Re: OpenSSH protocol 2 won't use identity file
From: Ben Lindstrom (mouring@etoh.eviladmin.org)
Date: 12/12/02
- Previous message: SBONNET@mediametrie.fr: "Resp: secureCRT to linux openssh authenticate failed"
- In reply to: Adam Cioccarelli: "OpenSSH protocol 2 won't use identity file"
- Next in thread: Wilson, Richard E: "RE: OpenSSH protocol 2 won't use identity file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 12 Dec 2002 11:57:20 -0600 (CST) From: Ben Lindstrom <mouring@etoh.eviladmin.org> To: Adam Cioccarelli <alciocca@yahoo.com.au>
v2 protocol only uses id_rsa and id_dsa. If you want indentity to be used
you must do "ssh -1 site.com" or add a host line to your ssh_config that
states to use protocol 1.
- Ben
On Wed, 11 Dec 2002, [iso-8859-1] Adam Cioccarelli wrote:
> Hi,
>
> we are in the process of upgrading our solaris boxes
> from ssh 1.2.32 using SSH protocol 1 to OpenSSH 3.4p1
> using both SSH protocol 1 and SSH protocol 2. However
> after the upgrade users using a protocol 2 client are
> no longer asked for the passphrase of their
> ~/.ssh/identity file, they are asked for their user
> password on the server. Is it not possible to use the
> old indentity file?
>
> It seems that it isn't even looking for an identity
> file. Am I doing something wrong or is this normal?
>
> -Adam
>
>
> ssh -v -v -v localhost
> OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL
> 0x0090605f
> debug1: Reading configuration data
> /usr/local/etc/ssh_config
> debug1: Applying options for *
> debug3: cipher ok: aes128-cbc
> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfou
> r,aes192-cbc,aes256-cbc]
> debug3: cipher ok: 3des-cbc
> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
> aes192-cbc,aes256-cbc]
> debug3: cipher ok: blowfish-cbc
> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcf
> our,aes192-cbc,aes256-cbc]
> debug3: cipher ok: cast128-cbc
> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfo
> ur,aes192-cbc,aes256-cbc]
> debug3: cipher ok: arcfour
> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,a
> es192-cbc,aes256-cbc]
> debug3: cipher ok: aes192-cbc
> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfou
> r,aes192-cbc,aes256-cbc]
> debug3: cipher ok: aes256-cbc
> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfou
> r,aes192-cbc,aes256-cbc]
> debug3: ciphers ok:
> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-c
> bc,aes256-cbc]
> debug1: Rhosts Authentication disabled, originating
> port will not be trusted.
> debug1: ssh_connect: needpriv 0
> debug1: Connecting to localhost [::1] port 22.
> ssh: connect to address ::1 port 22: Network is
> unreachable
> debug1: Connecting to localhost [127.0.0.1] port 22.
> debug1: Connection established.
> debug1: identity file
> /usr/local/home/cioccaad/.ssh/identity type 0
> debug1: identity file
> /usr/local/home/cioccaad/.ssh/id_rsa type -1
> debug1: identity file
> /usr/local/home/cioccaad/.ssh/id_dsa type -1
> debug1: Remote protocol version 1.99, remote software
> version OpenSSH_3.4p1
> debug1: match: OpenSSH_3.4p1 pat OpenSSH*
> Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.4p1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group
> 1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,ae
> s192-cbc,aes256-cbc
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,ae
> s192-cbc,aes256-cbc
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openss
> h.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openss
> h.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none
> debug2: kex_parse_kexinit: none
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group
> 1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,ae
> s192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,ae
> s192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openss
> h.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openss
> h.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none
> debug2: kex_parse_kexinit: none
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: dh_gen_key: priv key bits set: 129/256
> debug1: bits set: 1562/3191
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug3: check_host_in_hostfile: filename
> /usr/local/home/cioccaad/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 148
> debug1: Host 'localhost' is known and matches the RSA
> host key.
> debug1: Found key in
> /usr/local/home/cioccaad/.ssh/known_hosts:148
> debug1: bits set: 1639/3191
> debug1: ssh_rsa_verify: signature correct
> debug1: kex_derive_keys
> debug1: newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: waiting for SSH2_MSG_NEWKEYS
> debug1: newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: done: ssh_kex2.
> debug1: send SSH2_MSG_SERVICE_REQUEST
> debug1: service_accept: ssh-userauth
> debug1: got SSH2_MSG_SERVICE_ACCEPT
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive
> debug3: start over, passed a different list
> publickey,password,keyboard-interactiv
> e
> debug3: preferred
> publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred:
> keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: next auth method to try is publickey
> debug1: try privkey:
> /usr/local/home/cioccaad/.ssh/id_rsa
> debug3: no such identity:
> /usr/local/home/cioccaad/.ssh/id_rsa
> debug1: try privkey:
> /usr/local/home/cioccaad/.ssh/id_dsa
> debug3: no such identity:
> /usr/local/home/cioccaad/.ssh/id_dsa
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup keyboard-interactive
> debug3: remaining preferred: password
> debug3: authmethod_is_enabled keyboard-interactive
> debug1: next auth method to try is
> keyboard-interactive
> debug2: userauth_kbdint
> debug2: we sent a keyboard-interactive packet, wait
> for reply
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive
> debug3: userauth_kbdint: disable: no info_req_seen
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup password
> debug3: remaining preferred:
> debug3: authmethod_is_enabled password
> debug1: next auth method to try is password
> cioccaad@localhost's password:
>
> http://greetings.yahoo.com.au - Yahoo! Greetings
> - Send your seasons greetings online this year!
>
- Next message: Ray Thompson: "RE: Passwordless ssh, "once and for all"..."
- Previous message: SBONNET@mediametrie.fr: "Resp: secureCRT to linux openssh authenticate failed"
- In reply to: Adam Cioccarelli: "OpenSSH protocol 2 won't use identity file"
- Next in thread: Wilson, Richard E: "RE: OpenSSH protocol 2 won't use identity file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
