Thank you very much for your help. Sorry, but I didn´t get it running... now I get "no auth methods could be used". When I start dbclient with option "-i", it says "Ignoring unknown argument...".
My system/what i did: server (dropbear) -> 192.168.0.20: + dropbear started as root (dropbear -v -F -r /etc/dropbear/dropbear_rsa_host_key) [see trace (1)] + -rw------- 1 root root 427 ... dropbear_rsa_host_key + /root/.ssh/authorized_keys contains public key of client: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgwCG ... 7ITwqih9hTB9ItPfgtggvclIVlMzVJ= [EMAIL PROTECTED] It doesn´t make any difference if I append [EMAIL PROTECTED] or not. + -rw------- 1 root root 232 ... authorized_keys client (dbclient) -> 192.168.0.23 + generated new keys on client + private key in id_rsa.db / public key appended to authorized_keys on the server + under user root: dbclient -v -l root 192.168.0.20 [see trace (2)] (+ 'dbclient -i id_rsa.db -v -l root 192.168.0.20' results in WARNING: Ignoring unknown argument `-i`) + on serverside i get the appended trace (3) I don´t know whats wrong, but could it be that this problem occurs cause I compiled dropbear and dbclient statically against uclibc? (btw I use the original version of options.h). When I call 'make LDFLAGS="-static" PROGRAMS=dropbear dbclient', compilation fails: cli-auth.c: In function `recv_msg_userauth_specific_60': cli-auth.c:109: error: `cli_ses' undeclared (first use in this function) cli-auth.c:109: error: (Each undeclared identifier is reported only once cli-auth.c:109: error: for each function it appears in.) cli-auth.c: In function `recv_msg_userauth_failure': cli-auth.c:147: error: `cli_ses' undeclared (first use in this function) cli-auth.c: In function `recv_msg_userauth_success': cli-auth.c:233: error: `cli_ses' undeclared (first use in this function) cli-auth.c: In function `cli_auth_try': cli-auth.c:249: error: `cli_ses' undeclared (first use in this function) make: *** [cli-auth.o] Fehler 1 Compiling them apart works well (PROGRAMS=dropbear or PROGRAMS=dbclient). Sorry, this mail became really long... greetings Sebastian -------------------------------------------------------------------------------------------------------------- (1) Trace dropbear prompt # dropbear -v -F -r /etc/dropbear/dropbear_rsa_host_key TRACE: enter loadhostkeys TRACE: enter buf_get_priv_key TRACE: enter rsa_key_free TRACE: leave rsa_key_free: key == NULL TRACE: enter buf_get_rsa_priv_key TRACE: enter buf_get_rsa_pub_key TRACE: leave buf_get_rsa_pub_key: success TRACE: leave buf_get_rsa_priv_key TRACE: leave buf_get_priv_key TRACE: leave loadhostkeys [15632] May 14 12:51:07 Not forking TRACE: listensockets: 1 to try TRACE: listening on '22' TRACE: enter dropbear_listen TRACE: dropbear_listen: all interfaces TRACE: bind(22) failed TRACE: leave dropbear_listen: success, 1 socks bound -------------------------------------------------------------------------------------------------------------- (2) Trace dbclient prompt# ./dbclient -v -l root 192.168.0.20 TRACE: non-flag arg: '192.168.0.20' TRACE: user='root' host='192.168.0.20' port='22' TRACE: enter connect_remote TRACE: leave connect_remote: sock 3 TRACE: enter session_init TRACE: kexinitialise() TRACE: leave session_init TRACE: enter ident_readln TRACE: leave ident_readln: return 22 TRACE: remoteident: SSH-2.0-dropbear_0.48 TRACE: enter encrypt_packet() TRACE: encrypt_packet type is 20 TRACE: enter writemac TRACE: leave writemac TRACE: enter enqueue TRACE: leave enqueue TRACE: leave encrypt_packet() TRACE: DATAALLOWED=0 TRACE: -> KEXINIT TRACE: enter write_packet TRACE: empty queue dequeing TRACE: leave write_packet TRACE: enter read_packet TRACE: enter decrypt_packet TRACE: leave decrypt_packet TRACE: leave read_packet TRACE: enter process_packet TRACE: process_packet: packet type = 20 TRACE: <- KEXINIT TRACE: enter recv_msg_kexinit TRACE: cli_buf_match_algo: diffie-hellman-group1-sha1 TRACE: kex algo diffie-hellman-group1-sha1 TRACE: cli_buf_match_algo: ssh-rsa TRACE: hostkey algo ssh-rsa TRACE: cli_buf_match_algo: aes128-cbc,3des-cbc,aes256-cbc TRACE: enc c2s is aes128-cbc TRACE: cli_buf_match_algo: aes128-cbc,3des-cbc,aes256-cbc TRACE: enc s2c is aes128-cbc TRACE: cli_buf_match_algo: hmac-sha1-96,hmac-sha1 TRACE: hash c2s is hmac-sha1-96 TRACE: cli_buf_match_algo: hmac-sha1-96,hmac-sha1 TRACE: hash s2c is hmac-sha1-96 TRACE: cli_buf_match_algo: none TRACE: hash c2s is none TRACE: cli_buf_match_algo: none TRACE: hash s2c is none TRACE: leave recv_msg_kexinit TRACE: leave process_packet TRACE: enter cli_sessionloop TRACE: enter send_msg_kexdh_reply TRACE: enter buf_putmpint TRACE: leave buf_putmpint TRACE: enter encrypt_packet() TRACE: encrypt_packet type is 30 TRACE: enter writemac TRACE: leave writemac TRACE: enter enqueue TRACE: leave enqueue TRACE: leave encrypt_packet() TRACE: leave cli_sessionloop: done with KEXINIT_RCVD TRACE: enter write_packet TRACE: empty queue dequeing TRACE: leave write_packet TRACE: enter cli_sessionloop TRACE: leave cli_sessionloop: kex_state != KEX_NOTHING TRACE: enter read_packet TRACE: enter decrypt_packet TRACE: leave decrypt_packet TRACE: leave read_packet TRACE: enter process_packet TRACE: process_packet: packet type = 31 TRACE: enter recv_msg_kexdh_reply TRACE: type is 1 TRACE: enter buf_getline TRACE: leave buf_getline: success TRACE: hosts don't match TRACE: enter buf_getline TRACE: leave buf_getline: success TRACE: checkpubkey: base64_decode success TRACE: good matching key TRACE: enter buf_get_pub_key TRACE: enter rsa_key_free TRACE: leave rsa_key_free: key == NULL TRACE: enter buf_get_rsa_pub_key TRACE: leave buf_get_rsa_pub_key: success TRACE: leave buf_get_pub_key TRACE: enter buf_put_pub_key TRACE: enter buf_put_rsa_pub_key TRACE: enter buf_putmpint TRACE: leave buf_putmpint TRACE: enter buf_putmpint TRACE: leave buf_putmpint TRACE: leave buf_put_rsa_pub_key TRACE: leave buf_put_pub_key TRACE: enter buf_putmpint TRACE: leave buf_putmpint TRACE: enter buf_putmpint TRACE: leave buf_putmpint TRACE: enter buf_putmpint TRACE: leave buf_putmpint TRACE: enter buf_verify TRACE: enter buf_rsa_verify TRACE: success! TRACE: leave buf_rsa_verify: ret 0 TRACE: enter sign_key_free TRACE: enter rsa_key_free TRACE: leave rsa_key_free TRACE: leave sign_key_free TRACE: enter send_msg_newkeys TRACE: enter encrypt_packet() TRACE: encrypt_packet type is 21 TRACE: enter writemac TRACE: leave writemac TRACE: enter enqueue TRACE: leave enqueue TRACE: leave encrypt_packet() TRACE: SENTNEWKEYS=1 TRACE: -> MSG_NEWKEYS TRACE: leave send_msg_newkeys TRACE: leave recv_msg_kexdh_init TRACE: leave process_packet TRACE: enter cli_sessionloop TRACE: leave cli_sessionloop: kex_state != KEX_NOTHING TRACE: enter write_packet TRACE: empty queue dequeing TRACE: leave write_packet TRACE: enter read_packet TRACE: enter decrypt_packet TRACE: leave decrypt_packet TRACE: leave read_packet TRACE: enter process_packet TRACE: process_packet: packet type = 21 TRACE: <- MSG_NEWKEYS TRACE: enter recv_msg_newkeys TRACE: while SENTNEWKEYS=1 TRACE: enter gen_new_keys TRACE: enter buf_putmpint TRACE: leave buf_putmpint TRACE: leave gen_new_keys TRACE: kexinitialise() TRACE: -> DATAALLOWED=1 TRACE: leave recv_msg_newkeys TRACE: leave