David Brinegar
04-24-2005, 11:01 AM
When ssh says:
Permission denied (publickey).
and
debug1: Offering public key: /Users/xs/.ssh/id_dsa
it looks like you've accidentally copied the public key (id_dsa.pub) over the private key (id_dsa). Hope that helps!
exess
04-24-2005, 11:37 AM
Nope, sorry. Files are correct (just checked them). I tried to change ssh_config Identityfile to ~/.ssh/id_dsa.pub, but it didn't change anything at all... I guess there is a misunderstanding problem between the Mac and OpenSSH on the linux box... Any other idea?
Gnarlodious
04-24-2005, 12:22 PM
It's not a well documented feature, but SSH examines every path component of the target authorized_keys file and if access is too liberal it rejects the offer.
In my case, since my userfolder is a partition it is in the "Volumes" folder. Permissions on my Volumes folder were a little too open, so SSH failed.
Check the system.log for a report on the other machine.
exess
04-25-2005, 01:23 AM
Even more stupid than that : on the server side, .ssh directory was owned by root:root. I chowned it and now tadaaaam it works ! (what a dick I am!) Anyway, I now have to provide the passphrase when I log. Is it mandatory (i.e. I'll have to enter it everytime unless I create another key without a passphrase) or may I avoid this ?
Gnarlodious
04-25-2005, 08:54 AM
You don't need to enter a password. If you make the key and enter the password there you will need one to login, but it's a high-security feature. I leave all mine blank and none is required.
exess
04-25-2005, 09:57 AM
Well, maybe I'm paranoid but I'd rather use a passphrase anyway. And you just have to use "sshkeychain" (a subset of the excellent ssh-agent for Mac OS X) to add your ssh key pair to keychain and unlock them at login... ;)
Gnarlodious
04-25-2005, 10:08 AM
That is an awful lot of trouble. You should use that method if you suspect anyone will have physical access to your machine and steal your key. Nothing I do needs that much security :=)
TOP
