On Mon, Feb 11, 2002 at 09:59:01PM -0800, Horst wrote: > My box: Mkd 8.1 ; sshd version OpenSSH_2.9p2: > > I can NOT ssh from efn to my box. > I can ssh from my box to efn. > I can ssh to another box RH_6.1 (800 mi away) > I can ssh from that RH_6.1 box to my box
Just curious, which version of ssh do the RH 6.1 boxen run? Are these boxen set up for ssh v2? OpenSSH 3.0.2 is the latest stable release. http://www.kb.cert.org/vuls/id/655259 http://www.openbsd.org/advisories/ssh_option.txt http://www.kb.cert.org/vuls/id/157447 http://www.monkey.org/~provos/scanssh/ > Any hint to what prevents me from ssh'ing directly > from efn to my box? I started reading the man pages and > did ssh-keygen, since I saw the hint to the identity file, > but that didn't show an effect. > garcia$ ssh [EMAIL PROTECTED] -v -v ... looks good ... > debug1: unknown identity file /home/members/hpl/.ssh/identity > debug1: identity file /home/members/hpl/.ssh/identity type -1 > debug1: unknown identity file /home/members/hpl/.ssh/id_rsa > debug1: identity file /home/members/hpl/.ssh/id_rsa type -1 > debug1: unknown identity file /home/members/hpl/.ssh/id_dsa > debug1: identity file /home/members/hpl/.ssh/id_dsa type -1 ... not good ... shouldn't get negative types I remember some mention of compatability problems with OpenSSH 2.5.x and OpenSSH 2.9.x. Aparently, the only solution is to upgrade to not use 2.9.x. I'm not sure this is what's causing you grief tho ... > AFTER ssh-keygen: > ================= > garcia$ ls -la -tr .ssh > total 9 > -rw-r--r-- 1 hpl 361 Oct 6 16:37 known_hosts > -rw-r--r-- 1 hpl 1210 Jan 22 12:19 known_hosts2 > drwx--x--x 11 hpl 1536 Feb 11 21:12 .. > drwx------ 2 hpl 512 Feb 11 21:13 . > -rw------- 1 hpl 525 Feb 11 21:13 identity > -rw-r--r-- 1 hpl 329 Feb 11 21:13 identity.pub > -rw------- 1 hpl 1024 Feb 11 21:15 prng_seed > garcia$ What options did you use with ssh-keygen? OpenSSH 2.9 uses ssh v2 by default. To make a ssh v2 key, use 'ssh-keygen -t dsa ...', or 'ssh-keygen -t rsa ...'. OpenSSH 2.5.x uses ssh v1 by default; you have created an ssh v1 key. You can force v1 with 'ssh -1 ...', or ssh v2 with 'ssh -2 ...'. Also note that if you were only allowing login over ssh with keys ("A Good Thing", BTW), then creating new keys will make it prety hard to login, but you prolly knew that. Hope this helps some. -- <[EMAIL PROTECTED]>
