Getting public-key auth working in Solaris 10
Posted Fri, 29 Dec 2006
Once upon a time, there was a Solaris 10 box where I wasn't able to use ssh keys to login.
Thankfully, that time has now passed. The problem was because PAM was denying access with public keys.
Running sshd in debug mode (-ddd) I would see this:
Found matching DSA key: 80:aa:32:03:ef:51:9c:7b:0f:1d:ac:37:17:d5:fd:2b debug1: restore_uid: 0/0 debug1: ssh_dss_verify: signature correct debug2: Starting PAM service sshd-pubkey for method publickey debug3: Trying to reverse map address 220.127.116.11. debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss Failed publickey for psionic from 18.104.22.168 port 55957 ssh2Clearly indicated here, is the fact that it accepted my ssh-dss key, but I failed for some other reason. Listed here, is:
Starting PAM service sshd-pubkey for method publickey. Solaris 10's manpage for sshd shows that it uses different PAM service names for each type of authentication.
The solution involved adding a simple service entry in /etc/pam.conf:
sshd-pubkey auth required pam_unix_cred.so.1It works now. This takes effect immediately as the pam config is invoked any time sshd uses pam, so you don't have to restart sshd.