Hosting Provided By

RE: Help with OpenSSH -> SSH2 Server

From: wjnorth <wjnorth(at)earthlink.net>
Date: Tue May 20 2003 - 11:41:16 EDT

What are you trying to do? Key authentication or password challenge?

Those debug1 messages are fine, its trying to associate a public key with whatever private key you own, to see if it can match them together and allow authentication through. Remember, the server's authorized_keys file contains whatever public key you want to use for key based authentication (there are a couple other ways to go about this, but this works great). It will read that file and attempt to match a private key with that public key and allow authentication through. At least, that's what I understand it to be doing. ;-)

The permission denied message is rather interesting. What do you have setup in your sshd_config file? Are you attempting to use key based authentication? If so, how did you set it up?

If you are using authorized_keys for authentication, make sure the file perms are set to 644, no matter what, openSSH sometimes farckles with permissions on key stores.

-Wes

-----Original Message-----

From: Andrew n marshall [mailto:invysibleman@yahoo.com] Sent: Monday, May 19, 2003 12:33 PM
To: secureshell
Subject: RE: Help with OpenSSH -> SSH2 Server

I'm still having the previously mentioned problems. But here is a new data point... the verbose log. The only thing strange I see is near the bottom:

  debug1: next auth method to try is publickey
  debug1: try privkey: /Users/user/.ssh/id_rsa
  debug1: try pubkey: /Users/user/.ssh/id_dsa

~/.ssh/id_dsa is a PRIVATE key (the public key would be id_dsa.pub). Why is it reading it as a pubkey?

Do you need help?

I also glanced at the file permissions, and they match my expectations (600 for private, and 644 for public).

Anm

user@client:~/ > ssh -v server
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f

debug1: Reading configuration data /Users/user/.ssh/config
debug1: Reading configuration data /sw/etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be

trusted.

debug1: ssh_connect: needpriv 0
debug1: Connecting to server [192.168.208.207] port 22.
debug1: Connection established.
debug1: identity file /Users/amarshal/.ssh/identity type 0
debug1: identity file /Users/amarshal/.ssh/id_rsa type -1
debug1: identity file /Users/amarshal/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version 2.4.0 SSH

Secure Shell (non-commercial)

debug1: match: 2.4.0 SSH Secure Shell (non-commercial) pat 2.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client 3des-cbc hmac-md5 none
debug1: kex: client->server 3des-cbc hmac-md5 none
debug1: dh_gen_key: priv key bits set: 186/384
debug1: bits set: 526/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'nitro' is known and matches the DSA host key.
debug1: Found key in /Users/user/.ssh/known_hosts:1
debug1: bits set: 506/1024
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey
debug1: next auth method to try is publickey
Do you need more help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
debug1: try privkey: /Users/user/.ssh/id_rsa
debug1: try pubkey: /Users/user/.ssh/id_dsa
debug1: authentications that can continue: publickey
debug1: no more auth methods to try

Permission denied (publickey).
debug1: Calling cleanup 0x17770(0x0)

Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com Received on Tue May 20 13:18:13 2003

This message: [ Message body ]
Next message: Greg Wooledge: "Re: Help with OpenSSH -> SSH2 Server"
Previous message: Andrew n marshall: "RE: Help with OpenSSH -> SSH2 Server"
Maybe in reply to: Andrew n marshall: "Help with OpenSSH -> SSH2 Server"
Reply: Greg Wooledge: "Re: Help with OpenSSH -> SSH2 Server"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:59 EDT