Re: [gentoo-user] [perhaps OT] ssh from Gentoo into a RedHat server
On Thursday 31 May 2007 20:05, Hans-Werner Hilse wrote: On Thu, 31 May 2007 19:28:09 +0100 Mick [EMAIL PROTECTED] wrote: Aha! We're getting somewhere. There's no /home/mic specified in /etc/passwd but /: mick:x:502:10::/:/bin/bash What do you make of this?! LART your admin :-) and be sure he/she corrects that to read the real homedir instead... (well, you could just use / as your home, but I guess your admin didn't give you rights to write stuff there...) All the details in man 5 passwd. LART him indeed (although I found out that it was the server owner and friend of mine that changed all these settings using webmin. Aaarghh!) I am grateful for your help. After I changed the user home directory it's all working nicely. :) -- Regards, Mick pgpeKzexgu8Se.pgp Description: PGP signature
Re: [gentoo-user] [perhaps OT] ssh from Gentoo into a RedHat server
On Wednesday 30 May 2007 21:42, Mauro Faccenda wrote: On Wednesday 30 May 2007 16:57, Mick wrote: I find it confusing. First of all I do not have a id_rsa. it tries the default keys (id_rsa or id_dsa), if exists. id_rsa does not exist in my local /home/michael/.ssh/ only id_dsa is there and the public key that I have saved in /home/mic/.ssh/authorized_keys on the server is my corresponding id_dsa.pub. if you don't want it to try it, you can use the -i parameter to ssh pointing to your private key (ssh -i ~/.ssh/id_dsa user@server), Trying with the -i option also fails: == $ ssh -v -p 22 -i /home/michael/.ssh/id_dsa mick@blah-blah [snip] debug1: Found key in /home/michael/.ssh/known_hosts:18 debug1: ssh_rsa_verify: signature correct debug1: Enabling compression at level 6. debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: publickey debug1: Offering public key: /home/michael/.ssh/id_dsa debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: password == Second, my id_dsa is my private key not my public key. My public key is id_dsa.pub but you will need your private key to be authenticated. that's why it is *private*. That's right, so why does it: == debug1: Trying private key: /home/michael/.ssh/id_rsa --this doesn't exist debug1: Offering public key: /home/michael/.ssh/id_dsa --this is my private key == Is this a server configuration issue, or something to do with my Gentoo set up? ana in the server you'll need to put your *public* key into ~/.ssh/authorized_keys file. I have of course done this first. PS. Not sure if this is relevant but although my user name on the server is mick, for reasons better known to him the sysadmin has created my home directory as /home/mic - could it be that sshd is looking for /home/mick? that messages isn't from the server, is from client running locally. but it doesnt matter for what you want. It matters if the server is trying to find id_dsa.pub in a non-existing directory. -- Regards, Mick pgpkG77TMDl2m.pgp Description: PGP signature
Re: [gentoo-user] [perhaps OT] ssh from Gentoo into a RedHat server
On Thursday 31 May 2007 07:42, Mick wrote: On Wednesday 30 May 2007 21:42, Mauro Faccenda wrote: On Wednesday 30 May 2007 16:57, Mick wrote: I find it confusing. First of all I do not have a id_rsa. it tries the default keys (id_rsa or id_dsa), if exists. id_rsa does not exist in my local /home/michael/.ssh/ only id_dsa is there and the public key that I have saved in /home/mic/.ssh/authorized_keys on the server is my corresponding id_dsa.pub. if you don't want it to try it, you can use the -i parameter to ssh pointing to your private key (ssh -i ~/.ssh/id_dsa user@server), Trying with the -i option also fails: == $ ssh -v -p 22 -i /home/michael/.ssh/id_dsa mick@blah-blah [snip] debug1: Found key in /home/michael/.ssh/known_hosts:18 debug1: ssh_rsa_verify: signature correct debug1: Enabling compression at level 6. debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: publickey debug1: Offering public key: /home/michael/.ssh/id_dsa debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: password == that's strange. which version of openssh do you use in the server and the client? mine: client: OpenSSH_4.5p1 server: OpenSSH_4.4p1 here mine output doing ssh to a server with only key authentication enabled: i don't have the id_dsa.pub in my local machine too. === debug1: Found key in /home/faccenda/.ssh/known_hosts:8 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: id_dsa debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type unknown Enter passphrase for key 'id_dsa': === the failed part was because my key is password protected, so it asks me. That's right, so why does it: == debug1: Trying private key: /home/michael/.ssh/id_rsa --this doesn't exist debug1: Offering public key: /home/michael/.ssh/id_dsa --this is my private key == i didn't noticed this line... really strange. how your id_dsa was created? is it corrupted or does it has a public key on it