Re: [gentoo-user] Ssh DSA/RSA log in

[Henrik Andersson]

Pupeno wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm trying to set up a passwordless log in, using ssh and dsa or rsa keys. For 
that, I first try to make it work for localhost. So, I do the following 
steps:

[EMAIL PROTECTED] sandra $ cd .ssh
Generate a dsa and rsa keys (just in case):
[EMAIL PROTECTED] .ssh $ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/sandra/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/sandra/.ssh/id_dsa.
Your public key has been saved in /home/sandra/.ssh/id_dsa.pub.
The key fingerprint is:
bd:7c:9d:d2:7a:c9:e5:df:13:15:69:32:94:e0:bd:29 [EMAIL PROTECTED]
[EMAIL PROTECTED] .ssh $ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/sandra/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/sandra/.ssh/id_rsa.
Your public key has been saved in /home/sandra/.ssh/id_rsa.pub.
The key fingerprint is:
e5:72:8b:4c:a2:fb:88:b1:a1:ee:e0:99:0f:9b:1b:27 [EMAIL PROTECTED]
[EMAIL PROTECTED] .ssh $ ls
id_dsa  id_dsa.pub  id_rsa  id_rsa.pub  known_hosts
Make them authorized keys:
[EMAIL PROTECTED] .ssh $ cat id_dsa.pub id_rsa.pub >> authorized_keys
Try to log in to [EMAIL PROTECTED] (liv is localhost):
$ ssh [EMAIL PROTECTED]
Password:
As you can see, it asks me for a password (instead of asking me for a 
passphrase for the key). It simple doesn't work.
This is done with an out of the box openssh configuration (from Gentoo, of 
course).

To gether more information I can run ssh -vv [EMAIL PROTECTED], getting the 
following:

[EMAIL PROTECTED] .ssh $ ssh -vv [EMAIL PROTECTED]
OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to liv [10.0.0.2] port 22.
debug1: Connection established.
debug1: identity file /home/sandra/.ssh/identity type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/sandra/.ssh/id_rsa type 1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/sandra/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: 
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: 
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: 
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: 
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: 
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: 
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 117/256
debug2: bits set: 487/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'liv' is known and matches the RSA host key.
debug1: Found key in /home/sandra/.ssh/known_hosts:1
debug2: bits set: 494/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/sandra/.ssh/identity ((nil))
debug2: key: /home/sandra/.ssh/id_rsa (0x808d5e8)
debug2: key: /home/sandra/.ssh/id_dsa (0x808d600)
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/sandra/.ssh/identity
debug1: Offering public key: /home/sandra/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering public key: /home/sandra/.ssh/id_dsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password: 

It seems it recognized the keys, but I don't understand how they get droped in 
favor of keyboard-interactive.

I've increased the debug level, I think this is the relevant part:
debug1: Found key in /home/sandra/.ssh/known_hosts:1
debug2: bits set: 471/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/sandra/.ssh/identity ((nil))
debug2: key: /home/sandra/.ssh/id_rsa (0x808d5e8)
debug2: key: /home/sandra/.ssh/id_dsa (0x808d600)
debug1: Authentications that can continue: publickey,keyboard-interactive
debug3: start over, passed a different list publickey,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/sandra/.ssh/identity
debug3: no such identity: /home/sandra/.ssh/identity
debug1: Offering public key: /home/sandra/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering public key: /home/sandra/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password: 

Any help will be very appretiated.
Thank you.
- -- 
Pupeno: [EMAIL PROTECTED] - http://pupeno.com
Reading Science Fiction ? http://sfreaders.com.ar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCR6IWfW48a9PWGkURAslyAJ446+y1IyAWkIVm6+HcokWrcmAG1ACfQOTV
UOqVZ5bGrUQHq6fr6TgawBU=
=Fz6U
-----END PGP SIGNATURE-----
--
gentoo-user@gentoo.org mailing list
you may have to check file permisson of authorized_keys
i have:
-rw-------  1 root root  602 Mar 25 18:49 authorized_keys
in root's .ssh/
the file must only be readable by the user
--
gentoo-user@gentoo.org mailing list