Openindiana Public key SSH issue

Posted by Dark Training on January 8, 2014 tags: | solaris | openindiana

I thought I would throw this one out there as it took me about 30 min to figure this out.
I had an OpenIndiana server that I was working on and I wanted to make a new user that had a public key for access. The problem was that when I tried to connect, it would just come back with the usual "Permission denied (publickey)." error.
Normally, this is because you forgot to set the key permissions correctly:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
But in this case that was not the problem. I even tried to copy the keys to a windows host, used puttygen to convert the key and then putty to load it which gave the following error:
"Server refused public-key signature despite accepting key!"
WTF?
By default, OI does not log like linux does so I had to enable auth logging:
vi /etc/syslog.conf

(uncomment the following line)
auth.notice                     ifdef(`LOGHOST', /var/log/authlog, @loghost)
Now just restart the syslog service:
svcadm restart system-log
Now if you tail -f the authlog file you should see some details:
root@zfs-server:~# tail -f /var/log/authlog
Jan  8 18:29:48 zfs-server sshd[6387]: [ID 7311328 auth.notice] pam_unix_account: sshd-pubkey attempting to validate locked account johnny from 10.1.1.50
Jan  8 18:29:48 zfs-server sshd[6387]: [ID 8000347 auth.notice] Failed publickey for johnny from 10.1.1.50 port 64885 ssh2
See that, it looks like the account was just locked out! Pretty easy to fix this:
passwd -u johnny
That's all it took, hope this helps another admin, if so please feel to let others know in the comments below.