Re: authorized_key

Hi,
Can you please help me for this???
Iam using windows 2000 as server and windows XP as client.
Using public key with no pass phrase , iam getting
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).
Please help me
Message are as follows

C:\Documents and Settings\localuser\.ssh>ssh -vvv -i loc.key user@ip
OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to "ip addr" port 22.
debug1: Connection established.
debug1: identity file loc.key type 0
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.8.1p1
debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-gro
up1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes2
56-c
tr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes2
56-c
tr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-gro
up1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes2
56-c
tr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes2
56-c
tr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 144/256
debug2: bits set: 503/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/localuser/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host 'IP ADDRESS' is known and matches the RSA host key.
debug1: Found key in /home/localuser/.ssh/known_hosts:2
debug2: bits set: 529/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: input_userauth_banner

                            ****USAGE WARNING****

This is a private computer system. This computer system, including all
related equipment, networks, and network devices (specifically including
Internet access) are provided only for authorized use. This computer system
may be monitored for all lawful purposes, including to ensure that its use
is authorized, for management of the system, to facilitate protection
against
unauthorized access, and to verify security procedures, survivability, and
operational security. Monitoring includes active attacks by authorized
entities
to test or verify the security of this system. During monitoring,
information
may be examined, recorded, copied and used for authorized purposes. All
information, including personal information, placed or sent over this system
may be monitored.

Use of this computer system, authorized or unauthorized, constitutes consent
to monitoring of this system. Unauthorized use may subject you to criminal
prosecution. Evidence of unauthorized use collected during monitoring may be
used for administrative, criminal, or other adverse action. Use of this
system
constitutes consent to monitoring for these purposes.

debug1: Authentications that can continue: publickey,keyboard-interactive
debug3: start over, passed a different list publickey,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).

Thanks&Regards,
Rajeev
----- Original Message -----
From: "Mick Ken" <micks80@gmail.com>
To: <ssh@erdelynet.com>
Sent: Friday, November 02, 2007 7:57 PM
Subject: Re: authorized_key

> Hi,
> I think, you just have to modify your sshd_config file to disable that
> password option. Check this extract taken from some article:
>
> Disabling password authentication on OpenSSH
>
> Once the user's public and private keypair are verified as correct,
> it's possible to disable password authentication on the Linux server
> entirely. This entirely forestalls all possible password-guessing
> attempts and dramatically secures a machine.
>
> However, for machines not physically local, it's wise to defer on
> disabling password authentication until it's absolutely clear that the
> keyed access is working properly, especially if multiple users are
> involved. Once password authentication has been disabled, even the
> root password won't allow one into the system.
>
> Those new to public key access are encouraged to test very carefully.
>
> The configuration of the SSH Daemon is found in the sshd_config file,
> often stored in the /etc/ssh/ directory. This is a text file which is
> relatively easy to read; we'll be looking for two entries to modify.
>
> First is to set PasswordAuthentication to the value no. This may be
> explicitly set to yes, or it may be commented out to rely on the
> default, but we wish to explicitly disable this:
>
> Second, we wish to disable SSH protocol version 1: this is old, has
> several substantial security weaknesses, and should not be allowed
> from the outside world.
>
> Edit the configuration file and ensure that the two keyword entries
> are set properly; comment out the old entries if necessary.
> /etc/ssh/sshd_config
>
> # Protocol 1,2
> Protocol 2
> PasswordAuthentication no
>
> Once the configuration file has been saved, the Secure Shell daemon
> must be restarted; on most platforms this can be done with the
> "service" mechanism:
>
> # service sshd restart
>
> This kills the listening daemon and restarts it, but does not
> terminate any existing individual user sessions. Those who feel this
> might be a risky step are invited to simply reboot the machine.
>
> At this point, OpenSSH will no longer accept passwords of any kind,
> with access granted only for users with pre-established public keys.
>
> HTH
> Mick
>
>
> On 11/2/07, Jürgen Rott <info2007@rott-home.de> wrote:
> >
> >
> >
> > Hello,
> >
> >
> >
> > first I have to tell, that I am German and my English is more or less a
> > little bit poor…
> >
> > Anyway I have a question…
> >
> >
> >
> > I try to manage the key authorized access to my windows pc running
openSSH.
> > So I copied the public key of the other machine (running Linux) into the
> > file „authorized_keys" in „…/root/.ssh" (home-dir) on my windows
computer
> > called mondrian. But if I try to connect, I'm still asked for the
password
> > of root@mondrian. With given password, there aren't any problems so far.
> >
> >
> >
> > Best regards,
> >
> >
> >
> > Jürgen Rott
> >
> >
> >
> >
>
>
> --
> List Info: http://erdelynet.com/ssh-l/
> List Archives: http://erdelynet.com/archive/ssh-l/
> To Unsubscribe: Mail mailto:ssh+unsubscribe@erdelynet.com
>
>
>

This electronic mail (including any attachment thereto) may be confidential and privileged and is intended only for the individual or entity named above. Any unauthorized use, printing, copying, disclosure or dissemination of this communication may be subject to legal restriction or sanction. Accordingly, if you are not the intended recipient, please notify the sender by replying to this email immediately and delete this email (and any attachment thereto) from your computer system...Thank You

--
List Info:      http://erdelynet.com/ssh-l/
List Archives:  http://erdelynet.com/archive/ssh-l/
To Unsubscribe: Mail mailto:ssh+unsubscribe@erdelynet.com