RSA keys v.1 vs v.2
From: Chris Smith (chris.smith@swri.org)Date: 12/12/01
- Next message: Bit Twister: "Re: SSH based worm???"
- Previous message: grimm: "Re: X11 on Mac OS X: ssh forwarding"
- Next in thread: Richard Silverman: "Re: RSA keys v.1 vs v.2"
- Reply: Richard Silverman: "Re: RSA keys v.1 vs v.2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Chris Smith <chris.smith@swri.org> Date: Wed, 12 Dec 2001 10:19:02 -0600
I am trying to use the automatic login capability using
ssh-agent and ssh-add between a freebsd cleint and a Linux
server. I've gotten it to work, but it does not behave the
way I expect. On the linux server if I do
ssh-agent bash
ssh-add
ssh localhost
this works and ssh-add adds both the identity key and the
id_dsa key and uses the id_dsa key when logging in (i
think). It will not allow a logon using only the identity
key.
when i do the following on freebsd
ssh-agent tcsh
ssh-add
ssh remotehost
it only adds the identity key and uses the identity key when
logging in. it doesnot allow a logon using only the id_dsa
key.
in both cases i have tried manually using the individual
keys and the two cases behave differently using the same
server. my question is why? There are slightly different
versions of ssh/openssl on the two machines, but they are
both version 2.9 or greater
cbspc% ssh -V
OpenSSH_2.9 FreeBSD localisations 20010713, SSH protocols
1.5/2.0, OpenSSL 0x0090601f
[csmith@cbsdc0743 csmith]$ ssh -V
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
This is not a serious problem it just makes keeping up with
keys more complicated and points out a hole in my knowledge.
Can anyone explain what might be going on here? Is there a
configuration option I missed?
Thanks for whatever help you can give,
chris
very long log showing both logons..
----------------------------------------------------------
cbspc% ssh-agent tcsh
cbspc% ssh-add
Need passphrase for /home/csmith/.ssh/identity
Enter passphrase for csmith@cbspc:
Identity added: /home/csmith/.ssh/identity (csmith@cbspc)
cbspc% ssh -v cbspc2
OpenSSH_2.9 FreeBSD localisations 20010713, SSH protocols
1.5/2.0, OpenSSL 0x0090601f
debug1: Reading configuration data /home/csmith/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port
will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 205 geteuid 205 anon 1
debug1: Connecting to cbspc2 [129.162.160.180] port 22.
debug1: temporarily_use_uid: 205/200 (e=205)
debug1: restore_uid
debug1: temporarily_use_uid: 205/200 (e=205)
debug1: restore_uid
debug1: Connection established.
debug1: identity file /home/csmith/.ssh/identity type 0
debug1: identity file /home/csmith/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software
version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
debug1: Local version string SSH-1.5-OpenSSH_2.9 FreeBSD
localisations 20010713
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key
(1024 bits).
debug1: Host 'cbspc2' is known and matches the RSA1 host
key.
debug1: Found key in /home/csmith/.ssh/known_hosts:10
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying RSA authentication via agent with
'csmith@cbspc.electro.swri.edu'
debug1: Received RSA challenge from server.
debug1: Sending response to RSA challenge.
debug1: Remote: RSA authentication accepted.
debug1: RSA authentication accepted by server.
debug1: Requesting pty.
debug1: Requesting X11 forwarding with authentication
spoofing.
debug1: Requesting shell.
debug1: Entering interactive session.
Last login: Wed Dec 12 09:53:49 2001 from cbspc
[csmith@cbsdc0743 csmith]$ ssh-agent bash
[csmith@cbsdc0743 csmith]$ ssh-add
Need passphrase for /home/csmith/.ssh/id_dsa
Enter passphrase for /home/csmith/.ssh/id_dsa
Identity added: /home/csmith/.ssh/id_dsa (dsa w/o comment)
Identity added: /home/csmith/.ssh/identity
(csmith@cbsdc0743)
[csmith@cbsdc0743 csmith]$ ssh -v localhost
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port
will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 500 geteuid 0 anon 1
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: temporarily_use_uid: 500/500 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 500/500 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/csmith/.ssh/identity type 0
debug1: Remote protocol version 1.99, remote software
version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 135/256
debug1: bits set: 1066/2049
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Forcing accepting of host key for
loopback/localhost.
debug1: bits set: 1046/2049
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: userauth_pubkey_agent: testing agent key dsa w/o
comment
debug1: input_userauth_pk_ok: pkalg ssh-dss blen 433 lastkey
0x8091d28 hint -1
debug1: ssh-userauth2 successful: method publickey
debug1: channel 0: new [client-session]
debug1: channel_new: 0
debug1: send channel open 0
debug1: Entering interactive session.
debug1: client_init id 0 arg 0
debug1: Requesting X11 forwarding with authentication
spoofing.
debug1: channel request 0: shell
debug1: channel 0: open confirm rwindow 0 rmax 16384
Last login: Wed Dec 12 10:03:51 2001 from cbspc
[csmith@cbsdc0743 csmith]$
- Next message: Bit Twister: "Re: SSH based worm???"
- Previous message: grimm: "Re: X11 on Mac OS X: ssh forwarding"
- Next in thread: Richard Silverman: "Re: RSA keys v.1 vs v.2"
- Reply: Richard Silverman: "Re: RSA keys v.1 vs v.2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
