|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
RE: OpenSSH protocol 2 won't use identity file
Date: Thu Dec 12 2002 - 15:40:43 EST
Adam,
SSH V1 uses the ~/.ssh/identity and ~/.ssh/identity.pub files created with your user's passphrases. OpenSSH running V2 (which is the default) will look for ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub which your users have probably not generated. Since it can't find these, it's falling back to password access.
The command to create these is: ssh-keygen -t rsa
You can also create and use DSA keys (~/.ssh/id_dsa and ~/.ssh/id_dsa.pub) with the command "ssh-keygen -t dsa". To use dsa keys under OpenSSH, you need to add "DSAAuthentication yes" to both your ssh_config and sshd_config on your sending and receiving systems.
One other "gotcha" -- the agent process will look for the pub keys not in the remote user's .ssh/authorized_keys file but in .ssh/authorized_keys2 file.
Hope this helps.
Richard Wilson
-----Original Message-----
From: Adam Cioccarelli [mailto:alciocca@yahoo.com.au]
Sent: Tuesday, December 10, 2002 8:17 PM
To: secureshell@securityfocus.com
Subject: OpenSSH protocol 2 won't use identity file
Hi,
we are in the process of upgrading our solaris boxes from ssh 1.2.32 using SSH protocol 1 to OpenSSH 3.4p1 using both SSH protocol 1 and SSH protocol 2. However after the upgrade users using a protocol 2 client are no longer asked for the passphrase of their ~/.ssh/identity file, they are asked for their user password on the server. Is it not possible to use the old indentity file?
It seems that it isn't even looking for an identity file. Am I doing something wrong or is this normal?
-Adam
ssh -v -v -v localhost
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL
0x0090605f
debug1: Reading configuration data
/usr/local/etc/ssh_config
debug1: Applying options for *
debug3: cipher ok: aes128-cbc
[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfou
r,aes192-cbc,aes256-cbc]
debug3: cipher ok: 3des-cbc
[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc]
debug3: cipher ok: blowfish-cbc
[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcf
our,aes192-cbc,aes256-cbc]
debug3: cipher ok: cast128-cbc
[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfo
ur,aes192-cbc,aes256-cbc]
debug3: cipher ok: arcfour
[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,a
es192-cbc,aes256-cbc]
debug3: cipher ok: aes192-cbc
[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfou
r,aes192-cbc,aes256-cbc]
debug3: cipher ok: aes256-cbc
[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfou
r,aes192-cbc,aes256-cbc]
debug3: ciphers ok:
[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-c
bc,aes256-cbc]
debug1: Rhosts Authentication disabled, originating
port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to localhost [::1] port 22.
ssh: connect to address ::1 port 22: Network is
unreachable
debug1: Connecting to localhost [127.0.0.1] port 22. debug1: Connection established. debug1: identity file
/usr/local/home/cioccaad/.ssh/identity type 0
debug1: identity file
/usr/local/home/cioccaad/.ssh/id_rsa type -1
debug1: identity file
/usr/local/home/cioccaad/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat OpenSSH* Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group 1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,ae s192-cbc,aes256-cbc
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,ae s192-cbc,aes256-cbc
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openss h.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openss h.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group 1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,ae s192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,ae s192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openss h.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openss h.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 129/256 debug1: bits set: 1562/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename
/usr/local/home/cioccaad/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 148 debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /usr/local/home/cioccaad/.ssh/known_hosts:148 debug1: bits set: 1639/3191 debug1: ssh_rsa_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactiv
e
debug3: preferred
publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred:
keyboard-interactive,password
debug3: authmethod_is_enabled publickey debug1: next auth method to try is publickey debug1: try privkey:
/usr/local/home/cioccaad/.ssh/id_rsa
debug3: no such identity:
/usr/local/home/cioccaad/.ssh/id_rsa
debug1: try privkey:
/usr/local/home/cioccaad/.ssh/id_dsa
debug3: no such identity:
/usr/local/home/cioccaad/.ssh/id_dsa
debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: next auth method to try is
keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: debug3: authmethod_is_enabled password debug1: next auth method to try is password cioccaad@localhost's password:
http://greetings.yahoo.com.au - Yahoo! Greetings - Send your seasons greetings online this year! Received on Fri Dec 13 13:05:35 2002
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:51 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |