Re: Openssh 2.9p2-1 and 3.1p1 public key authentication
From: km (kyle.mccain@directvinternet.com)Date: 06/01/02
- Next message: Steve Beaty: "MSSH: a generic Windows 95/98 ssh client"
- Previous message: Richard E. Silverman: "Re: Question about automatically adding hostkey for users"
- In reply to: Eric: "Openssh 2.9p2-1 and 3.1p1 public key authentication"
- Next in thread: Richard E. Silverman: "Re: Openssh 2.9p2-1 and 3.1p1 public key authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: kyle.mccain@directvinternet.com (km) Date: Sat, 01 Jun 2002 04:40:34 GMT
this is the procedure to make a two way set up for only two machines
on client:
$ cd ~/.ssh
$ ssh-keygen -t rsa
$ sftp server
sftp> put id_rsa.pub /home/mydir/.ssh/authorized_keys2
(don't overwrite the existing file if you think you may need it)
sftp> quit
$ ssh server (should not need password)
$ cd .ssh
$ ssh-keygen -t rsa
$ sftp client
sftp> put id_rsa.pub /home/mydir/.ssh/authorized_keys
(no authorized_keys2 for version 3 machine)
sftp> quit
all done.
I just did this and got tripped up on the drop of the '2' on all
files on the v3 sshd.
On 31 May 2002 05:54:13 -0700, eric.chin@pinnacle.co.uk (Eric) wrote:
>Greetings,
>
>I am having problem with public key authentication with OpenSSH
>2.9p2-1 and OpenSSH 3.1p1. Last time I have this problem becuase I did
>use the '-t rsa' when generates the key. This time, I generates the
>key using 'ssh-keygen -t rsa'. I still having problem. What have I
>done wrong ? I don't know what to look for in the debug to point me to
>the solution. Can anyone help ? Any pointer appreciated.
>
>TIA
>
>Eric
>
>Server: running OpenSSH 2.9p2-1
>Client: running OpenSSH 3.1p1
>
>I generated protocal 2 public key on the server. Below is the
>typescript:
>===
>Script started on Thu May 30 14:33:18 2002
>[echin@drsuxadm .ssh]$
>[echin@drsuxadm .ssh]$ ssh-keygen -t rsa
>Generating public/private rsa key pair.
>Enter file in which to save the key (/home/echin/.ssh/id_rsa):
>Enter passphrase (empty for no passphrase):
>Enter same passphrase again:
>Your identification has been saved in /home/echin/.ssh/id_rsa.
>Your public key has been saved in /home/echin/.ssh/id_rsa.pub.
>The key fingerprint is:
>df:de:78:82:d0:e2:19:7d:11:e8:bf:01:f9:90:17:3e
>echin@drsuxadm.pinnacle.co.uk
>[echin@drsuxadm .ssh]$
>[echin@drsuxadm .ssh]$ exit
>Script done on Thu May 30 14:33:36 2002
>===
>
>I ftpped the id_rsa.pub to the client and renamed it to
>authorized_keys2 in .ssh directory
>
>When I try to connect using 'ssh drsuxadm pwd', I still get prompt for
>the password.
>
>Below is the typpescript on the server in debug mode. I have not make
>any changes to the openssh config file in both the server and client.
>
>Script started on Thu May 30 15:09:42 2002
>[root@drsuxadm /root]#
>[root@drsuxadm /root]# sshd -d
>debug1: Seeding random number generator
>debug1: sshd version OpenSSH_2.9p2
>debug1: private host key: #0 type 0 RSA1
>debug1: read PEM private key done: type RSA
>debug1: private host key: #1 type 1 RSA
>debug1: read PEM private key done: type DSA
>debug1: private host key: #2 type 2 DSA
>debug1: Bind to port 22 on 0.0.0.0.
>Server listening on 0.0.0.0 port 22.
>Generating 768 bit RSA key.
>RSA key generation complete.
>debug1: Server will not fork when running in debugging mode.
>Connection from 172.21.64.132 port 4403
>debug1: Client protocol version 2.0; client software version
>OpenSSH_3.1p1
>debug1: match: OpenSSH_3.1p1 pat ^OpenSSH
>Enabling compatibility mode for protocol 2.0
>debug1: Local version string SSH-1.99-OpenSSH_2.9p2
>debug1: Rhosts Authentication disabled, originating port not trusted.
