Hi,
I've just experienced a strange problem with OpenSSH. Scenario:
/etc/ssh/sshd_config: PermitRootLogin without-password
=> root login with ssh keys works, as expected.
I've created another user, uid 1000, on the same box, and copied root's
authorized_keys file over, adjusted ownership, permissions etc...
=> SSH login (from the same remote user) does _NOT_ work.
I've added that user to the group 'wheel'
=> SSH login works
I've removed said user from the group 'wheel'
=> SSH login no longer works
In sshd(8), there is no mentioning of key login requiring wheel
membership.
This is what a non-working login attempt looks like on the server
side. SSH asks for a password (this is locked):
# /usr/sbin/sshd -u0 -d -e
debug1: sshd version OpenSSH_4.8
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-u0'
debug1: rexec_argv[2]='-d'
debug1: rexec_argv[3]='-e'
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: fd 6 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 9
debug1: sshd version OpenSSH_4.8
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: inetd sockets after dupping: 4, 4
Connection from 192.168.1.6 port 37071
debug1: Client protocol version 2.0; client software version OpenSSH_4.3p2 Debian-9etch2
debug1: match: OpenSSH_4.3p2 Debian-9etch2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.8
debug1: permanently_set_uid: 27/27
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT se...
