F-Secure problem with system trying using pub/priv keys to authenticate back to itself

From: Sean O'Neill (sean@deletethistorespond.seanoneill.deletethistorespond.info)
Date: 04/11/02


From: Sean O'Neill <sean@deletethistorespond.seanoneill.deletethistorespond.info>
Date: Thu, 11 Apr 2002 16:13:04 GMT

Solaris 8 system running ssh: F-Secure-SSH-2.1.0 dss. I noticed
that F-Secure is at 3.0.9 these days. Don't know if this will resolve
this little problem of mine.

Why I'm trying to do this has to do with getting around a firewall
restriction - no I'm not going around security controls. I'm trying
to setup something to use rsync tunneled through ssh using a REMOTE
tunnel for rsync. And rsync is a pain-in-the-neck because it wants to
use RSH or SSH.

I need to get get a login to authenticate right back into itself using
pub/priv keys. BTW, OpenSSH does this with no problems. Keys are
setup correctly for how F-secure wants them. I know this because I
can ssh in using pub/priv keys from remote host into this same login
just fine using OpenSSH.

Basically, want this to work with no password prompts:

perfboy $ ssh localhost
-or-
perfboy $ ssh -l perfboy localhost

What I get debug wise is this:

warning: Development-time debugging not compiled in.
warning: To enable, configure with --enable-debug and recompile.
debug: hostname is '127.0.0.1'.
warning: Development-time debugging not compiled in.
warning: To enable, configure with --enable-debug and recompile.
warning: Development-time debugging not compiled in.
warning: To enable, configure with --enable-debug and recompile.
debug: connecting to 127.0.0.1...
debug: ssh_client_wrap: creating transport protocol
debug: Ssh2Client/sshclient.c:1015/ssh_client_wrap: creating userauth
protocol
debug: entering event loop
debug: Remote version: SSH-1.99-2.1.0 dss F-SECURE SSH
debug: Ssh2Client/sshclient.c:349/keycheck_key_match: Host key found
from database.
debug: Ssh2AuthClient/sshauthc.c:304/ssh_authc_completion_proc: Method
'publickey' disabled.
debug: Ssh2AuthPasswdClient/authc-passwd.c:82/ssh_client_auth_passwd:
Starting password query...
perfboy's password:
 
Here the problem that I see after performing several trusses on the
sshd daemon. When F-Secure gets the "local" connection from this
login and NEVER reads the ~perfboy/.ssh2 stuff. IT READS ROOT's !!!!
That's is totally WHACKED. It only touches the perfboy .ssh2 stuff
only after I've typed in the login password correctly and am about to
get a ksh shell prompt.

The remote pub/priv key login also initially "touches" the root /.ssh2
directory but later on it reads all the information it needs from the
~perfboy/.ssh2 directory and log in with no password correctly.

So why does OpenSSH do this "local" to "local" pub/priv key stuff just
fine and F-Secure forces password authentication (because it never
reads the login your trying to get to .ssh2 information) ?

A confused and PISSED OFF mind wants to know.

--
........................................................
......... ..- -. .. -..- .-. ..- .-.. . ... ............
.-- .. -. -... .-.. --- .-- ... -.. .-. --- --- .-.. ...

Sean O'Neill sean@deletethistorespond.seanoneill.deletethistorespond.info



Relevant Pages

  • scp from script
    ... We use SSH2.0 and I am new to SSH. ... warning: To enable, ... debug: connecting to server1... ... debug: ssh_client_wrap: creating transport protocol ...
    (comp.security.ssh)
  • Re: ssh - cannot log in
    ... If I were using a Linux ssh client, I would turn on the debug option. ... Does Putty have a debug window one could look at which might give clues? ... # Specify the ssh protocols accepted, default was Protocol 2,1 ...
    (Fedora)
  • Re: User SFTP Directory under win2000 server
    ... >>ssh.com wrote the original SSH. ... F-Secure software support has been ... There are reasons that I use OpenSSH exclusively these days. ...
    (comp.security.ssh)
  • Rsync problem
    ... In our Institut i was able to use rsync with ssh for backup my data from PC to linux server. ... debug: SshAuthMethodClient/sshauthmethodc.c:85: Added "keyboard-interactive" to ...
    (comp.security.ssh)
  • Re: How to ssh from AIX to Linux Redhat without prompting for passwd.
    ... You are correct..we are using a commercial ssh. ... we are using publickeys. ... debug: Ssh2/ssh2.c:1956: Entering event loop. ...
    (comp.security.ssh)