
debug3: rexec:116 setting X11Forwarding yes
debug3: rexec:123 setting UsePrivilegeSeparation sandbox		
debug3: rexec:140 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: rexec:141 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: rexec:142 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: rexec:143 setting AcceptEnv XMODIFIERS
debug3: rexec:146 setting Subsystem sftp	/usr/libexec/openssh/sftp-server
debug3: rexec:157 setting AuthorizedKeysFile .ssh/authorized_keys_notexists
debug3: checking syntax for 'Match User sshinplace1'
debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type RSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key
debug1: private host key: #0 type 1 RSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type ECDSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key
debug1: private host key: #1 type 3 ECDSA
debug1: inetd sockets after dupping: 3, 3
Connection from ::1 port 57456
debug1: Client protocol version 2.0; client software version OpenSSH_6.4
debug1: match: OpenSSH_6.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4
debug2: fd 3 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing rlimit sandbox
debug2: Network child is on pid 24283
debug3: preauth child monitor started
debug1: SELinux support enabled [preauth]
debug3: ssh_selinux_change_context: setting context from 'unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023' to 'unconfined_u:system_r:sshd_net_t:s0-s0:c0.c1023' [preauth]
debug3: ssh_selinux_change_context: setcon unconfined_u:system_r:sshd_net_t:s0-s0:c0.c1023 from unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 failed with Permission denied [preauth]
debug3: privsep user:group 74:74 [preauth]
debug1: permanently_set_uid: 74/74 [preauth]
debug1: list_hostkey_types: ssh-rsa,ecdsa-sha2-nistp256 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256 [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm,aes256-gcm,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc.se [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm,aes256-gcm,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc.se [preauth]
debug2: kex_parse_kexinit: hmac-md5-etm,hmac-sha1-etm,umac-64-etm,umac-128-etm,hmac-sha2-256-etm,hmac-sha2-512-etm,hmac-ripemd160-etm,hmac-sha1-96-etm,hmac-md5-96-etm,hmac-md5,hmac-sha1,umac-64,umac-128,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit: hmac-md5-etm,hmac-sha1-etm,umac-64-etm,umac-128-etm,hmac-sha2-256-etm,hmac-sha2-512-etm,hmac-ripemd160-etm,hmac-sha1-96-etm,hmac-md5-96-etm,hmac-md5,hmac-sha1,umac-64,umac-128,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit: none,zlib [preauth]
debug2: kex_parse_kexinit: none,zlib [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit: first_kex_follows 0  [preauth]
debug2: kex_parse_kexinit: reserved 0  [preauth]
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01,ecdsa-sha2-nistp384-cert-v01,ecdsa-sha2-nistp521-cert-v01,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01,ssh-dss-cert-v01,ssh-rsa-cert-v00,ssh-dss-cert-v00,ssh-rsa,ssh-dss [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm,aes256-gcm,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc.se [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm,aes256-gcm,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc.se [preauth]
debug2: kex_parse_kexinit: hmac-md5-etm,hmac-sha1-etm,umac-64-etm,umac-128-etm,hmac-sha2-256-etm,hmac-sha2-512-etm,hmac-ripemd160-etm,hmac-sha1-96-etm,hmac-md5-96-etm,hmac-md5,hmac-sha1,umac-64,umac-128,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit: hmac-md5-etm,hmac-sha1-etm,umac-64-etm,umac-128-etm,hmac-sha2-256-etm,hmac-sha2-512-etm,hmac-ripemd160-etm,hmac-sha1-96-etm,hmac-md5-96-etm,hmac-md5,hmac-sha1,umac-64,umac-128,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit: none,zlib,zlib [preauth]
debug2: kex_parse_kexinit: none,zlib,zlib [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit: first_kex_follows 0  [preauth]
debug2: kex_parse_kexinit: reserved 0  [preauth]
debug2: mac_setup: found hmac-md5-etm [preauth]
debug1: kex: client->server aes128-ctr hmac-md5-etm none [preauth]
debug3: mm_request_send entering: type 120 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 120
debug3: mm_request_send entering: type 121
debug3: mm_request_receive_expect entering: type 121 [preauth]
debug3: mm_request_receive entering [preauth]
debug2: mac_setup: found hmac-md5-etm [preauth]
debug1: kex: server->client aes128-ctr hmac-md5-etm none [preauth]
debug3: mm_request_send entering: type 120 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 120
debug3: mm_request_send entering: type 121
debug3: mm_request_receive_expect entering: type 121 [preauth]
debug3: mm_request_receive entering [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug3: mm_key_sign entering [preauth]
debug3: mm_request_send entering: type 6 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_sign
debug3: mm_answer_sign: signature 0x7f80e7111130(100)
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth]
debug3: mm_request_receive_expect entering: type 7 [preauth]
debug3: mm_request_receive entering [preauth]
debug2: kex_derive_keys [preauth]
debug2: set_newkeys: mode 1 [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug2: set_newkeys: mode 0 [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user sshinplace1 service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug3: mm_getpwnamallow entering [preauth]
debug3: mm_request_send entering: type 8 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 8
debug3: mm_answer_pwnamallow
debug3: Trying to reverse map address ::1.
