Michael,
Thanks for your replies, and for your terrific work in making Affa. Obviously, I don't understand much detail of the problem, but I'm trying to learn, and below are some possible clues (if I'm looking in some of the right places).
So, I did as you said:
[root@sme2 ~]# affa --send-keys 192.168.111.1
root@192.168.111.1's password:
DSA keys sent to 192.168.111.1
[root@sme2 ~]# ssh 192.168.111.1 true; echo $?
root@192.168.111.1's password:
0
[root@sme2 ~]#
So it seems that my affa box sees a successful sending of keys, but my prod box is silently not accepting a DSA key login?
In Server Manager on the prod box under Security | Remote Access | Secure Shell Settings, I have all along had the following settings:
__Secure shell access: Allow access only from local networks
__Allow admin. CL access over secure shell: Yes
__Allow secure shell access using standard passwords: Yes
Just now, hoping to thunk some new behaviour out of the system, I changed the last one (std. pw) to: No
and then tried again:
[root@sme2 ~]# ssh 192.168.111.1 true; echo $?
Permission denied (publickey).
255
Is that saying that a key-based login has been denied?
In /root/.ssh/known_hosts on my prod box, I see an entry for my affa box:
192.168.111.2 ssh-rsa AAAAB3NzaC1y....etc
but nothing about ssh-dsa. Should I?
And in /root/.ssh/authorized_keys2 (there is no file called 'authorized_keys'), I see 3 copies of:
ssh-dss AAAAB3NzaC1kc3M....etc root@sme2
Does any of this help? What else can I provide? Of course you are welcome to tell me to resolve my ssh problems elsewhere, and come back if I need any help with Affa