Problem wiht SSH - Client Configuration with PUBKEY Authentication
From: Carlo Cardinali (carlo.cardinali@inwind.it)
Date: 03/21/03
- Next message: Simon Tatham: "Re: Can we decrypt ssh session?"
- Previous message: Richard E. Silverman: "Re: ssh -X only for root ??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Carlo Cardinali" <carlo.cardinali@inwind.it> Date: Fri, 21 Mar 2003 09:00:45 +0000 (UTC)
Hi,
I have a problem with pubkey Authentication, with my ssh server.
I have 2 users: pippo and pluto, the IP of my system is: 10.12.105.203
This is my problem,
When I am pippo on my system and I try to change the user in pluto via
ssh, the pubkey Authentication failed,
the pubkey and privkey of the user pippo are stored in $HOME/.ssh/
directory
the keys were produced with the ssh-keygen with this options:
ssh-keygen -t rsa -b 1024 -N ""
then I copied the pubkey of the user pippo into
$HOME/.ssh/authorized_keys2 of the user pluto.
This is the result of the debug when I try to change user in pluto:
[pippo@redlillo .ssh]$
[pippo@redlillo .ssh]$ ssh -v pluto@10.12.105.203
OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: getuid 513 geteuid 0 anon 1
debug1: Connecting to 10.12.105.203 [10.12.105.203] port 22.
debug1: Connection established.
debug1: unknown identity file /home/pippo/.ssh/identity
debug1: identity file /home/pippo/.ssh/identity type -1
debug1: identity file /home/pippo/.ssh/id_rsa type 1
debug1: unknown identity file /home/pippo/.ssh/id_dsa
debug1: identity file /home/pippo/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_2.5.2p2
debug1: match: OpenSSH_2.5.2p2 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.5.2p2
debug1: send KEXINIT
debug1: done
debug1: wait KEXINIT
debug1: got kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug1: got kexinit: ssh-rsa,ssh-dss
debug1: got kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
debug1: got kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
debug1: got kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug1: got kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug1: got kexinit: none,zlib
debug1: got kexinit: none,zlib
debug1: got kexinit:
debug1: got kexinit:
debug1: first kex follow: 0
debug1: reserved: 0
debug1: done
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: Sending SSH2_MSG_KEX_DH_GEX_REQUEST.
debug1: Wait SSH2_MSG_KEX_DH_GEX_GROUP.
debug1: Got SSH2_MSG_KEX_DH_GEX_GROUP.
debug1: dh_gen_key: priv key bits set: 125/256
debug1: bits set: 1007/2049
debug1: Sending SSH2_MSG_KEX_DH_GEX_INIT.
debug1: Wait SSH2_MSG_KEX_DH_GEX_REPLY.
debug1: Got SSH2_MSG_KEXDH_REPLY.
debug1: Host '10.12.105.203' is known and matches the RSA host key.
debug1: Found key in /home/pippo/.ssh/known_hosts2:1
debug1: bits set: 1004/2049
debug1: ssh_rsa_verify: signature correct
debug1: Wait SSH2_MSG_NEWKEYS.
debug1: GOT SSH2_MSG_NEWKEYS.
debug1: send SSH2_MSG_NEWKEYS.
debug1: done: send SSH2_MSG_NEWKEYS.
debug1: done: KEX2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey
debug1: next auth method to try is publickey
debug1: try privkey: /home/pippo/.ssh/identity
debug1: try pubkey: /home/pippo/.ssh/id_rsa
Connection closed by 10.12.105.203
debug1: Calling cleanup 0x8061610(0x0)
[pippo@redlillo .ssh]$
the pubkey/privkey are id_rsa.pub/id_rsa
I Think that the problem is in my ssh_cliet configuration, this is my
ssh_config file:
[pluto@redlillo .ssh]$ more /etc/ssh/ssh_config
# $OpenBSD: ssh_config,v 1.9 2001/03/10 12:53:51 deraadt Exp $
# This is ssh client systemwide configuration file. See ssh(1) for more
# information. This file provides defaults for users, and the values
can
# be changed in per-user configuration files or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for various options
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsAuthentication no
# RhostsRSAAuthentication yes
# RSAAuthentication yes
# PasswordAuthentication yes
# FallBackToRsh no
# UseRsh no
# BatchMode no
# CheckHostIP yes
# StrictHostKeyChecking yes
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_rsa1
# IdentityFile ~/.ssh/id_rsa2
# Port 22
# Protocol 2,1
# Cipher blowfish
# EscapeChar ~
#Host *
# ForwardX11 yes
# Protocol 2,1
[pluto@redlillo .ssh]$
This is my sshd_config:
# $OpenBSD: sshd_config,v 1.34 2001/02/24 10:37:26 deraadt Exp $
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.
#Port 22
Protocol 2
ListenAddress 10.12.105.203
#ListenAddress ::
HostKey /ftpsicuro-bin/OpenSSH/keys/ssh_host_rsa_key
HostKey /ftpsicuro-bin/OpenSSH/keys/ssh_host_dsa_key
ServerKeyBits 1024
#LoginGraceTime 600
#KeyRegenerationInterval 3600
PermitRootLogin yes
#
# Don't read ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
#StrictModes yes
X11Forwarding yes
#X11DisplayOffset 10
#PrintMotd yes
#KeepAlive yes
# Logging
#SyslogFacility AUTHPRIV
#LogLevel INFO
#obsoletes QuietMode and FascistLogging
RhostsAuthentication no
#
# For this to work you will also need host keys in
/etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
RSAAuthentication yes
PubkeyAuthentication yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords yes
# Comment to enable s/key passwords or PAM interactive authentication
# NB. Neither of these are compiled in by default. Please read the
# notes in the sshd(8) manpage before enabling this on a PAM system.
ChallengeResponseAuthentication no
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
#CheckMail yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes
Subsystem sftp /usr/libexec/openssh/sftp-server
[root@redlillo pippo]#
Help ME!!!!
bye
Carlo.
-- Posted via Mailgate.ORG Server - http://www.Mailgate.ORG
- Next message: Simon Tatham: "Re: Can we decrypt ssh session?"
- Previous message: Richard E. Silverman: "Re: ssh -X only for root ??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
