Re: openssh: publickey authentication does not work, although key is found


Bernd Strieder wrote:

Aug 14 17:01:28 myhost sshd[13679]: Postponed publickey for foobar
from <....> port 11421 ssh2

According to the sources this means that the server verified that the
client has the matching public key only, but did not send a test
message signed by the private key, to really check the public key
against. Openssh seems to just record this, for added trust, or
whatever, but no authentication is happening.

So it seems like the client not trying to do real publickey
authentication. Could anybody confirm?

Since the client with problems is a foreign machine, I have to see to
get their logs. I have not been able to reproduce on the local
machines. Hopefully this is just some bad default configuration.

Bernd Strieder


Relevant Pages

  • [NT] Dark Age of Camelot Man-In-The-Middle
    ... use of RSA public key cryptography and an RC4 based symmetric algorithm. ... Seeing the imminent release of code for cracking the game client (which ... At the beginning of each TCP session, the server sends a 1536 bit RSA ... void bytes_out(unsigned char *data, int len) ...
  • Re: Basics of key authentication
    ... The public key gets copied to the server, ... and the client decrypts it with its private key to prove he is who he ... and the digital signature to the server. ...
  • Re: Debian SSH server configuration
    ... I would like to configure a Debian server to only allow clients to ssh ... I don't want any client computers to be able to ssh into ... It sounds like what you are asking for is host based authentication, ... where the server check to make sure that it has the host public key ...
  • RE: Cannot decrypt files encrypted using Crypto API on a different
    ... On the client computer you app first would try to open the container ... the server generates session key, wraps it with the client's public key, ... encrypts the content with the session key and sends both the wrapped session ... encrypt your data with this key ...
  • RE: Cannot decrypt files encrypted using Crypto API on a different
    ... previous message which uses the recipien't public key.) ... KEK (key encryption key) to protect the session key. ... embedded into your client app and server code). ... but what is the point to encrypt the data if ANYBODY can decrypt it (since ...