Hi [EMAIL PROTECTED], Why do you create both RSA and DSA keys?
I would suggest trying the same steps with _only_ one type, say "ssh-keygen -t dsa" on both servers, and cat over into authorized_keys. Basically, my understanding of your log is: 1. Client is trying to authenticate with rsa key, but somehow it's not there (on local box). 2. Client send dsa key, but remote box cannot recognize/ understand (it expects rsa according to entry in it's authorized_keys) so the last option is used as to prompt for a password. I might be wrong, please correct me. On Mon, 09 Oct 2006 23:35:55 -0300 / [EMAIL PROTECTED] wrote: With a subject: connection with RSA and DSA > hello Admins: > > I am having an issue connecting to a remote PC in the same lan usign > ssh with RSA or DSA. > the connection I am trying to establish is between two servers: ploto > and neptune. > ploto is running Fedora 4 and neptune is Fedora 3. I generated the > RSA and the DSA keys on both of them, > and copied the key the correct way. ( keys generated on ploto are > cat id_dsa.pub >> ./ssh/authorized_keys on neptune). > The same way done on neptune and copied to ploto. Now theoretically > both systems are opened for each others. > That's not the case with me, I can connect from "ploto to ploto" with > no any problems. and I can connect "from neptune to ploto". > However I can not connect to neptune at all. I copied the > configuration files from ploto to neptune, and stil the same thing. I > am always prometed with the password. Any Help will be highly > appreciated. Here is the out put I have: > > OpenSSH_4.2p1, OpenSSL 0.9.7f 22 Mar 2005 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug2: ssh_connect: needpriv 0 > debug1: Connecting to neptune [192.168.1.101] port 22. > debug1: Connection established. > debug1: identity file /home/mansour/.ssh/identity type -1 > debug1: identity file /home/mansour/.ssh/id_rsa type -1 > debug3: Not a RSA1 key file /home/mansour/.ssh/id_dsa. > debug2: key_type_from_name: unknown key type '-----BEGIN' > debug3: key_read: missing keytype > debug2: key_type_from_name: unknown key type 'Proc-Type:' > debug3: key_read: missing keytype > debug2: key_type_from_name: unknown key type 'DEK-Info:' > debug3: key_read: missing keytype > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug2: key_type_from_name: unknown key type '-----END' > debug3: key_read: missing keytype > debug1: identity file /home/mansour/.ssh/id_dsa type 2 > debug1: Remote protocol version 2.0, remote software version > OpenSSH_3.9p1 debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_4.2 > debug2: fd 3 setting O_NONBLOCK > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL > PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL > PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib > debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL > PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL > PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_init: found hmac-md5 > debug1: kex: server->client aes128-cbc hmac-md5 none > debug2: mac_init: found hmac-md5 > debug1: kex: client->server aes128-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug2: dh_gen_key: priv key bits set: 125/256 > debug2: bits set: 486/1024 > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug3: check_host_in_hostfile: > filename /home/mansour/.ssh/known_hosts debug3: > check_host_in_hostfile: match line 1 debug3: check_host_in_hostfile: > filename /home/mansour/.ssh/known_hosts debug3: > check_host_in_hostfile: match line 1 debug1: Host 'neptune' is known > and matches the RSA host key. debug1: Found key > in /home/mansour/.ssh/known_hosts:1 debug2: bits set: 494/1024 > debug1: ssh_rsa_verify: signature correct > debug2: kex_derive_keys > debug2: set_newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug2: set_newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug2: key: /home/mansour/.ssh/identity ((nil)) > debug2: key: /home/mansour/.ssh/id_rsa ((nil)) > debug2: key: /home/mansour/.ssh/id_dsa (0x5555556b0780) > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password > debug3: start over, passed a different list > publickey,gssapi-with-mic,password > debug3: preferred > gssapi-with-mic,publickey,keyboard-interactive,password debug3: > authmethod_lookup gssapi-with-mic debug3: remaining preferred: > publickey,keyboard-interactive,password debug3: authmethod_is_enabled > gssapi-with-mic debug1: Next authentication method: gssapi-with-mic > debug2: we sent a gssapi-with-mic packet, wait for reply > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password > debug2: we sent a gssapi-with-mic packet, wait for reply > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password > debug2: we did not send a packet, disable method > debug3: authmethod_lookup publickey > debug3: remaining preferred: keyboard-interactive,password > debug3: authmethod_is_enabled publickey > debug1: Next authentication method: publickey > debug1: Trying private key: /home/mansour/.ssh/identity > debug3: no such identity: /home/mansour/.ssh/identity > debug1: Trying private key: /home/mansour/.ssh/id_rsa > debug3: no such identity: /home/mansour/.ssh/id_rsa > debug1: Offering public key: /home/mansour/.ssh/id_dsa > debug3: send_pubkey_test > debug2: we sent a publickey packet, wait for reply > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password > debug2: we did not send a packet, disable method > debug3: authmethod_lookup password > debug3: remaining preferred: ,password > debug3: authmethod_is_enabled password > debug1: Next authentication method: password > [EMAIL PROTECTED]'s password: > > > > > -- Rgds, Kamchybek Jusupov Attitude is no substitude for competence... GPG Key: C565 2827 0858 ECFE 74D7 A556 7B09 59DA B6C8 FF8C
