login with public keys

From: Denis Heitbrock (denis.heitbrock_at_surfacepreparation.de)
Date: 02/10/04

  • Next message: Kemi Olaofe: "RE: sftp-server on solaris8" 
    To: <secureshell@securityfocus.com>
Date: Tue, 10 Feb 2004 09:54:22 +0100

    hi,

    i got a little problem when i want to login from a w2k client with f-secure
    ssh client to a redhat server with openssh (3.4p1-7). i created on my client
    pc a 2048bit rsa key and copied into /root/.ssh/authorized_keys file. my
    loginname under w2k is heitbrock but i want to login on the openssh server
    as root. when i want to login with the client i cant login. where is my
    mistake? thxxx for help

    greetz
    denis

    W2k Client:
    C:\Programme\F-Secure\Ssh>ssh2 -l root 172.24.90.2 -vvv
    debug: Connecting to 172.24.90.2, port 22... (SOCKS not used)
    debug: Entering event loop.
    debug: Creating transport protocol.
    debug: Added "securid-1@ssh.com" to usable methods.
    debug: Added "publickey" to usable methods.
    debug: Added "password" to usable methods.
    debug: Creating userauth protocol.
    debug: client supports 3 auth methods:
    'securid-1@ssh.com,publickey,password'
    debug: local ip = 172.24.90.198, local port = 1289
    debug: remote ip = 172.24.90.2, remote port = 22
    debug: Wrapping...
    debug: Remote version: SSH-2.0-OpenSSH_3.4p1
    debug: Remote version has rekey incompatibility bug.
    debug: Remote version is OpenSSH, KEX guesses disabled.
    debug: lang s to c: `', lang c to s: `'
    debug: c_to_s: cipher 3des-cbc, mac hmac-sha1, compression none
    debug: s_to_c: cipher 3des-cbc, mac hmac-sha1, compression none
    debug: Remote host key found from database.
    debug: Received SSH_CROSS_STARTUP packet from connection protocol.
    debug: Received SSH_CROSS_ALGORITHMS packet from connection protocol.
    debug: server offers auth methods 'publickey,password,keyboard-interactive'.
    debug: adding keyfile "C:\Dokumente und
    Einstellungen\Heitbrock\Anwendungsdaten\
    F-Secure SSH\userkeys\WS90198" to candidates
    debug: server offers auth methods 'publickey,password,keyboard-interactive'.
    debug: Method 'publickey' disabled.
    debug: server offers auth methods 'publickey,password,keyboard-interactive'.
    debug: Starting password query...
    root's password:

    sshd_config file:
    #Port 22
    Protocol 2
    #ListenAddress 0.0.0.0
    #ListenAddress ::

    # HostKey for protocol version 1
    #HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    #HostKey /etc/ssh/ssh_host_rsa_key
    #HostKey /etc/ssh/ssh_host_dsa_key

    # Lifetime and size of ephemeral version 1 server key
    #KeyRegenerationInterval 3600
    #ServerKeyBits 768

    # Logging
    #obsoletes QuietMode and FascistLogging
    #SyslogFacility AUTH
    SyslogFacility AUTHPRIV
    #LogLevel INFO

    # Authentication:

    #LoginGraceTime 600
    #PermitRootLogin yes
    #StrictModes yes

    #RSAAuthentication yes
    #PubkeyAuthentication yes
    #AuthorizedKeysFile .ssh/authorized_keys

    # rhosts authentication should not be used
    #RhostsAuthentication no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes
    # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no

    # To disable tunneled clear text passwords, change to no here!
    #PasswordAuthentication yes
    #PermitEmptyPasswords no

    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes

    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes

    #AFSTokenPassing no

    # Kerberos TGT Passing only works with the AFS kaserver
    #KerberosTgtPassing no

    # Set this to 'yes' to enable PAM keyboard-interactive authentication
    # Warning: enabling this may bypass the setting of 'PasswordAuthentication'
    #PAMAuthenticationViaKbdInt yes

    #X11Forwarding no
    X11Forwarding yes
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PrintMotd yes
    #PrintLastLog yes
    #KeepAlive yes
    #UseLogin no
    #UsePrivilegeSeparation yes
    #Compression yes

    #MaxStartups 10
    # no default banner path
    #Banner /some/path
    #VerifyReverseMapping no

    # override default of no subsystems
    Subsystem sftp /usr/libexec/openssh/sftp-server

  • Next message: Kemi Olaofe: "RE: sftp-server on solaris8"

    Relevant Pages

    • Password authentication fails: SSH secure shell to openssh server
      ... Can connect to OpenSSH server from openSSH client but not from ... SSH Secure Shell Client ... debug: Ssh2/ssh2.c:2121/main: Entering event loop. ...
      (SSH)
    • Connect to a linux box from Windows using RSA authentication
      ... transferred the public key to ... On the client I've got IdKey key in the identification file. ... debug: server offers auth methods 'publickey,password,keyboard-interactive'. ...
      (SSH)
    • Remote Debugging Issue With VS2005
      ... VS2003 on XP HOME to a Server with XP PRO. ... created same user/pwd with admin rights for client & Server. ... modified the DCOM security to allow remote access to Anonymous login ... when i try to debug I have the error message ["Access is denied", ...
      (microsoft.public.vsnet.debugging)
    • Remote Debugging Issue VS2005 (works fine with VS2003)
      ... I fought very hard and succeed to do a remote debug from a client ... VS2003 on XP HOME to a Server with XP PRO. ...
      (microsoft.public.dotnet.languages.csharp)
    • Gesucht - Virensoftware die funktioniert
      ... Server specifications ... - winmsd output from the OSCE server ... To turn on the server debug program: ... Setting window appears 3. select the Enable debug log check box. ...
      (microsoft.public.de.german.exchange2000.general)