• pam and ssh and root logins

    From Popping mad@21:1/5 to All on Thu Oct 5 21:02:55 2017
    I'm trying, without success, to get this new server I am building to accept root access through ssh and it just won't open.

    [www3 ~]# grep -v "#" /etc/ssh/sshd_config
    PermitRootLogin yes
    AuthorizedKeysFile .ssh/authorized_keys
    PasswordAuthentication no
    UsePAM yes
    X11Forwarding yes
    Subsystem sftp /usr/lib/ssh/sftp-server
    AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
    AcceptEnv LC_IDENTIFICATION LC_ALL


    [ruben@flatbush ~]$ ssh -v -l root www3
    OpenSSH_7.5p1, OpenSSL 1.1.0f 25 May 2017
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 20: Applying options for *
    debug1: Connecting to www3 [10.0.0.37] port 22.
    debug1: Connection established.
    debug1: identity file /home/ruben/.ssh/id_rsa type 1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/ruben/.ssh/id_rsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/ruben/.ssh/id_dsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/ruben/.ssh/id_dsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/ruben/.ssh/id_ecdsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/ruben/.ssh/id_ecdsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/ruben/.ssh/id_ed25519 type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/ruben/.ssh/id_ed25519-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_7.5
    debug1: Remote protocol version 2.0, remote software version OpenSSH_7.5 debug1: match: OpenSSH_7.5 pat OpenSSH* compat 0x04000000
    debug1: Authenticating to www3:22 as 'root'
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: algorithm: curve25519-sha256
    debug1: kex: host key algorithm: ecdsa-sha2-nistp256
    debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: Server host key: ecdsa-sha2-nistp256 SHA256:RGmLAlUbSktwwZ838wOGKz6r+3s/lS9/sAzH7TzbAsg
    debug1: Host 'www3' is known and matches the ECDSA host key.
    debug1: Found key in /home/ruben/.ssh/known_hosts:16
    debug1: rekey after 134217728 blocks
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: rekey after 134217728 blocks
    debug1: SSH2_MSG_EXT_INFO received
    debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey
    debug1: Offering RSA public key: /home/ruben/.ssh/id_rsa
    debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Trying private key: /home/ruben/.ssh/id_dsa
    debug1: Trying private key: /home/ruben/.ssh/id_ecdsa
    debug1: Trying private key: /home/ruben/.ssh/id_ed25519
    debug1: Next authentication method: keyboard-interactive
    Password:
    Authentication failed.
    [ruben@flatbush ~]$

    log from the server

    /var/log/auth.log <==
    Oct 5 16:57:05 www3 sshd[26592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.62 user=root
    Oct 5 16:57:05 www3 sshd[26592]: pam_access(sshd:account): login_access: user=root, from=10.0.0.62, file=/etc/security/access.conf
    Oct 5 16:57:05 www3 sshd[26592]: pam_access(sshd:account): line 86: + : root : ALL
    Oct 5 16:57:05 www3 sshd[26592]: pam_access(sshd:account): list_match: list= root , item=root
    Oct 5 16:57:05 www3 sshd[26592]: pam_access(sshd:account): user_match: tok=root, item=root
    Oct 5 16:57:05 www3 sshd[26592]: pam_access(sshd:account): string_match: tok=root, item=root
    Oct 5 16:57:05 www3 sshd[26592]: pam_access(sshd:account): user_match=1, "root"
    Oct 5 16:57:05 www3 sshd[26592]: pam_access(sshd:account): list_match: list= ALL, item=root
    Oct 5 16:57:05 www3 sshd[26592]: pam_access(sshd:account): from_match: tok=ALL, item=10.0.0.62
    Oct 5 16:57:05 www3 sshd[26592]: pam_access(sshd:account): string_match: tok=ALL, item=10.0.0.62
    Oct 5 16:57:05 www3 sshd[26592]: pam_access(sshd:account): from_match=2, "10.0.0.62"
    Oct 5 16:57:05 www3 sshd[26590]: fatal: Internal error: PAM auth succeeded when it should have failed


    pan has a cascade of config files which I am trying to debug:


    [ruben@www3 pam.d]$ sudo cat sshd
    #%PAM-1.0
    #auth required pam_securetty.so #disable remote root
    auth include system-remote-login
    account include system-remote-login
    password include system-remote-login
    session include system-remote-login

    [ruben@www3 pam.d]$ sudo cat system-remote-login
    #%PAM-1.0

    auth include system-login
    account include system-login
    password include system-login
    session include system-login



