Hi,
I have HP-UX zuz B.11.11 U 9000/800 and sshd
SSH Tectia Server 4.2
I have problem with login on this machine without password. I use puttygen 0.59 and putty 0.59. Generated public key, put ftp to the server ~/.ssh/ with name authorization.
chmod for .ssh is 755 and for the authorization file I try 755, 600, 400, and even 777 on the putty I have "Server refused our key"
This is sshd_conf:
## SSH CONFIGURATION FILE FORMAT VERSION 1.1
## REGEX-SYNTAX egrep
## end of metaconfig
## (leave above lines intact!)
##
## sshd2_config
##
## SSH Tectia Server 4.2 Configuration File
##
## General
# HostKeyFile hostkey
# PublicHostKeyFile hostkey.pub
# RandomSeedFile random_seed
# BannerMessageFile /etc/ssh2/ssh_banner_message
BannerMessageFile /etc/issue
#
# VerboseMode no
QuietMode yes
# SyslogFacility AUTH
# SyslogFacility LOCAL7
# SftpSyslogFacility LOCAL7
## Network
# Port is not commented out, as it is needed by the example startup
# scripts. Well, the default will not likely change.
Port 22
# ListenAddress any
# ResolveClientHostName yes
# RequireReverseMapping no
# MaxBroadcastsPerSecond 0
# MaxBroadcastsPerSecond 1
# NoDelay no
# KeepAlive yes
# MaxConnections 50
# MaxConnections 0
# 0 == number of connections not limited
## Crypto
# Ciphers AnyCipher
# Ciphers AnyStdCipher
# Ciphers 3des
# Following includes "none" 'cipher':
# Ciphers AnyStd
#
# MACs AnyMAC
# MACs AnyStdMAC
# Following includes "none" 'mac':
# MACs AnyStd
#
# RekeyIntervalSeconds 3600
## User
# PrintMotd yes
CheckMail no
# StrictModes yes
# Specifies 1 hour (you can also use 'w' for week, 'd' for day, 'm' for
# minute, 's' for seconds)
# IdleTimeOut 1h
# without specifier, the default number is in seconds
# IdleTimeOut 3600
#
# UserConfigDirectory "%D/.ssh2"
# UserConfigDirectory "/etc/ssh2/auth/%U"
# AuthorizationFile authorization
# This variable is set here, because by default it is empty, and so no
# variables can be set. Because of that, we set a few common ones here.
SettableEnvironmentVars LANG,LC_(ALL|COLLATE|CTYPE|MONETARY|NUMERIC|TIME),PATH,TERM,TZ
