RE: Help with OpenSSH -> SSH2 Server

From: wjnorth (wjnorth_at_earthlink.net)
Date: 05/20/03

Next message: Greg Wooledge: "Re: Help with OpenSSH -> SSH2 Server"

Previous message: Andrew n marshall: "RE: Help with OpenSSH -> SSH2 Server"
Maybe in reply to: Andrew n marshall: "Help with OpenSSH -> SSH2 Server"
Next in thread: dhiraj.2.bhuyan_at_bt.com: "RE: Help with OpenSSH -> SSH2 Server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Andrew n marshall'" <invysibleman@yahoo.com>, "'secureshell'" <secureshell@securityfocus.com>
Date: Tue, 20 May 2003 08:41:16 -0700

What are you trying to do? Key authentication or password challenge?

Those debug1 messages are fine, its trying to associate a public key
with whatever private key you own, to see if it can match them together
and allow authentication through. Remember, the server's authorized_keys
file contains whatever public key you want to use for key based
authentication (there are a couple other ways to go about this, but this
works great). It will read that file and attempt to match a private key
with that public key and allow authentication through. At least, that's
what I understand it to be doing. ;-)

The permission denied message is rather interesting. What do you have
setup in your sshd_config file? Are you attempting to use key based
authentication? If so, how did you set it up?

If you are using authorized_keys for authentication, make sure the file
perms are set to 644, no matter what, openSSH sometimes farckles with
permissions on key stores.

-Wes

-----Original Message-----
From: Andrew n marshall [mailto:invysibleman@yahoo.com]
Sent: Monday, May 19, 2003 12:33 PM
To: secureshell
Subject: RE: Help with OpenSSH -> SSH2 Server

I'm still having the previously mentioned problems. But here is a new
data point... the verbose log. The only thing strange I see is near the
bottom:
  debug1: next auth method to try is publickey
  debug1: try privkey: /Users/user/.ssh/id_rsa
  debug1: try pubkey: /Users/user/.ssh/id_dsa

~/.ssh/id_dsa is a PRIVATE key (the public key would be id_dsa.pub). Why
is it reading it as a pubkey?

I also glanced at the file permissions, and they match my expectations
(600 for private, and 644 for public).

Anm

===================================================

user@client:~/ > ssh -v server
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /Users/user/.ssh/config
debug1: Reading configuration data /sw/etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to server [192.168.208.207] port 22.
debug1: Connection established.
debug1: identity file /Users/amarshal/.ssh/identity type 0
debug1: identity file /Users/amarshal/.ssh/id_rsa type -1
debug1: identity file /Users/amarshal/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version 2.4.0 SSH
Secure Shell (non-commercial)
debug1: match: 2.4.0 SSH Secure Shell (non-commercial) pat 2.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client 3des-cbc hmac-md5 none
debug1: kex: client->server 3des-cbc hmac-md5 none
debug1: dh_gen_key: priv key bits set: 186/384
debug1: bits set: 526/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'nitro' is known and matches the DSA host key.
debug1: Found key in /Users/user/.ssh/known_hosts:1
debug1: bits set: 506/1024
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey
debug1: next auth method to try is publickey
debug1: try privkey: /Users/user/.ssh/id_rsa
debug1: try pubkey: /Users/user/.ssh/id_dsa
debug1: authentications that can continue: publickey
debug1: no more auth methods to try
Permission denied (publickey).
debug1: Calling cleanup 0x17770(0x0)

__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com

Next message: Greg Wooledge: "Re: Help with OpenSSH -> SSH2 Server"

Previous message: Andrew n marshall: "RE: Help with OpenSSH -> SSH2 Server"
Maybe in reply to: Andrew n marshall: "Help with OpenSSH -> SSH2 Server"
Next in thread: dhiraj.2.bhuyan_at_bt.com: "RE: Help with OpenSSH -> SSH2 Server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Ssh with public key authentication
... Ssh with public key authentication ... debug1: Host 'machine1' is known and matches the RSA host key. ... debug3: preferred publickey,keyboard-interactive,password ... debug3: authmethod_is_enabled publickey ...
(RedHat)
multinet public key question
... but authentication fails. ... debug1: Connecting to ... ... debug3: key_read: missing keytype ... debug3: authmethod_is_enabled publickey ...
(comp.os.vms)
Re: setting up passwordless ssh connections
... > debug1: Connection established. ... is that I kept the passphrase used to unlock my private key. ... debug1: Authentications that can continue: publickey ... debug1: Next authentication method: publickey ...
(Fedora)
Public Key authentication not responding to public key?
... I'm having difficulties setting up public key authentication ... debug3: preferred publickey,keyboard-interactive,password ... debug3: authmethod_is_enabled publickey ... debug1: Next authentication method: publickey ...
(comp.security.ssh)
public key authentication problem
... I'm trying to use public key authentication for ssh, ... debug3: preferred publickey,keyboard-interactive,password ... debug3: authmethod_is_enabled publickey ... debug1: Next authentication method: publickey ...
(SSH)