    [ruben@www3 pam.d]$ sudo cat system-login
    #%PAM-1.0

    auth requisite pam_nologin.so
    auth required pam_tally.so onerr=succeed file=/var/log/faillog auth required pam_shells.so
    auth include system-auth
    auth [success=2 default=ok] pam_debug.so auth=perm_denied cred=success
    auth [default=reset] pam_debug.so auth=success cred=perm_denied
    auth [success=done default=die] pam_debug.so

    account required pam_access.so debug
    account required pam_nologin.so
    account include system-auth

    password include system-auth

    session optional pam_loginuid.so
    session include system-auth
    session optional pam_motd.so motd=/etc/motd
    session optional pam_mail.so dir=/var/spool/mail standard quiet -session optional pam_elogind.so
    session required pam_env.so



    [ruben@www3 pam.d]$ sudo cat system-auth
    #%PAM-1.0

    auth required pam_unix.so debug try_first_pass nullok
    auth optional pam_permit.so
    auth required pam_env.so

    account required pam_unix.so
    account optional pam_permit.so
    account required pam_time.so

    password required pam_unix.so try_first_pass nullok sha512 shadow password optional pam_permit.so

    session required pam_limits.so
    session required pam_unix.so
    session optional pam_permit.so

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Popping mad@21:1/5 to Popping mad on Thu Oct 5 21:26:10 2017
    On Thu, 05 Oct 2017 21:02:55 +0000, Popping mad wrote:

    I'm trying, without success, to get this new server I am building to accept root access through ssh and it just won't open.

    [www3 ~]# grep -v "#" /etc/ssh/sshd_config
    PermitRootLogin yes
    AuthorizedKeysFile .ssh/authorized_keys
    PasswordAuthentication no
    UsePAM yes
    X11Forwarding yes
    Subsystem sftp /usr/lib/ssh/sftp-server
    AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
    AcceptEnv LC_IDENTIFICATION LC_ALL


    [ruben@flatbush ~]$ ssh -v -l root www3
    OpenSSH_7.5p1, OpenSSL 1.1.0f 25 May 2017
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 20: Applying options for *
    debug1: Connecting to www3 [10.0.0.37] port 22.
    debug1: Connection established.
    debug1: identity file /home/ruben/.ssh/id_rsa type 1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/ruben/.ssh/id_rsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/ruben/.ssh/id_dsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/ruben/.ssh/id_dsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/ruben/.ssh/id_ecdsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/ruben/.ssh/id_ecdsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/ruben/.ssh/id_ed25519 type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/ruben/.ssh/id_ed25519-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_7.5
    debug1: Remote protocol version 2.0, remote software version OpenSSH_7.5 debug1: match: OpenSSH_7.5 pat OpenSSH* compat 0x04000000
    debug1: Authenticating to www3:22 as 'root'
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: algorithm: curve25519-sha256
    debug1: kex: host key algorithm: ecdsa-sha2-nistp256
    debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: Server host key: ecdsa-sha2-nistp256 SHA256:RGmLAlUbSktwwZ838wOGKz6r+3s/lS9/sAzH7TzbAsg
    debug1: Host 'www3' is known and matches the ECDSA host key.
    debug1: Found key in /home/ruben/.ssh/known_hosts:16
    debug1: rekey after 134217728 blocks
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: rekey after 134217728 blocks
    debug1: SSH2_MSG_EXT_INFO received
    debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey
    debug1: Offering RSA public key: /home/ruben/.ssh/id_rsa
    debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Trying private key: /home/ruben/.ssh/id_dsa
    debug1: Trying private key: /home/ruben/.ssh/id_ecdsa
    debug1: Trying private key: /home/ruben/.ssh/id_ed25519
    debug1: Next authentication method: keyboard-interactive
    Password:
    Authentication failed.
    [ruben@flatbush ~]$

