Description of problem: Was using RSA keys to authenticate over SSH to a server. After yesterday's update this now fails. Nothing else changed and I'm still able to do cryptographic log-on to another box that did NOT receive this update. Version-Release number of selected component (if applicable): OpenSSH_5.1p1, OpenSSL 0.9.8g 19 Oct 2007 How reproducible: Very Steps to Reproduce: 1. Log in via SSH. 2. 3. Actual results: System prompts for a passphrase. Expected results: System logs user in without prompting for a passphrase. Additional info: Below is debugging information. [christensene@ericlaptop ~]$ ssh -v -v -v thunder OpenSSH_5.1p1, OpenSSL 0.9.8g 19 Oct 2007 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to thunder [192.168.1.10] port 22. debug1: Connection established. debug1: identity file /home/christensene/.ssh/identity type -1 debug3: Not a RSA1 key file /home/christensene/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /home/christensene/.ssh/id_rsa type 1 debug1: identity file /home/christensene/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1 debug1: match: OpenSSH_5.1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.1 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib,zlib debug2: kex_parse_kexinit: none,zlib,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 116/256 debug2: bits set: 492/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/christensene/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug3: check_host_in_hostfile: filename /home/christensene/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug1: Host 'thunder' is known and matches the RSA host key. debug1: Found key in /home/christensene/.ssh/known_hosts:1 debug2: bits set: 493/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/christensene/.ssh/identity ((nil)) debug2: key: /home/christensene/.ssh/id_rsa (0xb95900d0) debug2: key: /home/christensene/.ssh/id_dsa ((nil)) debug1: Authentications that can continue: gssapi-with-mic,password debug3: start over, passed a different list gssapi-with-mic,password debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup gssapi-with-mic debug3: remaining preferred: publickey,keyboard-interactive,password debug3: authmethod_is_enabled gssapi-with-mic debug1: Next authentication method: gssapi-with-mic debug3: Trying to reverse map address 192.168.1.10. debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found debug1: Unspecified GSS failure. Minor code may provide more information debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,keyboard-interactive,password debug3: authmethod_is_enabled password debug1: Next authentication method: password
I would need a debug log from the updated server. Stop the sshd on the server and run it manually with /usr/sbin/sshd -ddd and attach the output produced here.
debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 781 debug2: parse_server_config: config /etc/ssh/sshd_config len 781 debug3: /etc/ssh/sshd_config:13 setting Port 23 debug3: /etc/ssh/sshd_config:14 setting Port 22 debug3: /etc/ssh/sshd_config:23 setting Protocol 2 debug3: /etc/ssh/sshd_config:38 setting SyslogFacility AUTHPRIV debug3: /etc/ssh/sshd_config:43 setting LoginGraceTime 1m debug3: /etc/ssh/sshd_config:44 setting PermitRootLogin no debug3: /etc/ssh/sshd_config:46 setting MaxAuthTries 3 debug3: /etc/ssh/sshd_config:48 setting DSAAuthentication no debug3: /etc/ssh/sshd_config:49 setting RSAAuthentication yes debug3: /etc/ssh/sshd_config:50 setting PubkeyAuthentication yes debug3: /etc/ssh/sshd_config:51 setting AuthorizedKeysFile .ssh/authorized_keys debug3: /etc/ssh/sshd_config:66 setting PermitEmptyPasswords no debug3: /etc/ssh/sshd_config:67 setting PasswordAuthentication yes debug3: /etc/ssh/sshd_config:71 setting ChallengeResponseAuthentication no debug3: /etc/ssh/sshd_config:81 setting GSSAPIAuthentication yes debug3: /etc/ssh/sshd_config:83 setting GSSAPICleanupCredentials yes debug3: /etc/ssh/sshd_config:95 setting UsePAM yes debug3: /etc/ssh/sshd_config:98 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES debug3: /etc/ssh/sshd_config:99 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT debug3: /etc/ssh/sshd_config:100 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE debug3: /etc/ssh/sshd_config:104 setting X11Forwarding yes debug3: /etc/ssh/sshd_config:127 setting Subsystem sftp /usr/libexec/openssh/sftp-server debug3: /etc/ssh/sshd_config:134 setting AllowUsers christensene williamsj kramert Amanda debug1: sshd version OpenSSH_5.1p1 debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug2: fd 4 setting O_NONBLOCK debug1: Bind to port 22 on ::. Server listening on :: port 22. debug2: fd 5 setting O_NONBLOCK debug1: Bind to port 23 on 0.0.0.0. Server listening on 0.0.0.0 port 23. debug2: fd 6 setting O_NONBLOCK debug1: Bind to port 23 on ::. Server listening on :: port 23.