## Tunneling
# AllowX11Forwarding yes
# AllowTcpForwarding yes
# AllowTcpForwardingForUsers sjl, ra-user@remote\.example
# DenyTcpForwardingForUsers 2[[:digit:]]*4,peelo
# AllowTcpForwardingForGroups privileged_tcp_forwarders
# DenyTcpForwardingForGroups coming_from_outside
#
# Local port forwardings to host 10.1.0.25 ports 143 and 25 are
# allowed for all users in group users.
# Note that forwardings using the name of this host will be allowed (if
# it can be resolved from the DNS).
#
# ForwardACL allow local .*%users \i10\.1\.0\.25%(143|25)
#
# Local port forwardings requested exactly to host proxy.company.com
# port 8080 are allowed for users that have 's' as first character
# and belong to the group with group ID (GID) 10:
#
# ForwardACL allow local s.*%10 proxy\.company\.com%8080
#
# Remote port forwarding is denied for all users to all hosts:
# ForwardACL deny remote .* .*
## Authentication
## publickey and password allowed by default
# AllowedAuthentications publickey,password
# AllowedAuthentications hostbased,publickey,password
AllowedAuthentications hostbased,publickey,keyboard-interactive,password
# RequiredAuthentications publickey,password
# LoginGraceTime 600
# AuthInteractiveFailureTimeout 2
#
# HostbasedAuthForceClientHostnameDNSMatch no
# UserKnownHosts yes
#
# AuthPublicKey.MaxSize 0
# AuthPublicKey.MinSize 0
# AllowAgentForwarding yes
#
# Cert.RSA.Compat.HashScheme md5
# AuthKbdInt.NumOptional 0
# AuthKbdInt.Optional pam,password
AuthKbdInt.Required pam
# AuthKbdInt.Required password
# AuthKbdInt.Retries 3
#
# PermitEmptyPasswords yes
# PasswordGuesses 3
# CertdListenerPath /var/run/ssh-certd-listener
# Ignoring certain restrictions during user login: password expiration
# on AIX, HP-UX in trusted mode, Windows, and rlogin prohibition
# (for root account) on AIX.
# IgnoreLoginRestrictions.PasswordExpiration no
# IgnoreLoginRestrictions.Rlogin.AIX no
# To enable authentication time password changing (instead of the old
# forced command style), uncomment the following line (note that you need
# the binary packages or you have had to configure the source
# --with-passwd-plugin (only available on limited set of architectures)):
# AuthPassword.ChangePlugin ssh-passwd-plugin
# (this will also be used by the "password" submethod in
# keyboard-interactive).
# To enable SecurID plugins (if available for your architecture),
# uncomment either of the following lines
# AuthKbdInt.Plugin ssh-securidv5-plugin
# AuthKbdInt.Plugin ssh-securidv4-plugin
# depending on your RSA ACE version. Also, you need to set the
# VAR_ACE environment variable to point to your ACE data directory
# before restarting sshd2.
# You also need to enable the "plugin" submethod for
# keyboard-interactive (use either "AuthKbdInt.Required" or
# "AuthKbdInt.Optional" configuration keywords for this purpose).
## Host restrictions
# AllowHosts localhost, example\.com, friendly\.example
#
## Next one matches with, for example, taulu.foobar.com, tuoli.com, but
## not tuoli1.com. Note that you have to input string "\." when you want it
## to match only a literal dot. You also have to escape "," when you
## want to use it in the pattern, because otherwise it is considered a list
## separator.
##
## AllowHosts t..l.\..*
##
## The following matches any numerical IP address (yes, it is cumbersome)
##
## AllowHosts ([[:digit:]]{1\,3}\.){3}[[:digit:]]{1\,3}
##
## Same thing is achieved with the special prefix "\i" in a pattern.
## This means that the pattern is only used to match IP addresses.
##
## Using the above example:
##
## AllowHosts \i.*
##
## You can probably see the difference between the two.
##
## Also, you can use subnet masks, by using prefix "\m"
##
## AllowHosts \m127.0/8
## and
## AllowHosts \m127.0.0.0/24
##
## would match localhost ("127.0.0.1").
##
# DenyHosts evil\.example, aol\.example
# AllowSHosts trusted\.host\.example
# DenySHosts not\.quite\.trusted\.example
# IgnoreRhosts no
# IgnoreRootRHosts no
# (the above, if not set, is defaulted to the value of IgnoreRHosts)
## User restrictions
# AllowUsers sj.*,s[[:digit:]]*,s(jl|amza)
# DenyUsers skuuppa,warezdude,31373
# DenyUsers don@example\.org
# AllowGroups staff,users
# DenyGroups guest,anonymous
# PermitRootLogin yes
# PermitRootLogin nopwd
## Chrooted environment
# ChRootUsers anonymous,ftp,guest
# ChRootGroups sftp,guest
## SSH1 compatibility
# Ssh1Compatibility no
# Sshd1Path
#
# This is given as argument to sshd1 with "-f" if sshd2 is invoked
# with "-f", otherwise the default configuration for sshd1 is used.
# Sshd1ConfigFile /etc/sshd_config_alternate
## Subsystem definitions
# Subsystems do not have defaults, so this is needed here (uncommented).
subsystem-sftp sftp-server
# Also internal SFTP subsystem can be used.
# subsystem-sftp internal://sftp-server
## Subconfiguration
# There are no default subconfiguration files. When specified the last
# obtained keyword value will prevail. Note that the host-specific files
# are read before the user-specific files.
# Following matches (from) any host:
#
# HostSpecificConfig .* /etc/ssh2/subconfig/host_ext.example
#
# Following matches to subnet mask:
#
# HostSpecificConfig \m192.168.0.0/16 /etc/ssh2/subconfig/host_int.example
#
# Following matches to users from ssh.com that have two character
# username or username is sjl and belong to group wheel or wheel[0-9]:
#
# UserSpecificConfig (..|sjl)%wheel[[:digit:]]?@ssh\.com /etc/ssh2/subconfig/user.example
#
# Following matches to the user anonymous from any host:
#
# UserSpecificConfig anonymous@.* /etc/ssh2/subconfig/anonymous.example
