On Tuesday 17 October 2006 01:07, you wrote: > After I upgraded to 3.9 stable from Oct 10 SSH key login no longer work. > > All my servers stopped working with SSH key logins with the result that all > my rsync automated backups gave up. This happened after my last upgrade > October 10, where I did a full source update of my 3.9 stable. I could > however still login with any account where I use passwords. Both source and > target SSH was OpenBSD and 3.9 from October 10. And as said it happened on > six server at the same time. The only thing that could have caused this is > that this update contained the new OpenSSH 4.4. > > I think the thread " > Cannot login into OpenSSH after applying patch 020_ssh2.patch to OpenBSD > 3.8 stable" is not the same problem. Or is it? Well... the fix for that > thread problem was "cd /usr/src/usr.bin/ssh && make obj depend && make && > make install". And that does not help here.... Apart from that, the result > is EXACTLY the same as the referenced thread. > > Login with keys from a patched 3.9 system to a non patched system (ssh 4.4 > against 4.3) still works... > > Any clues? > > Thanks in advance > Per-Olov
Will add some output of a verbose login as well..... (name and IP changed) This worked on all six servers before the 3.9 STABLE update that changed OpenSSH to 4.4. And after the stable update all key logins are broken and only password login works. [EMAIL PROTECTED]:~#ssh -v [EMAIL PROTECTED] OpenSSH_4.4, OpenSSL 0.9.7g 11 Apr 2005 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to MYSERVER.MYDOMAIN.COM [1.1.1.1] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_dsa type 2 debug1: Remote protocol version 1.99, remote software version OpenSSH_4.4 debug1: match: OpenSSH_4.4 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.4 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'MYSERVER.MYDOMAIN.COM' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:3 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug1: Trying private key: /root/.ssh/id_rsa debug1: Offering public key: /root/.ssh/id_dsa debug1: Server accepts key: pkalg ssh-dss blen 1585 debug1: read PEM private key done: type DSA debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: keyboard-interactive Connection closed by 1.1.1.1 /Per-Olov
