Re: two SSH compatibility scenarios: can it work?

• Next message: Josef Maier: "how can I use dsa key from ssh in putty ? - Please help -"
• Previous message: Bernd Eckenfels: "Re: Fingerprints"
• In reply to: Richard E. Silverman: "Re: two SSH compatibility scenarios: can it work?"
• Next in thread: Nico Kadel-Garcia: "Re: two SSH compatibility scenarios: can it work?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: VS <user@msh.net>
Date: Mon, 16 Sep 2002 01:20:55 -0500

> Generate the key on the Windows side, then use "ssh-keygen -i -f ..." to
> convert the public key with OpenSSH.

I have a situation similar to the one mentioned by the original poster.

I have a Linux box at home running OpenSSH (OpenSSH_3.4p1, SSH protocols
1.5/2.0, OpenSSL 0x0090603f).

The machines in my lab use the version from ssh.com
(ssh: SSH Secure Shell 3.1.0 (non-commercial version) on mips-sgi-irix6.5)

I want to be able to connect either from home to my lab or the other way
around using SSH without using a password.

I have tried several different combinations including trying the above
mentioned conversions. The machines in my lab do not have SSH1 so
reverting to the older version (which might have worked) is not an
option. The config files allow publickey authentication on both sides
(both server and client config files)

Here part of the debug output when I try from the lab to my machine at home

debug: Remote version: SSH-1.99-OpenSSH_3.4p1
debug: Ssh2Transport/trcommon.c:1306: Remote version has rekey
incompatibility bug.
debug: Ssh2Transport/trcommon.c:1308: Remote version is OpenSSH, KEX
guesses disabled.
debug: Ssh2Transport/trcommon.c:1647: lang s to c: `', lang c to s: `'
debug: Ssh2Transport/trcommon.c:1712: c_to_s: cipher aes128-cbc, mac
hmac-sha1, compression none
debug: Ssh2Transport/trcommon.c:1715: s_to_c: cipher aes128-cbc, mac
hmac-sha1, compression none
debug: Remote host key found from database.
debug: Ssh2Common/sshcommon.c:317: Received SSH_CROSS_STARTUP packet
from connection protocol.
debug: Ssh2Common/sshcommon.c:367: Received SSH_CROSS_ALGORITHMS packet
from connection protocol.
debug: server offers auth methods 'publickey,password,keyboard-interactive'.
debug: Ssh2AuthClient/sshauthc.c:315: Method 'publickey' disabled.
debug: server offers auth methods 'publickey,password,keyboard-interactive'.
debug: Ssh2AuthPasswdClient/authc-passwd.c:95: Starting password query...

I'm not sure if the "rekey incompatibility bug" mentioned in the second
line has anything to do with it. Does "Method 'publickey' disabled" mean
that the server has it disabled or that it couldn't authenticate using
that method?

When I try to login from home to my lab this is the relevant part of the
debug output:

debug1: authentications that can continue: publickey,password
debug1: next auth method to try is publickey
debug1: try privkey: /home/user/.ssh/identity
debug1: try pubkey: /home/user/.ssh/id_rsa
debug1: authentications that can continue: publickey,password
debug1: try privkey: /home/user/.ssh/id_dsa
debug1: next auth method to try is password

I don't know why it says "try pubkey: /home/user/.ssh/id_rsa" - id_rsa
is a private key. The other files "identity" and "id_dsa" don't even exist.

I've done ssh_keygen at home and FTPed the pub keys over to my lab. I've
done it the other way also.

I read elsewhere that the keys are not compatible and I had to convert
them. I've tried that too, but am a little confused: will I need to do
that for either of the above scenarios? I'm assuming I should only
convert the public keys and then put them in the appropriate locations.

SSH 3.1.0 also seems to have a different way of specifying the identity
- I am supposed to put entries into an "identification" file to be able
to use ssh to login to a remote machine. I am also supposed to have an
"authorization" file if I want to login to the server from a remote
machine. I've done both, but I'm not sure if I did it correctly - the
man pages aren't very helpful (neither is the sysadmin in my lab! :-)

Any help is appreciated.

Thanks in advance!

-VS
P.S.: Please post responses to the newsgroup and not by email

• Next message: Josef Maier: "how can I use dsa key from ssh in putty ? - Please help -"
• Previous message: Bernd Eckenfels: "Re: Fingerprints"
• In reply to: Richard E. Silverman: "Re: two SSH compatibility scenarios: can it work?"
• Next in thread: Nico Kadel-Garcia: "Re: two SSH compatibility scenarios: can it work?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages SUMMARY: Publickey authentication with ssh ... Basiclly to get public key authentication to work I had to copy ... Subject: Publickey authentication with ssh ... debug: SshAppCommon/sshappcommon.c:185: Allocating global SshRegex context. ... server offers auth methods 'publickey,password'. ... (Tru64-UNIX-Managers) Re: HPs SSH server EAK ... debug: new_connection_callback returning ... AllowedAuthentications publickey ... publickey authentication fails: ... packet from connection protocol. ... (comp.os.vms) SSH_RC_OK error message ? ... When trying to pull a file from a Unix server to an NT server, ... scp2:server offers auth methods 'publickey,password'. ... scp2:Constructing and sending signature in publickey authentication. ... (comp.security.ssh) ssh2 client to openssh server: public key auth failing... ... debug: connecting to wpower... ... debug: ssh_client_wrap: creating transport protocol ... Added "publickey" to usable methods. ... SSH_CROSS_ALGORITHMS packet from connection protocol. ... (comp.security.ssh)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint