Hi<br>I experience a problem with sshd on a fedora core 5 release & openssh-server-4.3p2-4.<br>The anoyance is with the public key auth. Only the root user can logon on the server with this method (other users can connect by giving their password).
<br>I look in the sshd_config file but i dont see anything related with user restriction & public key.<br><br>the authorized_keys file is secured as this: -rwxrwxr-x user user<br>the ~/.ssh : drwxrwxr-x user user
<br>And, of course i am using the correct set public/private key<br><br>Thanks for your help<br>Here is my sshd conf file. But maybe, its a pam problem?<br><br>#Port 22<br>#Protocol 2,1<br>Protocol 2<br>#AddressFamily any
<br>#ListenAddress <a href="http://0.0.0.0" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">0.0.0.0</a><br>#ListenAddress ::<br><br># HostKey for protocol version 1<br>#HostKey /etc/ssh/ssh_host_key
<br># HostKeys for protocol version 2<br>#HostKey /etc/ssh/ssh_host_rsa_key
<br>#HostKey /etc/ssh/ssh_host_dsa_key<br><br># Lifetime and size of ephemeral version 1 server key<br>#KeyRegenerationInterval 1h<br>#ServerKeyBits 768<br><br># Logging<br># obsoletes QuietMode and FascistLogging<br>#SyslogFacility AUTH
<br>SyslogFacility AUTHPRIV<br>#LogLevel INFO<br><br># Authentication:<br><br>#LoginGraceTime 2m<br>#PermitRootLogin yes<br>#StrictModes yes<br>#MaxAuthTries 6<br><br>RSAAuthentication yes<br>PubkeyAuthentication yes<br>
AuthorizedKeysFile .ssh/authorized_keys
<br><br># For this to work you will also need host keys in /etc/ssh/ssh_known_hosts<br>#RhostsRSAAuthentication no<br># similar for protocol version 2<br>#HostbasedAuthentication no<br># Change to yes if you don't trust ~/.ssh/known_hosts for
<br># RhostsRSAAuthentication and HostbasedAuthentication<br>#IgnoreUserKnownHosts no<br># Don't read the user's ~/.rhosts and ~/.shosts files<br>#IgnoreRhosts yes<br><br># To disable tunneled clear text passwords, change to no here!
<br>#PasswordAuthentication yes<br>#PermitEmptyPasswords no<br>PasswordAuthentication yes<br><br># Change to no to disable s/key passwords<br>#ChallengeResponseAuthentication yes<br>ChallengeResponseAuthentication no<br>
<br>
# Kerberos options<br>#KerberosAuthentication no<br>#KerberosOrLocalPasswd yes<br>#KerberosTicketCleanup yes<br>#KerberosGetAFSToken no<br><br># GSSAPI options<br>#GSSAPIAuthentication no<br>GSSAPIAuthentication yes<br>#GSSAPICleanupCredentials yes
<br>GSSAPICleanupCredentials yes<br><br># Set this to 'yes' to enable PAM authentication, account processing, <br># and session processing. If this is enabled, PAM authentication will <br># be allowed through the ChallengeResponseAuthentication mechanism.
<br># Depending on your PAM configuration, this may bypass the setting of <br># PasswordAuthentication, PermitEmptyPasswords, and <br># "PermitRootLogin without-password". If you just want the PAM account and <br>
# session checks to run without PAM authentication, then enable this but set <br># ChallengeResponseAuthentication=no<br>#UsePAM no<br>UsePAM yes<br><br># Accept locale-related environment variables<br>AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
<br>AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT <br>AcceptEnv LC_IDENTIFICATION LC_ALL<br>#AllowTcpForwarding yes<br>#GatewayPorts no<br>#X11Forwarding no<br>X11Forwarding yes<br>#X11DisplayOffset 10
<br>#X11UseLocalhost yes<br>#PrintMotd yes<br>#PrintLastLog yes<br>#TCPKeepAlive yes<br>#UseLogin no<br>#UsePrivilegeSeparation yes<br>#PermitUserEnvironment no<br>#Compression delayed<br>#ClientAliveInterval 0<br>#ClientAliveCountMax 3
<br>#ShowPatchLevel no<br>#UseDNS yes<br>#PidFile /var/run/sshd.pid<br>#MaxStartups 10<br>#PermitTunnel no<br><br># no default banner path<br>Banner /etc/ssh/banner<br><br># override default of no subsystems<br>Subsystem sftp /usr/libexec/openssh/sftp-server
<br><br>