    log from the server

    /var/log/auth.log <==
    Oct 5 16:57:05 www3 sshd[26592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.62 user=root
    Oct 5 16:57:05 www3 sshd[26592]: pam_access(sshd:account): login_access: user=root, from=10.0.0.62, file=/etc/security/access.conf
    Oct 5 16:57:05 www3 sshd[26592]: pam_access(sshd:account): line 86: + : root : ALL
    Oct 5 16:57:05 www3 sshd[26592]: pam_access(sshd:account): list_match: list= root , item=root
    Oct 5 16:57:05 www3 sshd[26592]: pam_access(sshd:account): user_match: tok=root, item=root
    Oct 5 16:57:05 www3 sshd[26592]: pam_access(sshd:account): string_match: tok=root, item=root
    Oct 5 16:57:05 www3 sshd[26592]: pam_access(sshd:account): user_match=1, "root"
    Oct 5 16:57:05 www3 sshd[26592]: pam_access(sshd:account): list_match: list= ALL, item=root
    Oct 5 16:57:05 www3 sshd[26592]: pam_access(sshd:account): from_match: tok=ALL, item=10.0.0.62
    Oct 5 16:57:05 www3 sshd[26592]: pam_access(sshd:account): string_match: tok=ALL, item=10.0.0.62
    Oct 5 16:57:05 www3 sshd[26592]: pam_access(sshd:account): from_match=2, "10.0.0.62"
    Oct 5 16:57:05 www3 sshd[26590]: fatal: Internal error: PAM auth succeeded when it should have failed


    pan has a cascade of config files which I am trying to debug:


    [ruben@www3 pam.d]$ sudo cat sshd
    #%PAM-1.0
    #auth required pam_securetty.so #disable remote root
    auth include system-remote-login
    account include system-remote-login
    password include system-remote-login
    session include system-remote-login

    [ruben@www3 pam.d]$ sudo cat system-remote-login
    #%PAM-1.0

    auth include system-login
    account include system-login
    password include system-login
    session include system-login



    [ruben@www3 pam.d]$ sudo cat system-login
    #%PAM-1.0

    auth requisite pam_nologin.so
    auth required pam_tally.so onerr=succeed file=/var/log/faillog
    auth required pam_shells.so
    auth include system-auth
    auth [success=2 default=ok] pam_debug.so auth=perm_denied cred=success auth [default=reset] pam_debug.so auth=success cred=perm_denied auth [success=done default=die] pam_debug.so

    account required pam_access.so debug
    account required pam_nologin.so
    account include system-auth

    password include system-auth

    session optional pam_loginuid.so
    session include system-auth
    session optional pam_motd.so motd=/etc/motd
    session optional pam_mail.so dir=/var/spool/mail standard quiet -session optional pam_elogind.so
    session required pam_env.so



    [ruben@www3 pam.d]$ sudo cat system-auth
    #%PAM-1.0

    auth required pam_unix.so debug try_first_pass nullok
    auth optional pam_permit.so
    auth required pam_env.so

    account required pam_unix.so
    account optional pam_permit.so
    account required pam_time.so

    password required pam_unix.so try_first_pass nullok sha512 shadow password optional pam_permit.so

    session required pam_limits.so
    session required pam_unix.so
    session optional pam_permit.so



    Maybe it is triggering here in openssh

    case PAM_SUCCESS:
    if (**prompts != NULL) {
    /* drain any accumulated messages */
    debug("PAM: %s", **prompts);
    buffer_append(&loginmsg, **prompts,
    strlen(**prompts));
    free(**prompts);
    **prompts = NULL;
    }
    if (type == PAM_SUCCESS) {
    if (!sshpam_authctxt->valid ||
    (sshpam_authctxt->pw->pw_uid == 0 &&
    options.permit_root_login != PERMIT_YES))
    fatal("Internal error: PAM auth "
    "succeeded when it should have "
    "failed");
    import_environments(&buffer);
    *num = 0;
    **echo_on = 0;
    ctxt->pam_done = 1;
    free(msg);
    return (0);
    }

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Natural Philosopher@21:1/5 to Popping mad on Fri Oct 6 09:49:50 2017
    On 05/10/17 22:02, Popping mad wrote:
    I'm trying, without success, to get this new server I am building to accept root access through ssh and it just won't open.

    [www3 ~]# grep -v "#" /etc/ssh/sshd_config
    PermitRootLogin yes
    AuthorizedKeysFile .ssh/authorized_keys
    PasswordAuthentication no
    UsePAM yes
    X11Forwarding yes
    Subsystem sftp /usr/lib/ssh/sftp-server
    AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
    AcceptEnv LC_IDENTIFICATION LC_ALL