I just checked another machine that got updated on our network and it is broken as well. The only one that isn't broken is the one that didn't receive the update (which is also running rawhide).
I need full debug log when you try to ssh to the debugged instance of sshd. This part you have posted is just from the startup.
[root@thunder ~]# /usr/sbin/sshd -ddd debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 791 debug2: parse_server_config: config /etc/ssh/sshd_config len 791 debug3: /etc/ssh/sshd_config:13 setting Port 23 debug3: /etc/ssh/sshd_config:14 setting Port 8001 debug3: /etc/ssh/sshd_config:15 setting Port 22 debug3: /etc/ssh/sshd_config:24 setting Protocol 2 debug3: /etc/ssh/sshd_config:39 setting SyslogFacility AUTHPRIV debug3: /etc/ssh/sshd_config:44 setting LoginGraceTime 1m debug3: /etc/ssh/sshd_config:45 setting PermitRootLogin no debug3: /etc/ssh/sshd_config:47 setting MaxAuthTries 3 debug3: /etc/ssh/sshd_config:49 setting DSAAuthentication no debug3: /etc/ssh/sshd_config:50 setting RSAAuthentication yes debug3: /etc/ssh/sshd_config:51 setting PubkeyAuthentication yes debug3: /etc/ssh/sshd_config:52 setting AuthorizedKeysFile .ssh/authorized_keys debug3: /etc/ssh/sshd_config:67 setting PermitEmptyPasswords no debug3: /etc/ssh/sshd_config:68 setting PasswordAuthentication yes debug3: /etc/ssh/sshd_config:72 setting ChallengeResponseAuthentication no debug3: /etc/ssh/sshd_config:82 setting GSSAPIAuthentication yes debug3: /etc/ssh/sshd_config:84 setting GSSAPICleanupCredentials yes debug3: /etc/ssh/sshd_config:96 setting UsePAM yes debug3: /etc/ssh/sshd_config:99 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES debug3: /etc/ssh/sshd_config:100 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT debug3: /etc/ssh/sshd_config:101 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE debug3: /etc/ssh/sshd_config:105 setting X11Forwarding yes debug3: /etc/ssh/sshd_config:128 setting Subsystem sftp /usr/libexec/openssh/sftp-server debug3: /etc/ssh/sshd_config:135 setting AllowUsers christensene williamsj kramert Amanda debug1: sshd version OpenSSH_5.1p1 debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug2: fd 4 setting O_NONBLOCK debug1: Bind to port 22 on ::. Server listening on :: port 22. debug2: fd 5 setting O_NONBLOCK debug1: Bind to port 8001 on 0.0.0.0. Server listening on 0.0.0.0 port 8001. debug2: fd 6 setting O_NONBLOCK debug1: Bind to port 8001 on ::. Server listening on :: port 8001. debug2: fd 7 setting O_NONBLOCK debug1: Bind to port 23 on 0.0.0.0. Server listening on 0.0.0.0 port 23. debug2: fd 8 setting O_NONBLOCK debug1: Bind to port 23 on ::. Server listening on :: port 23. debug3: fd 9 is not O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 12 config len 791 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 9 out 9 newsock 9 pipe -1 sock 12 debug1: inetd sockets after dupping: 3, 3 Connection from 192.168.1.14 port 41311 debug1: Client protocol version 2.0; client software version OpenSSH_5.1 debug1: match: OpenSSH_5.1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.1 debug2: fd 3 setting O_NONBLOCK debug2: Network child is on pid 17757 debug3: preauth child monitor started debug3: mm_request_receive entering debug3: privsep user:group 74:74 debug1: permanently_set_uid: 74/74 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib,zlib debug2: kex_parse_kexinit: none,zlib,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug3: mm_request_send entering: type 0 debug3: monitor_read: checking request 0 debug3: mm_answer_moduli: got parameters: 1024 1024 8192 debug3: mm_request_send entering: type 1 debug2: monitor_read: 0 used once, disabling now debug3: mm_request_receive entering debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI debug3: mm_request_receive_expect entering: type 1 debug3: mm_request_receive entering debug3: mm_choose_dh: remaining 0 debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug2: dh_gen_key: priv key bits set: 130/256 debug2: bits set: 495/1024 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug2: bits set: 494/1024 debug3: mm_key_sign entering debug3: mm_request_send entering: type 5 debug3: monitor_read: checking request 5 debug3: mm_answer_sign debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 6 debug3: mm_request_receive entering debug3: mm_answer_sign: signature 0xb91728f0(271) debug3: mm_request_send entering: type 6 debug2: monitor_read: 5 used once, disabling now debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug3: mm_request_receive entering debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user christensene service ssh-connection method none debug1: attempt 0 failures 0 debug3: mm_getpwnamallow entering debug3: mm_request_send entering: type 7 debug3: monitor_read: checking request 7 debug3: mm_answer_pwnamallow debug3: Trying to reverse map address 192.168.1.14. debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM debug3: mm_request_receive_expect entering: type 8 debug3: mm_request_receive entering debug2: parse_server_config: config reprocess config len 791 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 debug3: mm_request_send entering: type 8 debug2: monitor_read: 7 used once, disabling now debug3: mm_request_receive entering debug2: input_userauth_request: setting up authctxt for christensene debug3: mm_start_pam entering debug3: mm_request_send entering: type 46 debug3: monitor_read: checking request 46 debug1: PAM: initializing for "christensene" debug1: PAM: setting PAM_RHOST to "ericlaptop.christensenplace.us.christensenplace.us" debug1: PAM: setting PAM_TTY to "ssh" debug2: monitor_read: 46 used once, disabling now debug3: mm_request_receive entering debug3: mm_inform_authserv entering debug3: mm_request_send entering: type 3 debug3: monitor_read: checking request 3 debug3: mm_answer_authserv: service=ssh-connection, style= debug2: monitor_read: 3 used once, disabling now debug3: mm_request_receive entering debug3: mm_inform_authrole entering debug3: mm_request_send entering: type 4 debug3: monitor_read: checking request 4 debug3: mm_answer_authrole: role= debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug2: input_userauth_request: try method none debug1: userauth-request for user christensene service ssh-connection method password debug1: attempt 1 failures 0 debug2: input_userauth_request: try method password debug3: mm_auth_password entering debug3: mm_request_send entering: type 11 debug3: monitor_read: checking request 11 debug3: PAM: sshpam_passwd_conv called with 1 messages debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD debug3: mm_request_receive_expect entering: type 12 debug3: mm_request_receive entering debug1: PAM: password authentication accepted for christensene debug3: mm_answer_authpassword: sending result 1 debug3: mm_request_send entering: type 12 debug3: mm_request_receive_expect entering: type 47 debug3: mm_request_receive entering debug3: mm_auth_password: user authenticated debug3: mm_do_pam_account entering debug3: mm_request_send entering: type 47 debug1: do_pam_account: called debug3: mm_request_receive_expect entering: type 48 debug3: mm_request_receive entering debug3: PAM: do_pam_account pam_acct_mgmt = 0 (Success) debug3: mm_request_send entering: type 48 Accepted password for christensene from 192.168.1.14 port 41311 ssh2 debug1: monitor_child_preauth: christensene has been authenticated by privileged process debug3: mm_get_keystate: Waiting for new keys debug3: mm_request_receive_expect entering: type 25 debug3: mm_request_receive entering debug3: mm_do_pam_account returning 1 debug3: mm_send_keystate: Sending new keys: 0xb9172380 0xb9169c30 debug3: mm_newkeys_to_blob: converting 0xb9172380 debug3: mm_newkeys_to_blob: converting 0xb9169c30 debug3: mm_send_keystate: New keys have been