Hosting Provided By

Problem using ssh protocol 2 dsa

From: Marius Roets <Marius.Roets(at)eskom.co.za>
Date: Tue Apr 22 2003 - 05:32:14 EDT

Hi Everybody,
I am fairly new to the ssh protocol, so I hope this not a stupid question, but I have exhausted all my resources without finding an answer.
I have 2 Linux machines, AA and BB. I want to log into AA from BB without using a password. I have have often done this using protocol 1, but because of things beyond my control I have to use protocol 2 now. I created the dsa keys on BB for user mroets. I copied this public key to authorized_keys2 on AA for 2 users, mroets and eskdx. Now comes the problems. If I do ssh mroets@AA it works fine, but if I do ssh eskdx@AA it doesn't. In the latter case ssh asks for a password (the operating system password). If you give the password, it works, but I don't want it to work that way.

I have tried all settings I can think of and are out of ideas. Any help will be appreciated.

I have added the results of the failing and succeeding ssh attempt below.

Thanks
Marius Roets

:~> ssh -v -v -v eskdx@AA
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f

debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be

trusted.

debug1: restore_uid
debug1: ssh_connect: getuid 500 geteuid 0 anon 1
debug1: Connecting to 147.110.*.* [147.110.*.*] port 22.
debug1: temporarily_use_uid: 500/100 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 500/100 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/mroets/.ssh/id_rsa type -1
debug3: No RSA1 key file /home/mroets/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: no key found
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: no key found
debug1: identity file /home/mroets/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version

OpenSSH_2.9p1
debug1: match: OpenSSH_2.9p1 pat ^OpenSSH Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_2.9p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:

diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:

diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
Do you need help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 133/256
debug1: bits set: 1062/2049
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/mroets/.ssh/known_hosts2
debug3: check_host_in_hostfile: match line 4
debug1: Host '147.110.*.*' is known and matches the DSA host key.
debug1: Found key in /home/mroets/.ssh/known_hosts2:4
debug1: bits set: 1039/2049
debug1: len 55 datafellows 0
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interactive

debug3: start over, passed a different list publickey,password,keyboard-interactive

debug3: preferred publickey,password,keyboard-interactive
debug3: authmethod_lookup publickey
debug3: remaining preferred: password,keyboard-interactive
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug1: try privkey: /home/mroets/.ssh/id_rsa
debug3: no such identity: /home/mroets/.ssh/id_rsa
debug1: try pubkey: /home/mroets/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue:

publickey,password,keyboard-interactive

debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
Do you need more help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
debug3: remaining preferred: keyboard-interactive
debug3: authmethod_is_enabled password
debug1: next auth method to try is password

eskdx@147.110.*.*'s password:

AND HERE IS THE SUCCESSFUL LOGIN:
:~> ssh -v -v -v mroets@AA
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f

debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be

trusted.

debug1: restore_uid
debug1: ssh_connect: getuid 500 geteuid 0 anon 1
debug1: Connecting to 147.110.*.* [147.110.*.*] port 22.
debug1: temporarily_use_uid: 500/100 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 500/100 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/mroets/.ssh/id_rsa type -1
debug3: No RSA1 key file /home/mroets/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: no key found
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: no key found
debug1: identity file /home/mroets/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version

OpenSSH_2.9p1
debug1: match: OpenSSH_2.9p1 pat ^OpenSSH Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_2.9p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: none,zlib
Can we help you? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 128/256
debug1: bits set: 1080/2049
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/mroets/.ssh/known_hosts2
debug3: check_host_in_hostfile: match line 4
debug1: Host '147.110.*.*' is known and matches the DSA host key.
debug1: Found key in /home/mroets/.ssh/known_hosts2:4
debug1: bits set: 1006/2049
debug1: len 55 datafellows 0
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interactive

debug3: start over, passed a different list publickey,password,keyboard-interactive