    [ruben@flatbush ~]$ ssh -v -l root www3
    OpenSSH_7.5p1, OpenSSL 1.1.0f 25 May 2017
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 20: Applying options for *
    debug1: Connecting to www3 [10.0.0.37] port 22.
    debug1: Connection established.
    debug1: identity file /home/ruben/.ssh/id_rsa type 1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/ruben/.ssh/id_rsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/ruben/.ssh/id_dsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/ruben/.ssh/id_dsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/ruben/.ssh/id_ecdsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/ruben/.ssh/id_ecdsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/ruben/.ssh/id_ed25519 type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/ruben/.ssh/id_ed25519-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_7.5
    debug1: Remote protocol version 2.0, remote software version OpenSSH_7.5 debug1: match: OpenSSH_7.5 pat OpenSSH* compat 0x04000000
    debug1: Authenticating to www3:22 as 'root'
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: algorithm: curve25519-sha256
    debug1: kex: host key algorithm: ecdsa-sha2-nistp256
    debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: Server host key: ecdsa-sha2-nistp256 SHA256:RGmLAlUbSktwwZ838wOGKz6r+3s/lS9/sAzH7TzbAsg
    debug1: Host 'www3' is known and matches the ECDSA host key.
    debug1: Found key in /home/ruben/.ssh/known_hosts:16
    debug1: rekey after 134217728 blocks
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: rekey after 134217728 blocks
    debug1: SSH2_MSG_EXT_INFO received
    debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey
    debug1: Offering RSA public key: /home/ruben/.ssh/id_rsa
    debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Trying private key: /home/ruben/.ssh/id_dsa
    debug1: Trying private key: /home/ruben/.ssh/id_ecdsa
    debug1: Trying private key: /home/ruben/.ssh/id_ed25519
    debug1: Next authentication method: keyboard-interactive
    Password:
    Authentication failed.
    [ruben@flatbush ~]$

    Here is a successful login for me aqs a normal user

    The ouut is almost identiocal up to the last 5 lines


    $ ssh -v vps
    OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 19: Applying options for *
    debug1: /etc/ssh/ssh_config line 55: Applying options for *
    debug1: Connecting to vps [185.113.128.151] port 22.
    debug1: Connection established.
    debug1: identity file /home/me/.ssh/id_rsa type 1
    debug1: identity file /home/me/.ssh/id_rsa-cert type -1
    debug1: identity file /home/me/.ssh/id_dsa type -1
    debug1: identity file /home/me/.ssh/id_dsa-cert type -1
    debug1: identity file /home/me/.ssh/id_ecdsa type -1
    debug1: identity file /home/me/.ssh/id_ecdsa-cert type -1
    debug1: identity file /home/me/.ssh/id_ed25519 type -1
    debug1: identity file /home/me/.ssh/id_ed25519-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
    debug1: Remote protocol version 2.0, remote software version
    OpenSSH_5.5p1 Debian-6+squeeze5
    debug1: match: OpenSSH_5.5p1 Debian-6+squeeze5 pat OpenSSH_5* compat
    0x0c000000
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Server host key: RSA fd:77:63:9f:9b:88:f0:62:af:64:aa:f8:5f:a1:54:5e debug1: Host 'vps' is known and matches the RSA host key.
    debug1: Found key in /home/me/.ssh/known_hosts:5
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Offering RSA public key: /home/me/.ssh/id_rsa
    debug1: Server accepts key: pkalg ssh-rsa blen 279
    debug1: Authentication succeeded (publickey).
    Authenticated to vps ([185.113.128.151]:22).
    debug1: channel 0: new [client-session]
    debug1: Requesting no-more-sessions@openssh.com
    debug1: Entering interactive session.
    debug1: Sending environment.

    Here is where it goes wrong


    debug1: Offering RSA public key: /home/ruben/.ssh/id_rsa
    debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Trying private key: /home/ruben/.ssh/id_dsa
    debug1: Trying private key: /home/ruben/.ssh/id_ecdsa
    debug1: Trying private key: /home/ruben/.ssh/id_ed25519
    debug1: Next authentication method: keyboard-interactive
    Password:
    Authentication failed.
    [ruben@flatbush ~]$debug1: Sending env LANG = en_GB.UTF-8

    Your server does not accept the contents of /home/ruben/.ssh/id_rsa

    If I try and log in as root, which is disallowed I get the same problem

    I am guessing, but did you put the right stuff in /root/.ssh ??



    --
    To ban Christmas, simply give turkeys the vote.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Popping mad@21:1/5 to The Natural Philosopher on Fri Oct 6 23:19:50 2017
    On Fri, 06 Oct 2017 09:49:50 +0100, The Natural Philosopher wrote:

    our server does not accept the contents of /home/ruben/.ssh/id_rsa

    If I try and log in as root, which is disallowed I get the same problem

    the problem is in pam

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)