Problem using ssh protocol 2 dsa

From: Marius Roets (Marius.Roets@eskom.co.za)
Date: 04/22/03

  • Next message: snake: "Re: Open SSH v3.6.1p1"
    Date: Tue, 22 Apr 2003 11:32:14 +0200
    From: "Marius Roets" <Marius.Roets@eskom.co.za>
    To: <secureshell@securityfocus.com>
    
    

    Hi Everybody,
    I am fairly new to the ssh protocol, so I hope this not a stupid
    question, but I have exhausted all my resources without finding an
    answer.
    I have 2 Linux machines, AA and BB. I want to log into AA from BB
    without using a password. I have have often done this using protocol 1,
    but because of things beyond my control I have to use protocol 2 now. I
    created the dsa keys on BB for user mroets. I copied this public key to
    authorized_keys2 on AA for 2 users, mroets and eskdx. Now comes the
    problems. If I do ssh mroets@AA it works fine, but if I do ssh eskdx@AA
    it doesn't. In the latter case ssh asks for a password (the operating
    system password). If you give the password, it works, but I don't want
    it to work that way.

    I have tried all settings I can think of and are out of ideas. Any help
    will be appreciated.

    I have added the results of the failing and succeeding ssh attempt
    below.

    Thanks
    Marius Roets

    :~> ssh -v -v -v eskdx@AA
    OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Seeding random number generator
    debug1: Rhosts Authentication disabled, originating port will not be
    trusted.
    debug1: restore_uid
    debug1: ssh_connect: getuid 500 geteuid 0 anon 1
    debug1: Connecting to 147.110.*.* [147.110.*.*] port 22.
    debug1: temporarily_use_uid: 500/100 (e=0)
    debug1: restore_uid
    debug1: temporarily_use_uid: 500/100 (e=0)
    debug1: restore_uid
    debug1: Connection established.
    debug1: read PEM private key done: type DSA
    debug1: read PEM private key done: type RSA
    debug1: identity file /home/mroets/.ssh/id_rsa type -1
    debug3: No RSA1 key file /home/mroets/.ssh/id_dsa.
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug3: key_read: no key found
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug2: key_type_from_name: unknown key type '-----END'
    debug3: key_read: no key found
    debug1: identity file /home/mroets/.ssh/id_dsa type 2
    debug1: Remote protocol version 2.0, remote software version
    OpenSSH_2.9p1
    debug1: match: OpenSSH_2.9p1 pat ^OpenSSH
    Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_2.9p2
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit:
    diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none
    debug2: kex_parse_kexinit: none
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit:
    diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-dss
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_init: found hmac-md5
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug2: mac_init: found hmac-md5
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: dh_gen_key: priv key bits set: 133/256
    debug1: bits set: 1062/2049
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug3: check_host_in_hostfile: filename /home/mroets/.ssh/known_hosts2
    debug3: check_host_in_hostfile: match line 4
    debug1: Host '147.110.*.*' is known and matches the DSA host key.
    debug1: Found key in /home/mroets/.ssh/known_hosts2:4
    debug1: bits set: 1039/2049
    debug1: len 55 datafellows 0
    debug1: ssh_dss_verify: signature correct
    debug1: kex_derive_keys
    debug1: newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: waiting for SSH2_MSG_NEWKEYS
    debug1: newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: done: ssh_kex2.
    debug1: send SSH2_MSG_SERVICE_REQUEST
    debug1: service_accept: ssh-userauth
    debug1: got SSH2_MSG_SERVICE_ACCEPT
    debug1: authentications that can continue:
    publickey,password,keyboard-interactive
    debug3: start over, passed a different list
    publickey,password,keyboard-interactive
    debug3: preferred publickey,password,keyboard-interactive
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: password,keyboard-interactive
    debug3: authmethod_is_enabled publickey
    debug1: next auth method to try is publickey
    debug1: try privkey: /home/mroets/.ssh/id_rsa
    debug3: no such identity: /home/mroets/.ssh/id_rsa
    debug1: try pubkey: /home/mroets/.ssh/id_dsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: authentications that can continue:
    publickey,password,keyboard-interactive
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup password
    debug3: remaining preferred: keyboard-interactive
    debug3: authmethod_is_enabled password
    debug1: next auth method to try is password
    eskdx@147.110.*.*'s password:

    AND HERE IS THE SUCCESSFUL LOGIN:

