next »

[mudskipper]

i have a freeBSD server to which i want to connect to using ssh. my local machine is a linux box on a local network. everything was working but i changed the password of root user on my local machine, and restrict the root user to login, and change the setting on /etc/ssh/sshd_config to use :
AllowUsers User1, User2, User3

i have recreated the authorized_keys, and copied to the host server, set file's permission to 0600

the error i have got when i tried this
ssh -v -v user1@xxx.x.xxx.xxx
is:

debug: SshAppCommon/sshappcommon.c:154/ssh_app_get_global_regex_context: Allocating global SshRegex context.
debug: SshConfig/sshconfig.c:2184/ssh2_parse_config: Unable to open /root/.ssh2/ssh2_config
debug: Connecting to xxx.x.xxx.xxx, port 22...
debug: Ssh2/ssh2.c:1956/main: Entering event loop.
debug: Ssh2Client/sshclient.c:1328/ssh_client_wrap: Creating transport protocol.
debug: SshAuthMethodClient/sshauthmethodc.c:137/ssh_client_authentication_initialize: Added "publickey" to usable methods.
debug: SshAuthMethodClient/sshauthmethodc.c:137/ssh_client_authentication_initialize: Added "password" to usable methods.
debug: Ssh2Client/sshclient.c:1360/ssh_client_wrap: Creating userauth protocol.
debug: client supports 2 auth methods: 'publickey,password'
debug: Ssh2Common/sshcommon.c:496/ssh_common_wrap: local ip = 10.0.0.7, local port = 54410
debug: Ssh2Common/sshcommon.c:498/ssh_common_wrap: remote ip = xxx.x.xxx.xxx, remote port = 22
debug: SshConnection/sshconn.c:1889/ssh_conn_wrap: Wrapping...
warning: Need basic cursor movement capability, using vt100
debug: Remote version: SSH-2.0-OpenSSH_4.5p1 FreeBSD-20061110
debug: Ssh2Transport/trcommon.c:1373/ssh_tr_input_version: Remote version has rekey incompatibility bug.
debug: Ssh2Transport/trcommon.c:1376/ssh_tr_input_version: Remote version is OpenSSH, KEX guesses disabled.
debug: Ssh2Transport/trcommon.c:1717/ssh_tr_negotiate: lang s to c: `', lang c to s: `'
debug: Ssh2Transport/trcommon.c:1783/ssh_tr_negotiate: c_to_s: cipher aes128-cbc, mac hmac-sha1, compression none
debug: Ssh2Transport/trcommon.c:1786/ssh_tr_negotiate: s_to_c: cipher aes128-cbc, mac hmac-sha1, compression none
debug: Remote host key found from database.
debug: Ssh2Common/sshcommon.c:291/ssh_common_special: Received SSH_CROSS_STARTUP packet from connection protocol.
debug: Ssh2Common/sshcommon.c:341/ssh_common_special: Received SSH_CROSS_ALGORITHMS packet from connection protocol.
debug: server offers auth methods 'publickey,keyboard-interactive'.
warning: /root/.ssh2/identification: 2: invalid definition.
warning: /root/.ssh2/identification: 3: invalid definition.
warning: /root/.ssh2/identification: 4: invalid definition.
warning: /root/.ssh2/identification: 5: invalid definition.
warning: /root/.ssh2/identification: 6: invalid definition.
warning: /root/.ssh2/identification: 7: invalid definition.
warning: /root/.ssh2/identification: 8: invalid definition.
warning: /root/.ssh2/identification: 9: invalid definition.
warning: /root/.ssh2/identification: 10: invalid definition.
warning: /root/.ssh2/identification: 11: invalid definition.
warning: /root/.ssh2/identification: 12: invalid definition.
warning: /root/.ssh2/identification: 13: invalid definition.
debug: Ssh2AuthClient/sshauthc.c:316/ssh_authc_completion_proc: Method 'publickey' disabled.
debug: server offers auth methods 'publickey,keyboard-interactive'.
debug: Ssh2Common/sshcommon.c:136/ssh_common_disconnect: DISCONNECT received: No further authentication methods available.
warning: Authentication failed.
debug: Ssh2/ssh2.c:117/client_disconnect: locally_generated = TRUE
Disconnected; no more authentication methods available (No further authentication methods available.).
debug: Ssh2Client/sshclient.c:1393/ssh_client_destroy: Destroying client.
debug: SshConnection/sshconn.c:1937/ssh_conn_destroy: Destroying SshConn object.
debug: Ssh2Client/sshclient.c:1446/ssh_client_destroy_finalize: Destroying client completed.
debug: SshAuthMethodClient/sshauthmethodc.c:162/ssh_client_authentication_uninitialize: Destroying authentication method array.

thank you for any responses!

[vsloathe]

If you're trying to login to your remote box as root, your SSH auth is going to fail. The hashes that the SSH client generates contain data about the user logging in.

Also, unless you pass user@remote_host as the arg to SSH, it's going to assume you want to login as you. You get me?

E.g. If I want to login as root to my remote box, and I don't login locally as root (I won't get into how bad a practice it is to login to *any* box as root in this space), I would need to:

Code:

ssh root@[remote_host_name_or_ip]

Follow? You're going to need to generate new key pairs if you want to allow non-root users on your local box to SSH as root to your remote box.

[mudskipper]

it was a special user that i used. no i don't want to use root to login.

ssh -v -v user1@xxx.x.xxx.xxx

yes i have generated a new pair of auth keys, set it on the remote server, set the permission 0600. please read the debug message above and see if you can find any clue.

thanks for the reply