>debug1: list_hostkey_types: ssh-rsa,ssh-dss
>debug1: SSH2_MSG_KEXINIT sent
>debug1: SSH2_MSG_KEXINIT received
>debug1: kex: client->server aes128-cbc hmac-md5 none
>debug1: kex: server->client aes128-cbc hmac-md5 none
>debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
>debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
>debug1: dh_gen_key: priv key bits set: 122/256
>debug1: bits set: 1019/2049
>debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
>debug1: bits set: 1029/2049
>debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
>debug1: kex_derive_keys
>debug1: newkeys: mode 1
>debug1: SSH2_MSG_NEWKEYS sent
>debug1: waiting for SSH2_MSG_NEWKEYS
>debug1: newkeys: mode 0
>debug1: SSH2_MSG_NEWKEYS received
>debug1: KEX done
>debug1: userauth-request for user echin service ssh-connection method
>none
>debug1: attempt 0 failures 0
>debug1: Starting up PAM with username "echin"
>debug1: PAM setting rhost to "pinky2.pinnacle.co.uk"
>Failed none for echin from 172.21.64.132 port 4403 ssh2
>debug1: userauth-request for user echin service ssh-connection method
>publickey
>debug1: attempt 1 failures 1
>debug1: test whether pkalg/pkblob are acceptable
>debug1: temporarily_use_uid: 500/500 (e=0)
>debug1: restore_uid
>Failed publickey for echin from 172.21.64.132 port 4403 ssh2
>debug1: userauth-request for user echin service ssh-connection method
>keyboard-interactive
>debug1: attempt 2 failures 2
>debug1: keyboard-interactive language devs
>Failed keyboard-interactive for echin from 172.21.64.132 port 4403
>ssh2
>debug1: userauth-request for user echin service ssh-connection method
>password
>debug1: attempt 3 failures 3
>debug1: PAM Password authentication accepted for user "echin"
>Accepted password for echin from 172.21.64.132 port 4403 ssh2
>debug1: Entering interactive session for SSH2.
>debug1: server_init_dispatch_20
>debug1: server_input_channel_open: ctype session rchan 0 win 131072
>max 32768
>debug1: input_session_request
>debug1: channel 0: new [server-session]
>debug1: session_new: init
>debug1: session_new: session 0
>debug1: session_open: channel 0
>debug1: session_open: session 0: link with channel 0
>debug1: server_input_channel_open: confirm sessiondebug1:
>session_by_channel: session 0 channel 0
>debug1: session_input_channel_req: session 0 channel 0 request exec
>reply 0
>debug1: PAM establishing creds
>debug1: fd 7 setting O_NONBLOCK
>debug1: fd 7 IS O_NONBLOCK
>debug1: fd 9 setting O_NONBLOCK
>debug1: Received SIGCHLD.
>debug1: session_by_pid: pid 15086
>debug1: session_exit_message: session 0 channel 0 pid 15086
>debug1: session_exit_message: release channel 0
>debug1: channel 0: write failed
>debug1: channel 0: output open -> closed
>debug1: channel 0: close_write
>debug1: session_free: session 0 pid 15086
>debug1: channel 0: read<=0 rfd 7 len 0
>debug1: channel 0: read failed
>debug1: channel 0: input open -> drain
>debug1: channel 0: close_read
>debug1: channel 0: input: no drain shortcut
>debug1: channel 0: ibuf empty
>debug1: channel 0: input drain -> closed
>debug1: channel 0: send eof
>debug1: channel 0: send close
>debug1: channel 0: rcvd close
>debug1: channel 0: is dead
>debug1: channel_free: channel 0: status: The following connections are
>open:
> #0 server-session (t4 r0 i8/0 o128/0 fd 7/7)
>
>Connection closed by remote host.
>Closing connection to 172.21.64.132
>[root@drsuxadm /root]#
>[root@drsuxadm /root]# exit
>Script done on Thu May 30 15:11:37 2002
- Next message: Steve Beaty: "MSSH: a generic Windows 95/98 ssh client"
- Previous message: Richard E. Silverman: "Re: Question about automatically adding hostkey for users"
- In reply to: Eric: "Openssh 2.9p2-1 and 3.1p1 public key authentication"
- Next in thread: Richard E. Silverman: "Re: Openssh 2.9p2-1 and 3.1p1 public key authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
