[BBLISA] SSH2 to OpenSSH authentication

Tue, 24 Feb 2004 16:41:17 -0800

I'm having trouble getting passwordless authentication to work on SSH2. I'm testing on two servers that share an NIS-mounted directory, but it ultimately has to work for an offsite user who has SSH2)

a) generated keys on the OpenSSH server with a blank passphrase
          ssh-keygen -t dsa -f ~/.ssh/id_dsa
                    copied id_dsa.pub to  .ssh/authorized_keys2   (on remote server)
    At this point passwordless connection between two OpenSSH servers works great

b) generated SSH2-style keys
   ssh-keygen -e -f .ssh/id_dsa.pub > id_dsa_ssh2.pub
  ssh-keygen -e -f .ssh/id_dsa > id_dsa_ssh2

    copied id_dsa_ssh2.pub and id_dsa_ssh2 to .ssh2 directory (on remote server)
    created .ssh2/authorization file containing:                                      ("" "")
        Key id_dsa_ssh2.pub
    created .ssh2/identification file containing:                                     ("""")
        IdKey id_dsa_ssh2

OpenSSH->SSH2 works. SSH2->OpenSSH, and SSH2-SSH2 want a password.  I've played around with running the server on a different port using -ddddd and running the client -v.

Client:
debug: Ssh2Client/sshclient.c:1097/ssh_client_wrap: creating userauth protocol
debug: Ssh2Client/sshclient.c:399/keycheck_key_match: Host key found from database.
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:330/ssh_client_auth_pubkey_send_signature: Constructing and sending signature...
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:423/ssh_client_auth_pubkey_send_signature: ssh_client_auth_pubkey_send_signature: reading /home/username/.ssh2/id_dsa_ssh2
Passphrase for key "/home/username/.ssh2/id_dsa_ssh2" with comment "1024-bit DSA, converted from OpenSSH by [EMAIL PROTECTED]":

Server excerpt:

debug1: trying public key file /home/username/.ssh/authorized_keys2
debug3: secure_filename: checking '/home/username/.ssh'
debug3: secure_filename: checking '/home/username'
debug3: secure_filename: terminating check at '/home/username'
debug1: matching key found: file /home/username/.ssh/authorized_keys2, line 1
Found matching DSA key: <DSA key appears here>
debug1: restore_uid: 0/1
debug3: mm_answer_keyallowed: key 7fac8 is allowed
debug3: mm_request_send entering: type 21
debug3: mm_request_receive entering
debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss
Postponed publickey for username from 128.103.zzz.zzz port 52477 ssh2

Thanks for any clue bonks
Betsy

PS FWIW the OpenSSH box is Solaris 7 and the SSH2 box is Solaris 8. I've also got a couple Solaris 9 boxes running Sun SSH. I can go from them to OpenSSH but not vice versa.

PPS: we're getting there with  OpenSSH but it's slow going, mainly because of SSL. And the box that has to work with this isn't mine.


Betsy Schwartz                                                    email: [EMAIL PROTECTED]
Unix Systems Administrator,CRG                           voice: 617-495-5947
Harvard Graduate School of Design                         fax:    617-496-5866


_______________________________________________
bblisa mailing list
[EMAIL PROTECTED]
http://www.bblisa.org/mailman/listinfo/bblisa

Reply via email to