debug2: parse_server_config: config reprocess config len 830
debug3: checking match for 'User sshinplace1' user sshinplace1 host localhost addr ::1 laddr ::1 lport 22
debug1: user sshinplace1 matched 'User sshinplace1' at line 158
debug3: match found
debug3: reprocess config:159 setting AuthorizedKeysCommand /usr/libexec/openssh/ssh-keycat
debug3: reprocess config:160 setting AuthorizedKeysCommandUser root
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 9
debug2: monitor_read: 8 used once, disabling now
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
debug3: mm_request_receive_expect entering: type 9 [preauth]
debug3: mm_request_receive entering [preauth]
debug2: input_userauth_request: setting up authctxt for sshinplace1 [preauth]
debug3: mm_start_pam entering [preauth]
debug3: mm_request_send entering: type 100 [preauth]
debug3: mm_inform_authserv entering [preauth]
debug3: mm_request_send entering: type 4 [preauth]
debug3: mm_inform_authrole entering [preauth]
debug3: mm_request_send entering: type 80 [preauth]
debug2: input_userauth_request: try method none [preauth]
debug3: userauth_finish: failure partial=0 next methods="publickey,gssapi-keyex,gssapi-with-mic,password" [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 100
debug1: PAM: initializing for "sshinplace1"
debug1: PAM: setting PAM_RHOST to "localhost"
debug1: PAM: setting PAM_TTY to "ssh"
debug2: monitor_read: 100 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 4
debug3: mm_answer_authserv: service=ssh-connection, style=
debug2: monitor_read: 4 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 80
debug3: mm_answer_authrole: role=
debug2: monitor_read: 80 used once, disabling now
debug1: userauth-request for user sshinplace1 service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug2: input_userauth_request: try method publickey [preauth]
debug1: test whether pkalg/pkblob are acceptable [preauth]
debug3: mm_key_allowed entering [preauth]
debug3: mm_request_send entering: type 22 [preauth]
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
debug3: mm_request_receive_expect entering: type 23 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 22
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x7f80e7128230
debug1: temporarily_use_uid: 1004/1004 (e=0/0)
debug1: trying public key file /home/sshinplace1/.ssh/authorized_keys_notexists
debug1: Could not open authorized keys '/home/sshinplace1/.ssh/authorized_keys_notexists': No such file or directory
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: key 0x7f80e7128230 is not allowed
Failed publickey for sshinplace1 from ::1 port 57456 ssh2: RSA 74:78:49:2d:ae:33:fd:f3:4b:58:35:48:f5:fc:b5:86
debug3: mm_request_send entering: type 23
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa [preauth]
debug3: userauth_finish: failure partial=0 next methods="publickey,gssapi-keyex,gssapi-with-mic,password" [preauth]

Connection closed by ::1 [preauth]
debug1: do_cleanup [preauth]
debug3: PAM: sshpam_thread_cleanup entering [preauth]
debug3: mm_request_send entering: type 122 [preauth]
debug3: mm_request_receive_expect entering: type 123 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 122
debug3: mm_request_send entering: type 123
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: PAM: cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug1: Killing privsep child 24283
Comment 4 Petr Lautrbach 2014-05-29 13:53:14 UTC 
upstream fix https://anongit.mindrot.org/openssh.git/commit/?id=534b2ccadea5e5e9a8b27226e6faac3ed5552e97
Comment 10 errata-xmlrpc 2015-03-05 09:27:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0425.html