Re: OpenSSH protocol 2 won't use identity file

From: Ben Lindstrom (mouring@etoh.eviladmin.org)
Date: 12/12/02

  • Next message: Ray Thompson: "RE: Passwordless ssh, "once and for all"..."
    Date: Thu, 12 Dec 2002 11:57:20 -0600 (CST)
    From: Ben Lindstrom <mouring@etoh.eviladmin.org>
    To: Adam Cioccarelli <alciocca@yahoo.com.au>
    
    

    v2 protocol only uses id_rsa and id_dsa. If you want indentity to be used
    you must do "ssh -1 site.com" or add a host line to your ssh_config that
    states to use protocol 1.

    - Ben

    On Wed, 11 Dec 2002, [iso-8859-1] Adam Cioccarelli wrote:

    > Hi,
    >
    > we are in the process of upgrading our solaris boxes
    > from ssh 1.2.32 using SSH protocol 1 to OpenSSH 3.4p1
    > using both SSH protocol 1 and SSH protocol 2. However
    > after the upgrade users using a protocol 2 client are
    > no longer asked for the passphrase of their
    > ~/.ssh/identity file, they are asked for their user
    > password on the server. Is it not possible to use the
    > old indentity file?
    >
    > It seems that it isn't even looking for an identity
    > file. Am I doing something wrong or is this normal?
    >
    > -Adam
    >
    >
    > ssh -v -v -v localhost
    > OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL
    > 0x0090605f
    > debug1: Reading configuration data
    > /usr/local/etc/ssh_config
    > debug1: Applying options for *
    > debug3: cipher ok: aes128-cbc
    > [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfou
    > r,aes192-cbc,aes256-cbc]
    > debug3: cipher ok: 3des-cbc
    > [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
    > aes192-cbc,aes256-cbc]
    > debug3: cipher ok: blowfish-cbc
    > [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcf
    > our,aes192-cbc,aes256-cbc]
    > debug3: cipher ok: cast128-cbc
    > [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfo
    > ur,aes192-cbc,aes256-cbc]
    > debug3: cipher ok: arcfour
    > [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,a
    > es192-cbc,aes256-cbc]
    > debug3: cipher ok: aes192-cbc
    > [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfou
    > r,aes192-cbc,aes256-cbc]
    > debug3: cipher ok: aes256-cbc
    > [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfou
    > r,aes192-cbc,aes256-cbc]
    > debug3: ciphers ok:
    > [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-c
    > bc,aes256-cbc]
    > debug1: Rhosts Authentication disabled, originating
    > port will not be trusted.
    > debug1: ssh_connect: needpriv 0
    > debug1: Connecting to localhost [::1] port 22.
    > ssh: connect to address ::1 port 22: Network is
    > unreachable
    > debug1: Connecting to localhost [127.0.0.1] port 22.
    > debug1: Connection established.
    > debug1: identity file
    > /usr/local/home/cioccaad/.ssh/identity type 0
    > debug1: identity file
    > /usr/local/home/cioccaad/.ssh/id_rsa type -1
    > debug1: identity file
    > /usr/local/home/cioccaad/.ssh/id_dsa type -1
    > debug1: Remote protocol version 1.99, remote software
    > version OpenSSH_3.4p1
    > debug1: match: OpenSSH_3.4p1 pat OpenSSH*
    > Enabling compatibility mode for protocol 2.0
    > debug1: Local version string SSH-2.0-OpenSSH_3.4p1
    > debug1: SSH2_MSG_KEXINIT sent
    > debug1: SSH2_MSG_KEXINIT received
    > debug2: kex_parse_kexinit:
    > diffie-hellman-group-exchange-sha1,diffie-hellman-group
    > 1-sha1
    > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    > debug2: kex_parse_kexinit:
    > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,ae
    > s192-cbc,aes256-cbc
    > debug2: kex_parse_kexinit:
    > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,ae
    > s192-cbc,aes256-cbc
    > debug2: kex_parse_kexinit:
    > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openss
    > h.com,hmac-sha1-96,hmac-md5-96
    > debug2: kex_parse_kexinit:
    > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openss
    > h.com,hmac-sha1-96,hmac-md5-96
    > debug2: kex_parse_kexinit: none
    > debug2: kex_parse_kexinit: none
    > debug2: kex_parse_kexinit:
    > debug2: kex_parse_kexinit:
    > debug2: kex_parse_kexinit: first_kex_follows 0
    > debug2: kex_parse_kexinit: reserved 0
    > debug2: kex_parse_kexinit:
    > diffie-hellman-group-exchange-sha1,diffie-hellman-group
    > 1-sha1
    > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    > debug2: kex_parse_kexinit:
    > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,ae
    > s192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
    > debug2: kex_parse_kexinit:
    > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,ae
    > s192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
    > debug2: kex_parse_kexinit:
    > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openss
    > h.com,hmac-sha1-96,hmac-md5-96
    > debug2: kex_parse_kexinit:
    > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openss
    > h.com,hmac-sha1-96,hmac-md5-96
    > debug2: kex_parse_kexinit: none
    > debug2: kex_parse_kexinit: none
    > debug2: kex_parse_kexinit:
    > debug2: kex_parse_kexinit:
    > debug2: kex_parse_kexinit: first_kex_follows 0
    > debug2: kex_parse_kexinit: reserved 0
    > debug2: mac_init: found hmac-md5
    > debug1: kex: server->client aes128-cbc hmac-md5 none
    > debug2: mac_init: found hmac-md5
    > debug1: kex: client->server aes128-cbc hmac-md5 none
    > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
    > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    > debug1: dh_gen_key: priv key bits set: 129/256
    > debug1: bits set: 1562/3191
    > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    > debug3: check_host_in_hostfile: filename
    > /usr/local/home/cioccaad/.ssh/known_hosts
    > debug3: check_host_in_hostfile: match line 148
    > debug1: Host 'localhost' is known and matches the RSA
    > host key.
    > debug1: Found key in
    > /usr/local/home/cioccaad/.ssh/known_hosts:148
    > debug1: bits set: 1639/3191
    > debug1: ssh_rsa_verify: signature correct
    > debug1: kex_derive_keys
    > debug1: newkeys: mode 1
    > debug1: SSH2_MSG_NEWKEYS sent
    > debug1: waiting for SSH2_MSG_NEWKEYS
    > debug1: newkeys: mode 0
    > debug1: SSH2_MSG_NEWKEYS received
    > debug1: done: ssh_kex2.
    > debug1: send SSH2_MSG_SERVICE_REQUEST
    > debug1: service_accept: ssh-userauth
    > debug1: got SSH2_MSG_SERVICE_ACCEPT
    > debug1: authentications that can continue:
    > publickey,password,keyboard-interactive
    > debug3: start over, passed a different list
    > publickey,password,keyboard-interactiv
    > e
    > debug3: preferred
    > publickey,keyboard-interactive,password
    > debug3: authmethod_lookup publickey
    > debug3: remaining preferred:
    > keyboard-interactive,password
    > debug3: authmethod_is_enabled publickey
    > debug1: next auth method to try is publickey
    > debug1: try privkey:
    > /usr/local/home/cioccaad/.ssh/id_rsa
    > debug3: no such identity:
    > /usr/local/home/cioccaad/.ssh/id_rsa
    > debug1: try privkey:
    > /usr/local/home/cioccaad/.ssh/id_dsa
    > debug3: no such identity:
    > /usr/local/home/cioccaad/.ssh/id_dsa
    > debug2: we did not send a packet, disable method
    > debug3: authmethod_lookup keyboard-interactive
    > debug3: remaining preferred: password
    > debug3: authmethod_is_enabled keyboard-interactive
    > debug1: next auth method to try is
    > keyboard-interactive
    > debug2: userauth_kbdint
    > debug2: we sent a keyboard-interactive packet, wait
    > for reply
    > debug1: authentications that can continue:
    > publickey,password,keyboard-interactive
    > debug3: userauth_kbdint: disable: no info_req_seen
    > debug2: we did not send a packet, disable method
    > debug3: authmethod_lookup password
    > debug3: remaining preferred:
    > debug3: authmethod_is_enabled password
    > debug1: next auth method to try is password
    > cioccaad@localhost's password:
    >
    > http://greetings.yahoo.com.au - Yahoo! Greetings
    > - Send your seasons greetings online this year!
    >