instead? you should try creating your key pair again with: $ ssh-keygen -t dsa i would like to see the content of this file (or, at least the headers), but its a PRIVATE key. ;) the headers of mine: -BEGIN DSA PRIVATE KEY- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,933FEB2C1C691496 PS. Not sure if this is relevant but although my user name on the server is mick, for reasons better known to him the sysadmin has created my home directory as /home/mic - could it be that sshd is looking for /home/mick? that messages isn't from the server, is from client running locally. but it doesnt matter for what you want. It matters if the server is trying to find id_dsa.pub in a non-existing directory. but as i said, that message isn't from the server. being a redhat, i suppose that it uses redhat with more less the default configuration, that tries to read your public key on your user home in the server (~/.ssh/authorized_users or ~/.ssh/authorized_users2). and openssh knows where to look at. even when the home of the user isn't the default which is your case, right? hope it helps, .m -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] [perhaps OT] ssh from Gentoo into a RedHat server
Hi, On Thu, 31 May 2007 11:42:48 +0100 Mick [EMAIL PROTECTED] wrote: Second, my id_dsa is my private key not my public key. My public key is id_dsa.pub but you will need your private key to be authenticated. that's why it is *private*. That's right, so why does it: == debug1: Trying private key: /home/michael/.ssh/id_rsa --this doesn't exist debug1: Offering public key: /home/michael/.ssh/id_dsa --this is my private key == What is wrong with that? It just says it is trying to access id_rsa, not that there is one. So it fails, of course. So not existing key isn't a matter here. It's _debugging_ output, so not necessarily important information. Using the private key is absolutely normal. A test message is encrypted using it and is then being sent to the server, hence the term offering. I don't see what you are wondering about here. PS. Not sure if this is relevant but although my user name on the server is mick, for reasons better known to him the sysadmin has created my home directory as /home/mic - could it be that sshd is looking for /home/mick? that messages isn't from the server, is from client running locally. but it doesnt matter for what you want. It matters if the server is trying to find id_dsa.pub in a non-existing directory. But it _is_ a client message. It doesn't tell you where the server is searching. So yes, the server might be off track and searching in the wrong place. You could tell by monitoring the server's logs. sshd will always search in the home directory as specified in /etc/passwd (in the normal case) or more sophisticated solutions like LDAP or NSS. So make sure it really *is* configured as the home directory. If the target server is ancient, it might also be searching in .ssh/authorized_keys2. Maybe DSA auth is disabled. Why don't you check server side logs (or let your sysadmin do that)? -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] [perhaps OT] ssh from Gentoo into a RedHat server
Mauro Faccenda wrote: being a redhat, i suppose that it uses redhat with more less the default configuration, that tries to read your public key on your user home in the server (~/.ssh/authorized_users or ~/.ssh/authorized_users2). This is something I've wondered about for a while - what's the difference between authorized_users and authorized_users2? R -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] [perhaps OT] ssh from Gentoo into a RedHat server
Hi, On Thu, 31 May 2007 09:08:38 -0400 Randy Barlow [EMAIL PROTECTED] wrote: Mauro Faccenda wrote: being a redhat, i suppose that it uses redhat with more less the default configuration, that tries to read your public key on your user home in the server (~/.ssh/authorized_users or ~/.ssh/authorized_users2). This is something I've wondered about for a while - what's the difference between authorized_users and authorized_users2? I think this is some compatibility cruft from the first sshd versions using the protocol version 2. Comments in pathnames.h from the OpenSSH distribution indicate that, too. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] [perhaps OT] ssh from Gentoo into a RedHat server
On Thursday 31 May 2007 09:38, Hans-Werner Hilse wrote: wrote: Second, my id_dsa is my private key not my public key. My public key is id_dsa.pub but you will need your private key to be authenticated. that's why it is *private*. That's right, so why does it: == debug1: Trying private key: /home/michael/.ssh/id_rsa --this doesn't exist debug1: Offering public key: /home/michael/.ssh/id_dsa --this is my private key == What is wrong with that? It just says it is trying to access id_rsa, not that there is one. So it fails, of course. So not existing key isn't a matter here. It's _debugging_ output, so not necessarily important information. Using the private key is absolutely normal. A test message is encrypted using it and is then being sent to the server, hence the term offering. I don't see what you are wondering about here. what's wrong there is that it's saying that id_dsa is a PUBLIC key. ;) []'s .m -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] [perhaps OT] ssh from Gentoo into a RedHat server
