Return to Question

I found my /etc/ssh/sshd_config file. I won't post the whole thing, but it does have the following lines:

I found my /etc/ssh/sshd_config file on the ftp-server. I won't post the whole thing, but it does have the following lines:

Below is the output of the ssh -v command.

OpenSSH_5.1p1, OpenSSL 0.9.8g 19 Oct 2007
usage: ssh [-1246AaCfgKkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]
           [-D [bind_address:]port] [-e escape_char] [-F configfile]
           [-i identity_file] [-L [bind_address:]port:host:hostport]
           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
           [-R [bind_address:]port:host:hostport] [-S ctl_path]
           [-w local_tun[:remote_tun]] [user@]hostname [command]

I found my /etc/ssh/sshd_config file. I won't post the whole thing, but it does have the following lines:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

As far as I can tell from the documentation, I think these lines are set correctly for what I want to do (s/key is something unrelated to ssh keypairs, right?).

I found my /etc/ssh/sshd_config file. I won't post the whole thing, but it does have the following lines:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

As far as I can tell from the documentation, I think these lines are set correctly for what I want to do (s/key is something unrelated to ssh keypairs, right?).

Below is the verbose output while connecting.

[wbarlow@build-machine]:~$ ssh -v wbarlow@ftp-server
OpenSSH_6.1p1 Debian-4, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to ftp-server [(ip hidden)] port 22.
debug1: Connection established.
debug1: identity file /home/wbarlow/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/wbarlow/.ssh/id_rsa-cert type -1
debug1: identity file /home/wbarlow/.ssh/id_dsa type -1
debug1: identity file /home/wbarlow/.ssh/id_dsa-cert type -1
debug1: identity file /home/wbarlow/.ssh/id_ecdsa type -1
debug1: identity file /home/wbarlow/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1
debug1: match: OpenSSH_5.1 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1p1 Debian-4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA [SNIP]
debug1: Host 'ftp-server' is known and matches the RSA host key.
debug1: Found key in /home/wbarlow/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Cannot determine realm for numeric host address

debug1: Unspecified GSS failure.  Minor code may provide more information
Cannot determine realm for numeric host address

debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Unspecified GSS failure.  Minor code may provide more information
Cannot determine realm for numeric host address

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/wbarlow/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /home/wbarlow/.ssh/id_dsa
debug1: Trying private key: /home/wbarlow/.ssh/id_ecdsa
debug1: Next authentication method: password
wbarlow@ftp-server's password: 

So -- how can I check that the FTP server is configured to accept authorized keys, and what sort of keys is it configured to accept? How can I check that the keys are being stored in the expected place (my home directory on ftp-server is /var/ftp/wbarlow/, but I've also tried copying the .ssh folder from there to /home/wbarlow/.)?

I am able to use the public key to authenticate with other machines (namely, my Git repository host), so I don't think that the problem is on the client-side.

So -- how can I check that the FTP server is configured to accept authorized keys, and what sort of keys is it configured to accept? How can I check that the keys are being stored in the expected place (my home directory on ftp-server is /var/ftp/wbarlow/, but I've also tried copying the .ssh folder from there to /home/wbarlow/.)?