[Replies to both responders to date: 2 replies for the cost of a single
message. :-} dhw]
>Date: Sat, 12 May 2001 23:40:52 -0700
>From: Alfred Perlstein <[EMAIL PROTECTED]>
>> So basically, I'm confused. ssh appears to work ok for password
>> authentication, but not for public key authentication -- or at least, it
>> doesn't appear to be (completely?) compatible with ssh 2.3.0. Or maybe
>> I'm overlooking something...?
>Brian Feldman switched the default to ssh2, for some reason it doesn't
>back off and try version 1. you need to do this "ssh -1 <host>" which
>is damn irritating, but I don't know of any other option.
The "-1" flag does not appear to be valid for ssh 2.9; attempting its
use generates a usage message.
>Would it be possible to try version 1 before password?
I'll give that a try later today. (I'm building today's -STABLE at the
moment; I s'pose I could chroot to the -CURRENT root & try it out that
way, but trying to explain the situation if it doesn't work sounds even
messier than what I've done so far....)
>Date: Sun, 13 May 2001 09:44:41 +0200
>From: Szilveszter Adam <[EMAIL PROTECTED]>
>I am working on reproducing this, so I would like to ask for
>clarification... Unless I am mistaken, you have 3.2-RELEASE on the machine
>that you are connecting to with ssh2 port installed. Right?
In this particular case, yes. And I had installed the ssh-2.0.12 port
on it (soome time back). But I have observed similar behavior when the
ssh server is any of several different machines -- running FreeBSD
4.2-STABLE or (SPARC) Solaris 2.6 or 8, for example.
>And you are trying to use RSA Auth using ssh1 on purpose although both
>sides could use ssh2 in theory.
I'm trying to use public key authentication, vs. password authentication.
Whether it's "RSA" or "DSA" isn't something I care about (except to get
it working); mostly, I want the same functionality, and I'd prefer to at
least know what steps I need to take, so that if & when OpenSSH 2.9 is
MFCed, folks who are similarly-situated will be able to get a "heads up"
on changes they may need to make to preserve equivalent function.
>And you are seeing that -CURRENT's ssh does not fall back to RSA
>key auth when it cannot use DSA. But you have already used ssh2 to this
>host before. (Because it is contained in the known_hosts2 file).
>Maybe this confuses ssh.
Well, I've certainly used ssh 2.3.0 (under FreeBSD 4.3-STABLE, for
example) to get to it.
>In my setup, I have only one server that can do SSH2 (mine, the -CURRENT
>box) all others are unable, because they use either older versions of
>OpenSSH or the ssh1 from SSH Communications. But I have absolutely no
>problem in connecting between them with RSA keys... although I have just
>tried (almost) all combinations.:-) Even the -CURRENT server does well,
>although ssh2 is the first option tried in the server config because some
>windoze clients can do ssh2 already so why not use it? But admittedly I
>have not tried RSA auth between two ssh2 capable hosts... will need the
>help of a collegaue with it. (who will kindly reboot the machine on the
>other end into FreeBSD-STABLE:-) Note that I do not have a known_hosts2 or
>an authorized_keys2 file anywhere.
Hmmm.... I just checked: I don't (happen to) have the laptop set up so
that I can use public key authentication to use ssh to itself. (I
checked this under -STABLE; OpenSSH 2.3.0.) After I boot -CURRRENT, I
may play around with this a bit....
David H. Wolfskill [EMAIL PROTECTED]
As a computing professional, I believe it would be unethical for me to
advise, recommend, or support the use (save possibly for personal
amusement) of any product that is or depends on any Microsoft product.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message