On Thursday 31 May 2007 13:14, Mauro Faccenda wrote: On Thursday 31 May 2007 07:42, Mick wrote: On Wednesday 30 May 2007 21:42, Mauro Faccenda wrote: [snip] debug1: Offering public key: /home/michael/.ssh/id_dsa debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: password == that's strange. which version of openssh do you use in the server and the client? mine: client: OpenSSH_4.5p1 server: OpenSSH_4.4p1 Installed versions: 4.5_p1-r1(19:45:58 02/23/07) (X -X509 -chroot -hpn -kerberos ldap -libedit pam -selinux -skey -smartcard -static tcpd) That's right, so why does it: == debug1: Trying private key: /home/michael/.ssh/id_rsa --this doesn't exist debug1: Offering public key: /home/michael/.ssh/id_dsa --this is my private key == i didn't noticed this line... really strange. how your id_dsa was created? is it corrupted or does it has a public key on it instead? It was created with 'ssh-keygen -t dsa'. you should try creating your key pair again with: $ ssh-keygen -t dsa I would, but it seems to work fine with other servers, hence the point of this thread. What I am going to try out nevertheless is generating an RSA key and see if the server accepts it. Perhaps as Hans-Werner suggested the server may have been configured to only use dsa keys (I find this odd, but I don't know much about RH). i would like to see the content of this file (or, at least the headers), but its a PRIVATE key. ;) the headers of mine: -BEGIN DSA PRIVATE KEY- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,933FEB2C1C691496 This is mine: -BEGIN DSA PRIVATE KEY- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC, XXX[snip] -- Regards, Mick pgpicfna9L7St.pgp Description: PGP signature
Re: [gentoo-user] [perhaps OT] ssh from Gentoo into a RedHat server
On 31/05/07, Mick [EMAIL PROTECTED] wrote: On Thursday 31 May 2007 13:14, Mauro Faccenda wrote: you should try creating your key pair again with: $ ssh-keygen -t dsa I would, but it seems to work fine with other servers, hence the point of this thread. What I am going to try out nevertheless is generating an RSA key and see if the server accepts it. Perhaps as Hans-Werner suggested the server may have been configured to only use dsa keys (I find this odd, but I don't know much about RH). Not sure if this server has been configured to only use its own generated keys (is this possible?) because it will not accept a new RSA key of mine: == debug1: Found key in /home/michael/.ssh/known_hosts:18 debug1: ssh_rsa_verify: signature correct debug1: Enabling compression at level 6. debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: publickey debug1: Offering public key: .ssh/id_rsa debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: password == It think it's high time I have words with the sysadmin - wish me luck. ;-) -- Regards, Mick smime.p7s Description: S/MIME Cryptographic Signature
Re: [gentoo-user] [perhaps OT] ssh from Gentoo into a RedHat server
On Thursday 31 May 2007 13:38, Hans-Werner Hilse wrote: But it _is_ a client message. It doesn't tell you where the server is searching. So yes, the server might be off track and searching in the wrong place. You could tell by monitoring the server's logs. sshd will always search in the home directory as specified in /etc/passwd (in the normal case) or more sophisticated solutions like LDAP or NSS. So make sure it really *is* configured as the home directory. Aha! We're getting somewhere. There's no /home/mic specified in /etc/passwd but /: mick:x:502:10::/:/bin/bash What do you make of this?! -- Regards, Mick pgpPKcCmOQdmh.pgp Description: PGP signature
Re: [gentoo-user] [perhaps OT] ssh from Gentoo into a RedHat server
On Thu, May 31, 2007 2:28 pm, Mick wrote: Aha! We're getting somewhere. There's no /home/mic specified in /etc/passwd but /: mick:x:502:10::/:/bin/bash What do you make of this?! That's surely not right, try changing it to mick:x:502:10::/home/mic:/bin/bash -- Randy Barlow http://www.electronsweatshop.com Oh me of little faith... -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] [perhaps OT] ssh from Gentoo into a RedHat server