sent debug3: mm_send_keystate: Sending compression state debug3: mm_request_send entering: type 25 debug3: mm_newkeys_from_blob: 0xb9177410(118) debug2: mac_setup: found hmac-md5 debug3: mm_get_keystate: Waiting for second key debug3: mm_newkeys_from_blob: 0xb9177410(118) debug2: mac_setup: found hmac-md5 debug3: mm_get_keystate: Getting compression state debug3: mm_get_keystate: Getting Network I/O buffers debug3: mm_share_sync: Share sync debug3: mm_share_sync: Share sync end debug3: mm_send_keystate: Finished sending state debug1: temporarily_use_uid: 500/500 (e=0/0) debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism debug1: restore_uid: 0/0 debug1: SELinux support enabled debug3: ssh_selinux_setup_pam_variables: setting execution context debug1: PAM: establishing credentials debug3: PAM: opening session debug3: PAM: sshpam_store_conv called with 1 messages debug1: PAM: establishing credentials User child is on pid 17760 debug3: mm_request_receive entering debug1: permanently_set_uid: 500/500 debug2: set_newkeys: mode 0 debug2: set_newkeys: mode 1 debug1: Entering interactive session for SSH2. debug2: fd 6 setting O_NONBLOCK debug2: fd 7 setting O_NONBLOCK debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug2: session_new: allocate (allocated 0 max 10) debug3: session_unused: session id 0 unused debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_global_request: rtype no-more-sessions want_reply 0 debug1: server_input_channel_req: channel 0 request pty-req reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. debug3: mm_request_send entering: type 26 debug3: mm_pty_allocate: waiting for MONITOR_ANS_PTY debug3: mm_request_receive_expect entering: type 27 debug3: mm_request_receive entering debug3: monitor_read: checking request 26 debug3: mm_answer_pty entering debug2: session_new: allocate (allocated 0 max 10) debug3: session_unused: session id 0 unused debug1: session_new: session 0 debug3: ssh_selinux_setup_pty: setting TTY context on /dev/pts/12 ssh_selinux_setup_pty: security_compute_relabel: Invalid argument debug3: ssh_selinux_setup_pty: done debug3: mm_request_send entering: type 27 debug1: session_pty_req: session 0 alloc /dev/pts/12 debug3: tty_parse_modes: SSH2 n_bytes 256 debug3: tty_parse_modes: ospeed 38400 debug3: tty_parse_modes: ispeed 38400 debug1: server_input_channel_req: channel 0 request env reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req env debug2: Setting env 0: LANG=en_US.UTF-8 debug1: server_input_channel_req: channel 0 request shell reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell debug2: fd 3 setting TCP_NODELAY debug2: channel 0: rfd 10 isatty debug2: fd 10 setting O_NONBLOCK debug3: fd 8 is O_NONBLOCK debug1: Setting controlling tty using TIOCSCTTY. debug3: mm_answer_pty: tty /dev/pts/12 ptyfd 5 debug3: mm_request_receive entering ^Cdebug1: do_cleanup debug1: PAM: cleanup debug1: PAM: deleting credentials debug1: PAM: closing session debug3: PAM: sshpam_thread_cleanup entering debug1: session_pty_cleanup: session 0 release /dev/pts/12 [root@thunder ~]#
It seems like the sshd somehow thinks that the Publickey authentication is disabled in your configuration. Can you please look at the /etc/ssh/sshd_config whether there is no 'PubkeyAuthentication no' line? What prints 'sshd -T | grep pubkey' (run as root)?
So this is interesting... [root@thunder ~]# cat /etc/ssh/sshd_config | grep PubkeyAuthentication PubkeyAuthentication yes [root@thunder ~]# sshd -T | grep pubkey pubkeyauthentication no
Do you have some Match directives in the sshd_config? Or even is your /etc/sshd_config modified somehow from the default one shipped in the package?
Created attachment 317263 [details] Current sshd_config file. Here is what my sshd_config is currently setup as.
This is probably a configuration error. I'm still working the issue on my side but I did get it working. Thanks for your time.