    :~> ssh -v -v -v mroets@AA
    OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Seeding random number generator
    debug1: Rhosts Authentication disabled, originating port will not be
    trusted.
    debug1: restore_uid
    debug1: ssh_connect: getuid 500 geteuid 0 anon 1
    debug1: Connecting to 147.110.*.* [147.110.*.*] port 22.
    debug1: temporarily_use_uid: 500/100 (e=0)
    debug1: restore_uid
    debug1: temporarily_use_uid: 500/100 (e=0)
    debug1: restore_uid
    debug1: Connection established.
    debug1: read PEM private key done: type DSA
    debug1: read PEM private key done: type RSA
    debug1: identity file /home/mroets/.ssh/id_rsa type -1
    debug3: No RSA1 key file /home/mroets/.ssh/id_dsa.
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug3: key_read: no key found
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug2: key_type_from_name: unknown key type '-----END'
    debug3: key_read: no key found
    debug1: identity file /home/mroets/.ssh/id_dsa type 2
    debug1: Remote protocol version 2.0, remote software version
    OpenSSH_2.9p1
    debug1: match: OpenSSH_2.9p1 pat ^OpenSSH
    Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_2.9p2
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit:
    diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none
    debug2: kex_parse_kexinit: none
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit:
    diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-dss
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_init: found hmac-md5
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug2: mac_init: found hmac-md5
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: dh_gen_key: priv key bits set: 128/256
    debug1: bits set: 1080/2049
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug3: check_host_in_hostfile: filename /home/mroets/.ssh/known_hosts2
    debug3: check_host_in_hostfile: match line 4
    debug1: Host '147.110.*.*' is known and matches the DSA host key.
    debug1: Found key in /home/mroets/.ssh/known_hosts2:4
    debug1: bits set: 1006/2049
    debug1: len 55 datafellows 0
    debug1: ssh_dss_verify: signature correct
    debug1: kex_derive_keys
    debug1: newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: waiting for SSH2_MSG_NEWKEYS
    debug1: newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: done: ssh_kex2.
    debug1: send SSH2_MSG_SERVICE_REQUEST
    debug1: service_accept: ssh-userauth
    debug1: got SSH2_MSG_SERVICE_ACCEPT
    debug1: authentications that can continue:
    publickey,password,keyboard-interactive
    debug3: start over, passed a different list
    publickey,password,keyboard-interactive
    debug3: preferred publickey,password,keyboard-interactive
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: password,keyboard-interactive
    debug3: authmethod_is_enabled publickey
    debug1: next auth method to try is publickey
    debug1: try privkey: /home/mroets/.ssh/id_rsa
    debug3: no such identity: /home/mroets/.ssh/id_rsa
    debug1: try pubkey: /home/mroets/.ssh/id_dsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: input_userauth_pk_ok: pkalg ssh-dss blen 434 lastkey 0x8114ce0
    hint 1
    debug2: input_userauth_pk_ok: fp
    e0:e2:b0:b6:7a:b9:4c:42:5a:ca:4a:99:11:47:46:d3
    debug3: sign_and_send_pubkey
    debug1: read PEM private key done: type DSA
    debug1: sig size 20 20
    debug1: ssh-userauth2 successful: method publickey
    debug3: clear hostkey 0
    debug3: clear hostkey 1
    debug3: clear hostkey 2
    debug1: channel 0: new [client-session]
    debug1: channel_new: 0
    debug1: send channel open 0
    debug1: Entering interactive session.
    debug2: callback start
    debug1: client_init id 0 arg 0
    debug2: tty_make_modes: ospeed 38400
    debug2: tty_make_modes: ispeed 38400
    debug2: tty_make_modes: 1 3
    debug2: tty_make_modes: 2 28
    debug2: tty_make_modes: 3 127
    debug2: tty_make_modes: 4 21
    debug2: tty_make_modes: 5 4
    debug2: tty_make_modes: 6 0
    debug2: tty_make_modes: 7 0
    debug2: tty_make_modes: 8 17
    debug2: tty_make_modes: 9 19
    debug2: tty_make_modes: 10 26
    debug2: tty_make_modes: 12 18
    debug2: tty_make_modes: 13 23
    debug2: tty_make_modes: 14 22
    debug2: tty_make_modes: 18 15
    debug2: tty_make_modes: 30 0
    debug2: tty_make_modes: 31 0
    debug2: tty_make_modes: 32 0
    debug2: tty_make_modes: 33 0
    debug2: tty_make_modes: 34 0
    debug2: tty_make_modes: 35 0
    debug2: tty_make_modes: 36 1
    debug2: tty_make_modes: 37 0
    debug2: tty_make_modes: 38 1
    debug2: tty_make_modes: 39 0
    debug2: tty_make_modes: 40 0
    debug2: tty_make_modes: 41 0
    debug2: tty_make_modes: 50 1
    debug2: tty_make_modes: 51 1
    debug2: tty_make_modes: 52 0
    debug2: tty_make_modes: 53 1
    debug2: tty_make_modes: 54 1
    debug2: tty_make_modes: 55 1
    debug2: tty_make_modes: 56 0
    debug2: tty_make_modes: 57 0
    debug2: tty_make_modes: 58 0
    debug2: tty_make_modes: 59 1
    debug2: tty_make_modes: 60 1
    debug2: tty_make_modes: 61 1
    debug2: tty_make_modes: 62 0
    debug2: tty_make_modes: 70 1
    debug2: tty_make_modes: 71 0
    debug2: tty_make_modes: 72 1
    debug2: tty_make_modes: 73 0
    debug2: tty_make_modes: 74 0
    debug2: tty_make_modes: 75 0
    debug2: tty_make_modes: 90 1
    debug2: tty_make_modes: 91 1
    debug2: tty_make_modes: 92 0
    debug2: tty_make_modes: 93 0
    debug1: channel request 0: shell
    debug2: callback done
    debug1: channel 0: open confirm rwindow 0 rmax 16384
    debug2: channel 0: rcvd adjust 32768

    Marius Roets

    Senior Support and Development Analyst
    Power Exchange
    Eskom Transmission
    South Africa
    Tel: +27 11 871 3749
    Fax: +27 11 871 3304
    Pax: 8181 3749
    Cell: +27 83 626 1727


  • Next message: snake: "Re: Open SSH v3.6.1p1"

    Relevant Pages