Hi, On Thu, 31 May 2007 19:28:09 +0100 Mick [EMAIL PROTECTED] wrote: sshd will always search in the home directory as specified in /etc/passwd (in the normal case) or more sophisticated solutions like LDAP or NSS. So make sure it really *is* configured as the home directory. Aha! We're getting somewhere. There's no /home/mic specified in /etc/passwd but /: mick:x:502:10::/:/bin/bash What do you make of this?! LART your admin :-) and be sure he/she corrects that to read the real homedir instead... (well, you could just use / as your home, but I guess your admin didn't give you rights to write stuff there...) All the details in man 5 passwd. For obvious reasons, specifying your home dir from SSH client side upon connection is not possible. Otherwise, a lot of public keys for the root account would be lingerin' around in /tmp, I guess ;-) -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] [perhaps OT] ssh from Gentoo into a RedHat server
Hello Mick mic ! :D On 30/05/07, Mick [EMAIL PROTECTED] wrote: Hi All, debug1: Next authentication method: publickey debug1: Trying private key: /home/michael/.ssh/id_rsa debug1: Offering public key: /home/michael/.ssh/id_dsa I am not sure if you know the publickey authentication method, so there goes an unnecessary explanation: If you register the id_dsa.pub contents in the file /home/mic/.ssh/authorized_keys in the server, then the publickey authentication method returns success, what means, you enter the server without typing your password. The debug messages suggest that publickey method failed because you did not register the key. debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: password == I find it confusing. First of all I do not have a id_rsa. You can generate one with the command ssh-keygen and using the default statements. Second, my id_dsa is my private key not my public key. My public key is id_dsa.pub No problem, ssh respects that completely. Is this a server configuration issue, or something to do with my Gentoo set up? PS. Not sure if this is relevant but although my user name on the server is mick, for reasons better known to him the sysadmin has created my home directory as /home/mic - could it be that sshd is looking for /home/mick? sshd looks into /home/mic on the server side. Regards, Mick Cheers! -- Fabio A. Correa D. Physics Dept, Universidad Nacional, Bogota, Colombia [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] My webpage and OpenPGP key at http://facorread.150m.com My alexandria.cc address is not available anymore. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] [perhaps OT] ssh from Gentoo into a RedHat server
On Wednesday 30 May 2007 16:57, Mick wrote: Hi All, [...] I find it confusing. First of all I do not have a id_rsa. it tries the default keys (id_rsa or id_dsa), if exists. if you don't want it to try it, you can use the -i parameter to ssh pointing to your private key (ssh -i ~/.ssh/id_dsa user@server), Second, my id_dsa is my private key not my public key. My public key is id_dsa.pub but you will need your private key to be authenticated. that's why it is *private*. Is this a server configuration issue, or something to do with my Gentoo set up? ana in the server you'll need to put your *public* key into ~/.ssh/authorized_keys file. PS. Not sure if this is relevant but although my user name on the server is mick, for reasons better known to him the sysadmin has created my home directory as /home/mic - could it be that sshd is looking for /home/mick? that messages isn't from the server, is from client running locally. but it doesnt matter for what you want. []'s .m -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] [perhaps OT] ssh from Gentoo into a RedHat server
On Wednesday 30 May 2007 21:12, Fabio wrote: Hello Mick mic ! :D On 30/05/07, Mick [EMAIL PROTECTED] wrote: Hi All, debug1: Next authentication method: publickey debug1: Trying private key: /home/michael/.ssh/id_rsa debug1: Offering public key: /home/michael/.ssh/id_dsa I am not sure if you know the publickey authentication method, so there goes an unnecessary explanation: If you register the id_dsa.pub contents in the file /home/mic/.ssh/authorized_keys in the server, then the publickey authentication method returns success, what means, you enter the server without typing your password. The debug messages suggest that publickey method failed because you did not register the key. Thanks for the explanation. I had already created an authorized_keys file in /home/mic/.ssh and pasted my id_dsa.pub key in there. Then checked that there was nothing untoward in the /etc/ssh/sshd_config file and restarted the sshd service. debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: password == I find it confusing. First of all I do not have a id_rsa. You can generate one with the command ssh-keygen and using the default statements. Sure, but I don't need an rsa key. I am happy using my dsa key for now. Second, my id_dsa is my private key not my public key. My public key is id_dsa.pub No problem, ssh respects that completely. I know that it does. What I don't know is why the debug message says: Offering public key: /home/michael/.ssh/id_dsa when id_dsa is a private key. -- Regards, Mick pgpFTN0iZwyWX.pgp Description: PGP signature