On 7 Jan 2000, Niels M�ller wrote:
> I just made a lsh-0.2.1 release, with tonight's bugfixes.
Excellent, with that version, all I have to do is patch configure to get
around the bug in earlier versions of /bin/sh, and it seems to work, and
since FreeBSD seems to be the only OS that that bug bites on, that seems
perfectly fair.
Now for the hard part: educating myself enough to write up a quick
howto-type document. I promise I will write up everything I learn and
allow it to be disseminated far and wide. I do html, but not man or info
(yet).
Two points, both almost certainly educational:
How does one set up ~/.lsh/known_hosts? I generated NEW_KEY, NEW_KEY.pub,
~/.lsh/identity and ~/.lsh/identity.pub.
As root, I'm running
./lshd -p 4711 -h NEW_KEY --debug --trace -v
As expected, I received
Received unauthenticated key for host localhost
when I tried to connect. Simple enough question, I assume that
~/.lsh/known_hosts has something to do with this. What do I put there?
All I do know is that copying the data from captured_keys to known_hosts
doesn't cut it. And is there a global place to place trusted host keys?
It looks like copying NEW_KEY to /etc/lsh_host_key should make it so
that I don't have to have -h NEW_KEY on the command line every time,
correct?
Second, when I added --sloppy-host-authentication to the lsh command line,
I got (from lshd, lsh just said "Unhandled exception of type 0x4001:
Public key userauth failed.")
DEBUG: received SSH_MSG_USERAUTH_REQUEST *****
handle_connection: Received packet of type 50
(SSH_MSG_USERAUTH_REQUEST) Unknown publickey algorithm
server_publickey.c:100: do_authenticate: Raising exception Unsupported
public key algorithm. (type 16385), using handler installed by
server_userauth.c:453: do_userauth
When generating the identity files, I just used
./lsh_keygen -l 8 | ./lsh_writekey
and it created ~/.lsh for me. I then did
cat ~/.lsh/identity.pub | ./sexp_conv -i transport -o canonical | md5
touch ~/.lsh/authorized_keys_md5/26440d245a2d73a6f48916f0d39baafa
What did I miss? I'm assuming that this is something I did
wrong, since Balazs had it working (which is where I found the
two lines above).
And how would one go about having multiple incoming identities? Say if I
generate a key for each workstation I'd be logging in from?