debug3: preferred publickey,password,keyboard-interactive
debug3: authmethod_lookup publickey
debug3: remaining preferred: password,keyboard-interactive
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug1: try privkey: /home/mroets/.ssh/id_rsa
debug3: no such identity: /home/mroets/.ssh/id_rsa
debug1: try pubkey: /home/mroets/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
Can't find what you're looking for? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
debug1: input_userauth_pk_ok: pkalg ssh-dss blen 434 lastkey 0x8114ce0

hint 1
debug2: input_userauth_pk_ok: fp
e0:e2:b0:b6:7a:b9:4c:42:5a:ca:4a:99:11:47:46:d3

debug3: sign_and_send_pubkey
debug1: read PEM private key done: type DSA
debug1: sig size 20 20
debug1: ssh-userauth2 successful: method publickey
debug3: clear hostkey 0
debug3: clear hostkey 1
debug3: clear hostkey 2
debug1: channel 0: new [client-session]
debug1: channel_new: 0
debug1: send channel open 0
debug1: Entering interactive session.
debug2: callback start
debug1: client_init id 0 arg 0
debug2: tty_make_modes: ospeed 38400
debug2: tty_make_modes: ispeed 38400
debug2: tty_make_modes: 1 3
debug2: tty_make_modes: 2 28
debug2: tty_make_modes: 3 127
debug2: tty_make_modes: 4 21
debug2: tty_make_modes: 5 4
debug2: tty_make_modes: 6 0
debug2: tty_make_modes: 7 0
debug2: tty_make_modes: 8 17
debug2: tty_make_modes: 9 19
debug2: tty_make_modes: 10 26
debug2: tty_make_modes: 12 18
debug2: tty_make_modes: 13 23
debug2: tty_make_modes: 14 22
debug2: tty_make_modes: 18 15
debug2: tty_make_modes: 30 0
debug2: tty_make_modes: 31 0
debug2: tty_make_modes: 32 0
debug2: tty_make_modes: 33 0
debug2: tty_make_modes: 34 0
debug2: tty_make_modes: 35 0
debug2: tty_make_modes: 36 1
debug2: tty_make_modes: 37 0
debug2: tty_make_modes: 38 1
debug2: tty_make_modes: 39 0
debug2: tty_make_modes: 40 0
debug2: tty_make_modes: 41 0
debug2: tty_make_modes: 50 1
debug2: tty_make_modes: 51 1
debug2: tty_make_modes: 52 0
debug2: tty_make_modes: 53 1
debug2: tty_make_modes: 54 1
debug2: tty_make_modes: 55 1
debug2: tty_make_modes: 56 0
debug2: tty_make_modes: 57 0
debug2: tty_make_modes: 58 0
debug2: tty_make_modes: 59 1
debug2: tty_make_modes: 60 1
debug2: tty_make_modes: 61 1
debug2: tty_make_modes: 62 0
debug2: tty_make_modes: 70 1
debug2: tty_make_modes: 71 0
debug2: tty_make_modes: 72 1
debug2: tty_make_modes: 73 0
Don't know where to look next? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
debug2: tty_make_modes: 74 0
debug2: tty_make_modes: 75 0
debug2: tty_make_modes: 90 1
debug2: tty_make_modes: 91 1
debug2: tty_make_modes: 92 0
debug2: tty_make_modes: 93 0
debug1: channel request 0: shell
debug2: callback done
debug1: channel 0: open confirm rwindow 0 rmax 16384
debug2: channel 0: rcvd adjust 32768

Marius Roets

Senior Support and Development Analyst
Power Exchange
Eskom Transmission
South Africa

Tel: +27 11 871 3749
Fax: +27 11 871 3304
Pax: 8181 3749

Cell: +27 83 626 1727 Received on Tue Apr 22 14:54:24 2003

Confused? Frustrated?

This message: [ Message body ]
Next message: snake: "Re: Open SSH v3.6.1p1"
Previous message: Joachim Backes: "non-commercial ssh-3.2.3, IRIX 6.5"
In reply to Bobby Patel: "Still prompts for password not passphrase"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:57 EDT