    Relevant Pages

    • Re: "FOTS1346 Permission denied, please try again"
      ... debug1: Connection established. ... debug3: key_read: missing whitespace ... debug1: no match: 6.0.3.9 SSH Tectia Server ...
      (bit.listserv.ibm-main)
    • Re: Exporting Fsecure private key to OpenSSH
      ... shows that ssh can now indeed read the private key. ... debug1: read PEM private key done: type RSA ... debug2: we sent a publickey packet, ... debug3: key_read: no key found ...
      (comp.security.ssh)
    • help about "certificates" function of openssh 5.4
      ... Is there any detail manual about how to setup ssh user certificates? ... debug3: preferred publickey,keyboard-interactive,password ... debug1: Next authentication method: publickey ... userauth-request for user root service ssh-connection method publickey ...
      (SSH)
    • Re: how to examine ssh problem
      ... 1] I tried ssh from desktop, laptop and other server, the same problem. ... debug2: bits set: 529/1024 ... debug1: expecting SSH2_MSG_NEWKEYS ... debug3: start over, passed a different list publickey,gssapi-with-mic,password ...
      (Debian-User)
    • hp-ux Secure Shell client core dumps
      ... I am in bad luck with the ssh client on HP-UX. ... 25873: debug1: Rhosts Authentication disabled, ... 25873: debug1: Remote protocol version 2.0, ... SSH Secure Shell ...
      (comp.security.ssh)