Re: Public Key Authentication

From: Markus Boehmer (markus.boehmer_at_schaefer-shop.de)
Date: 06/27/03 

Date: Fri, 27 Jun 2003 09:19:38 +0200

Richard E Silverman wrote:
>>>>>>"MB" == Markus Boehmer <markus.boehmer@schaefer-shop.de> writes:
>>>>>
>
> MB> Richard E Silverman wrote:
> >> Convert the key format on the server using ssh-keygen -i -f ...
> >> MB> Hi Richard,
>
> MB> thanks for the hint, but this doesn't work.
>
> You definitely need to do this given your situation; perhaps you didn't do
> it right, or you have some other problem. However, since you don't give
> any details about how it "doesn't work," I assume you don't want any more
> help.
>
> http://www.snailbook.com/faq/general-debugging.auto.html
>

Well, I'd like more help and I would appreciate it.
Here ist what I have done so far.
1. I generated an rsa key to test it, but it was the same behaviour.
2. I transferred the rsa key to the server
3. I made: "ssh-keygen -i -f id_rsa_1024_a.pub > marcel"
4. "cat marcel >> authorized-keys"
5. I added the id_rsa_1024_a to the identification file on the
workstation (But I don't know if this file is in the right directory)
6. C:\Dokumente und Einstellungen\NormannM>scp2 -v PUTTY.RND
www@10.19.155.3:.
scp2:SshAppCommon/sshappcommon.c:133: Allocating global SshRegex context.
scp2:Scp2/scp2.c:500: Received error "SSH_FC_OK"., msg: Globbing successful.
scp2:Scp2/scp2.c:564: Starting transfer...
scp2:C:/Dokumente und Einstellungen/NormannM/PUTTY.RND
scp2:SshFCTransfer/sshfc_transfer.c:2969: File list has 2 files.
scp2:SshFCTransfer/sshfc_transfer.c:2518: Not yet connected, or connection
down,
  waiting...
scp2:SshFileCopy/sshfilecopy.c:918: Making local connection.
scp2:SshFCTransfer/sshfc_transfer.c:131: Source file is "raw", and it needs
to b
e parsed.
scp2:SshFCTransfer/sshfc_transfer.c:1318: No connection yet. Waiting...
scp2:SshFCTransfer/sshfc_transfer.c:268: Next source file is C:/Dokumente
und Ei
nstellungen/NormannM/PUTTY.RND .
scp2:SshFCTransfer/sshfc_transfer.c:2518: Not yet connected, or connection
down,
  waiting...
scp2:SshFileCopy/sshfilecopy.c:940: Connecting to remote host. (host =
10.19.155
.3, user = www, port = NULL)
scp2:winProtClient/SshProtocolClient.cpp:241: constructor
scp2:winProtClient/SshProtocolClient.cpp:324: Connect()
scp2:winProtClient/SshProtocolClient.cpp:823: CBConnectDone
scp2:client supports 2 auth methods: 'publickey,password'
scp2:Ssh2Common/sshcommon.c:560: local ip = 10.19.241.10, local port = 2236
scp2:Ssh2Common/sshcommon.c:562: remote ip = 10.19.155.3, remote port = 22
scp2:SshConnection/sshconn.c:1930: Wrapping...
scp2:Remote version: SSH-1.99-OpenSSH_3.4p1
scp2:winProtClient/SshProtocolClient.cpp:449: CBVersionCheck: remote version
'SS
H-1.99-OpenSSH_3.4p1'

scp2:Ssh2Transport/trcommon.c:1306: Remote version has rekey incompatibility
bug
.
scp2:Ssh2Transport/trcommon.c:1309: Remote version is OpenSSH, KEX guesses
disab
led.
scp2:Ssh2Transport/trcommon.c:1648: lang s to c: `', lang c to s: `'
scp2:Ssh2Transport/trcommon.c:1714: c_to_s: cipher aes128-cbc, mac hmac-md5,
com
pression none
scp2:Ssh2Transport/trcommon.c:1717: s_to_c: cipher aes128-cbc, mac hmac-md5,
com
pression none
scp2:winProtHostKey/ProtHostKey.cpp:146: CBKeyCheck
scp2:Ssh2Common/sshcommon.c:318: Received SSH_CROSS_STARTUP packet from
connecti
on protocol.
scp2:Ssh2Common/sshcommon.c:368: Received SSH_CROSS_ALGORITHMS packet from
conne
ction protocol.
scp2:server offers auth methods 'publickey,password,keyboard-interactive'.
scp2:Ssh2AuthPubKeyClient/authc-pubkey.c:1536: adding keyfile "C:\Dokumente
und
Einstellungen\NormannM\Application Data\SSH\UserKeys\id_rsa_1024_a" to
candidate
s
scp2:server offers auth methods 'publickey,password,keyboard-interactive'.
scp2:Ssh2AuthClient/sshauthc.c:316: Method 'publickey' disabled.
scp2:server offers auth methods 'publickey,password,keyboard-interactive'.
www's password:

My sshd_config file is:
Port 22
Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
HostKey /usr/local/etc/ssh_host_key
# HostKeys for protocol version 2
HostKey /usr/local/etc/ssh_host_rsa_key
HostKey /usr/local/etc/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 600
#PermitRootLogin yes
#StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used
RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in
/usr/local/etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

#AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes

#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
PrintMotd yes
#PrintLastLog yes
KeepAlive yes
#UseLogin no
UsePrivilegeSeparation no
Compression yes

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no

# override default of no subsystems

In the .ssh directory of the user I want to conenct to,
there is the authorized_keys file:
-rw-r--r-- 1 www wwwadmin 1414 Jun 27 08:59 authorized_keys

The keys are stored in it.

That's it folks.

Regards
Markus

Relevant Pages

  • Re: Hilfe bei OpenSSH for Windows
    ... # This is the sshd server system-wide configuration file. ... # HostKey for protocol version 1 ... # To disable tunneled clear text passwords, ... # Kerberos options ...
    (microsoft.public.de.security.netzwerk.sicherheit)
  • RE: ssh configuration problem
    ... I would also recommend setting Protocol to 1,2 instead of 2, this will let ... after this when i tried to restart the sshd service it fails ... # To disable tunneled clear text passwords, ... # Kerberos TGT Passing only works with the AFS kaserver ...
    (SSH)
  • sftp connection closed
    ... ssh feature is work fine but sftp doesn't work normally. ... # HostKey for protocol version 1 ... # To disable tunneled clear text passwords, ... # Kerberos TGT Passing only works with the AFS kaserver ...
    (comp.unix.solaris)
  • sftp connection closed
    ... ssh feature is work fine but sftp doesn't work normally. ... # HostKey for protocol version 1 ... # To disable tunneled clear text passwords, ... # Kerberos TGT Passing only works with the AFS kaserver ...
    (comp.security.ssh)
  • sftp connection closed
    ... The sftp can ... # HostKey for protocol version 1 ... # To disable tunneled clear text passwords, ... # Kerberos TGT Passing only works with the AFS ...
    (SSH)