It doesn't seem to be very well documented, but $HOME/authorized_keys
is for protocol 1 RSA (identity.pub) only.
For protocol 2 DSA, and protocol 2 RSA (id_dsa.pub id_rsa.pub)
you need to create a $HOME/authorized_keys2, ie
$ cat id_dsa.pub id_rsa.pub >> authorized_keys2
It had me digging through the source the first time I tried to
install passwordless ssh....
Regards,
DigbyT
On Mon, Mar 28, 2005 at 03:20:03AM -0300, Pupeno wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I'm trying to set up a passwordless log in, using ssh and dsa or rsa keys.
> For
> that, I first try to make it work for localhost. So, I do the following
> steps:
>
> [EMAIL PROTECTED] sandra $ cd .ssh
>
> Generate a dsa and rsa keys (just in case):
>
> [EMAIL PROTECTED] .ssh $ ssh-keygen -t dsa
> Generating public/private dsa key pair.
> Enter file in which to save the key (/home/sandra/.ssh/id_dsa):
> Enter passphrase (empty for no passphrase):
> Enter same passphrase again:
> Your identification has been saved in /home/sandra/.ssh/id_dsa.
> Your public key has been saved in /home/sandra/.ssh/id_dsa.pub.
> The key fingerprint is:
> bd:7c:9d:d2:7a:c9:e5:df:13:15:69:32:94:e0:bd:29 [EMAIL PROTECTED]
> [EMAIL PROTECTED] .ssh $ ssh-keygen -t rsa
> Generating public/private rsa key pair.
> Enter file in which to save the key (/home/sandra/.ssh/id_rsa):
> Enter passphrase (empty for no passphrase):
> Enter same passphrase again:
> Your identification has been saved in /home/sandra/.ssh/id_rsa.
> Your public key has been saved in /home/sandra/.ssh/id_rsa.pub.
> The key fingerprint is:
> e5:72:8b:4c:a2:fb:88:b1:a1:ee:e0:99:0f:9b:1b:27 [EMAIL PROTECTED]
> [EMAIL PROTECTED] .ssh $ ls
> id_dsa id_dsa.pub id_rsa id_rsa.pub known_hosts
>
> Make them authorized keys:
>
> [EMAIL PROTECTED] .ssh $ cat id_dsa.pub id_rsa.pub >> authorized_keys
>
> Try to log in to [EMAIL PROTECTED] (liv is localhost):
>
> $ ssh [EMAIL PROTECTED]
> Password:
>
> As you can see, it asks me for a password (instead of asking me for a
> passphrase for the key). It simple doesn't work.
> This is done with an out of the box openssh configuration (from Gentoo, of
> course).
>
> To gether more information I can run ssh -vv [EMAIL PROTECTED], getting the
> following:
>
> [EMAIL PROTECTED] .ssh $ ssh -vv [EMAIL PROTECTED]
> OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to liv [10.0.0.2] port 22.
> debug1: Connection established.
> debug1: identity file /home/sandra/.ssh/identity type -1
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug2: key_type_from_name: unknown key type 'Proc-Type:'
> debug2: key_type_from_name: unknown key type 'DEK-Info:'
> debug2: key_type_from_name: unknown key type '-----END'
> debug1: identity file /home/sandra/.ssh/id_rsa type 1
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug2: key_type_from_name: unknown key type 'Proc-Type:'
> debug2: key_type_from_name: unknown key type 'DEK-Info:'
> debug2: key_type_from_name: unknown key type '-----END'
> debug1: identity file /home/sandra/.ssh/id_dsa type 2
> debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9p1
> debug1: match: OpenSSH_3.9p1 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.9p1
> debug2: fd 3 setting O_NONBLOCK
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL
> PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL
> PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL
> PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL
> PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug2: dh_gen_key: priv key bits set: 117/256
> debug2: bits set: 487/1024
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'liv' is known and matches the RSA host key.
> debug1: Found key in /home/sandra/.ssh/known_hosts:1
> debug2: bits set: 494/1024
> debug1: ssh_rsa_verify: signature correct
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug2: key: /home/sandra/.ssh/identity ((nil))
> debug2: key: /home/sandra/.ssh/id_rsa (0x808d5e8)
> debug2: key: /home/sandra/.ssh/id_dsa (0x808d600)
> debug1: Authentications that can continue: publickey,keyboard-interactive
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/sandra/.ssh/identity
> debug1: Offering public key: /home/sandra/.ssh/id_rsa
> debug2: we sent a publickey packet, wait for reply
> debug1: Authentications that can continue: publickey,keyboard-interactive
> debug1: Offering public key: /home/sandra/.ssh/id_dsa
> debug2: we sent a publickey packet, wait for reply
> debug1: Authentications that can continue: publickey,keyboard-interactive
> debug2: we did not send a packet, disable method
> debug1: Next authentication method: keyboard-interactive
> debug2: userauth_kbdint
> debug2: we sent a keyboard-interactive packet, wait for reply
> debug2: input_userauth_info_req
> debug2: input_userauth_info_req: num_prompts 1
> Password:
>
> It seems it recognized the keys, but I don't understand how they get droped
> in
> favor of keyboard-interactive.
>
> I've increased the debug level, I think this is the relevant part:
>
> debug1: Found key in /home/sandra/.ssh/known_hosts:1
> debug2: bits set: 471/1024
> debug1: ssh_rsa_verify: signature correct
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug2: key: /home/sandra/.ssh/identity ((nil))
> debug2: key: /home/sandra/.ssh/id_rsa (0x808d5e8)
> debug2: key: /home/sandra/.ssh/id_dsa (0x808d600)
> debug1: Authentications that can continue: publickey,keyboard-interactive
> debug3: start over, passed a different list publickey,keyboard-interactive
> debug3: preferred publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/sandra/.ssh/identity
> debug3: no such identity: /home/sandra/.ssh/identity
> debug1: Offering public key: /home/sandra/.ssh/id_rsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug1: Authentications that can continue: publickey,keyboard-interactive
> debug1: Offering public key: /home/sandra/.ssh/id_dsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug1: Authentications that can continue: publickey,keyboard-interactive
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup keyboard-interactive
> debug3: remaining preferred: password
> debug3: authmethod_is_enabled keyboard-interactive
> debug1: Next authentication method: keyboard-interactive
> debug2: userauth_kbdint
> debug2: we sent a keyboard-interactive packet, wait for reply
> debug2: input_userauth_info_req
> debug2: input_userauth_info_req: num_prompts 1
> Password:
>
> Any help will be very appretiated.
> Thank you.
> - --
> Pupeno: [EMAIL PROTECTED] - http://pupeno.com
> Reading Science Fiction ? http://sfreaders.com.ar
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
>
> iD8DBQFCR6IWfW48a9PWGkURAslyAJ446+y1IyAWkIVm6+HcokWrcmAG1ACfQOTV
> UOqVZ5bGrUQHq6fr6TgawBU=
> =Fz6U
> -----END PGP SIGNATURE-----
> --
> [email protected] mailing list
--
Digby R. S. Tarvin [EMAIL PROTECTED]
http://www.digbyt.com
--
[email protected] mailing list