process_packet TRACE: enter cli_sessionloop TRACE: enter send_msg_service_request: servicename='ssh-userauth' TRACE: enter encrypt_packet() TRACE: encrypt_packet type is 5 TRACE: enter writemac TRACE: leave writemac TRACE: enter enqueue TRACE: leave enqueue TRACE: leave encrypt_packet() TRACE: leave send_msg_service_request TRACE: leave cli_sessionloop: sent userauth service req TRACE: enter write_packet TRACE: empty queue dequeing TRACE: leave write_packet TRACE: enter cli_sessionloop TRACE: leave cli_sessionloop: fell out TRACE: enter read_packet TRACE: enter decrypt_packet TRACE: leave decrypt_packet TRACE: leave read_packet TRACE: enter process_packet TRACE: process_packet: packet type = 6 TRACE: enter recv_msg_service_accept TRACE: leave recv_msg_service_accept: done ssh-userauth TRACE: leave process_packet TRACE: enter cli_sessionloop TRACE: enter cli_auth_getmethods TRACE: enter encrypt_packet() TRACE: encrypt_packet type is 50 TRACE: enter writemac TRACE: leave writemac TRACE: enter enqueue TRACE: leave enqueue TRACE: leave encrypt_packet() TRACE: leave cli_auth_getmethods TRACE: leave cli_sessionloop: sent userauth methods req TRACE: enter write_packet TRACE: empty queue dequeing TRACE: leave write_packet TRACE: enter cli_sessionloop TRACE: leave cli_sessionloop: fell out TRACE: enter read_packet TRACE: enter decrypt_packet TRACE: leave decrypt_packet TRACE: leave read_packet TRACE: enter process_packet TRACE: process_packet: packet type = 51 TRACE: <- MSG_USERAUTH_FAILURE TRACE: enter recv_msg_userauth_failure TRACE: Methods (len 9): 'publickey' TRACE: auth method 'publickey' TRACE: leave recv_msg_userauth_failure TRACE: leave process_packet TRACE: enter cli_sessionloop TRACE: enter cli_auth_try TRACE: cli_auth_try lastauthtype 1 TRACE: enter cli_tty_cleanup TRACE: leave cli_tty_cleanup: not in raw mode TRACE: enter session_cleanup TRACE: enter chancleanup TRACE: leave chancleanup TRACE: leave session_cleanup ./dbclient: connection to [EMAIL PROTECTED]:22 exited: No auth methods could be used. -------------------------------------------------------------------------------------------------------------- (3) Trace serverside after executing dbclient (excerpt) ... TRACE: enter recv_msg_userauth_request TRACE: recv_msg_userauth_request: 'none' request TRACE: enter send_msg_userauth_failure TRACE: enter encrypt_packet() TRACE: encrypt_packet type is 51 TRACE: enter writemac TRACE: leave writemac TRACE: enter enqueue TRACE: leave enqueue TRACE: leave encrypt_packet() TRACE: auth fail: methods 2, '' TRACE: leave send_msg_userauth_failure TRACE: leave process_packet TRACE: enter write_packet TRACE: empty queue dequeing TRACE: leave write_packet TRACE: enter read_packet [16168] May 14 13:06:46 exit before auth: Exited normally ... Am Samstag, 13. Mai 2006 06:42 schrieben Sie: > > The /etc/dropbear/dropbear_rsa_host_key file is the server's > _private_ key, used for all sessions (even password authed) > so that the client knows that it's talking to the same > server each time. This is independent of using public keys for > user auth. If you generate a key using dropbearkey and copy > the private key part to dropbear_rsa_host_key, it should > work fine. > > If you then want to use public key authentication, on the > client you have to generate a key, then paste the public > part into ~/.ssh/authorized_keys on the server. If you're > using dbclient then you'd generate it with dropbearkey and > specify it with "dbclient -i ~/.ssh/id_rsa.db", otherwise > you'd use the client-specific key generator - dbclient for > OpenSSH, PuTTYgen for putty, etc. > > Cheers, > Matt
