Hosting Provided By

RE: Help with OpenSSH -> SSH2 Server

From: <dhiraj.2.bhuyan(at)bt.com>
Date: Wed May 21 2003 - 04:32:06 EDT

I think the problem is at the server end - check the directory permissions. Also have a look at "/var/log/secure" and see if there is any error logged.

If for example "/home/user/.ssh/authorizes_keys" is the path to your public key on the server, the permissions using which I got it working are -

chmod 0700 /home/user/.ssh/authorized_keys (check the group/owner)
chmod 0700 /home/user/.ssh
chmod 0700 /home/user

dhiraj

-----Original Message-----

From: wjnorth [mailto:wjnorth@earthlink.net] Sent: 20 May 2003 15:41
To: 'Andrew n marshall'; 'secureshell'
Subject: RE: Help with OpenSSH -> SSH2 Server

What are you trying to do? Key authentication or password challenge?

Those debug1 messages are fine, its trying to associate a public key with whatever private key you own, to see if it can match them together and allow authentication through. Remember, the server's authorized_keys file contains whatever public key you want to use for key based authentication (there are a couple other ways to go about this, but this works great). It will read that file and attempt to match a private key with that public key and allow authentication through. At least, that's what I understand it to be doing. ;-)

The permission denied message is rather interesting. What do you have setup in your sshd_config file? Are you attempting to use key based authentication? If so, how did you set it up?

If you are using authorized_keys for authentication, make sure the file perms are set to 644, no matter what, openSSH sometimes farckles with permissions on key stores.

Do you need help?

-Wes

-----Original Message-----

From: Andrew n marshall [mailto:invysibleman@yahoo.com] Sent: Monday, May 19, 2003 12:33 PM
To: secureshell
Subject: RE: Help with OpenSSH -> SSH2 Server

I'm still having the previously mentioned problems. But here is a new data point... the verbose log. The only thing strange I see is near the bottom:

  debug1: next auth method to try is publickey
  debug1: try privkey: /Users/user/.ssh/id_rsa
  debug1: try pubkey: /Users/user/.ssh/id_dsa

~/.ssh/id_dsa is a PRIVATE key (the public key would be id_dsa.pub). Why is it reading it as a pubkey?

I also glanced at the file permissions, and they match my expectations (600 for private, and 644 for public).

Anm

user@client:~/ > ssh -v server
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f

debug1: Reading configuration data /Users/user/.ssh/config
debug1: Reading configuration data /sw/etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be

trusted.

debug1: ssh_connect: needpriv 0
debug1: Connecting to server [192.168.208.207] port 22.
debug1: Connection established.
debug1: identity file /Users/amarshal/.ssh/identity type 0
debug1: identity file /Users/amarshal/.ssh/id_rsa type -1
debug1: identity file /Users/amarshal/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version 2.4.0 SSH

Secure Shell (non-commercial)

debug1: match: 2.4.0 SSH Secure Shell (non-commercial) pat 2.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client 3des-cbc hmac-md5 none
debug1: kex: client->server 3des-cbc hmac-md5 none
debug1: dh_gen_key: priv key bits set: 186/384
debug1: bits set: 526/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'nitro' is known and matches the DSA host key.
debug1: Found key in /Users/user/.ssh/known_hosts:1
debug1: bits set: 506/1024
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey
debug1: next auth method to try is publickey
Do you need more help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
debug1: try privkey: /Users/user/.ssh/id_rsa
debug1: try pubkey: /Users/user/.ssh/id_dsa
debug1: authentications that can continue: publickey
debug1: no more auth methods to try

Permission denied (publickey).
debug1: Calling cleanup 0x17770(0x0)

Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com Received on Wed May 21 13:38:57 2003

This message: [ Message body ]
Next message: Hideki Machida: "sftp script running through crontab"
Previous message: alex one: "heimdal and ssh"
Maybe in reply to: Andrew n marshall: "Help with OpenSSH -> SSH2 Server"
Next in thread: Andrew n marshall: "RE: Help with OpenSSH -> SSH2 Server"
Reply: Andrew n marshall: "RE: Help with OpenSSH -> SSH2 Server"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:59 EDT

Can we help you?