On 13 Aug, John Clarke wrote:
> User keys should be in ~/.ssh. This directory must be owned by the
> user and be mode 700. Private key files and the authorised keys file
> must be mode 600.
>
> The authorised keys file contains the public keys (one per line) that
> this user is allowed to login with, along with any restrictions on the
> use of that key (e.g. from, command, port forwarding). To allow the
> user to login with their normal shell, just append the user's pubic key
> to the file. This only applies to rsa/dsa authentication, so if you
> want to enforce restrictions, disable password authentication. See the
> sshd man page for more info.
Executive summary: all packages freshly installed, old data files and
executables removed; no improvement at all.
posh: slogin coo logs in to posh
posh: slogin posh logs in to coo
coo : slogin coo logs in to posh
coo : slogin posh logs in to coo
Other problems I've had so far:
Couldn't find any info on setting up ssh_known_hosts.
Created rsa and dsa keys for each machine like so:
# ssh-keygen -t rsa -f /etc/ssh/ssh_host_key
# ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
And modified sshd_config like so:
# HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
But restarting sshd on the 7.2 RH system gives this error:
# /etc/rc.d/init.d/sshd start
Generating SSH2 RSA host key: [ OK ]
Starting sshd:Disabling protocol version 1. Could not load host key
[ OK ]
(This error only occurs on posh, my RH 7.2 system - it works correctly
on the older RH 6.2 system, which has just had openssh 3.4 installed.
The latest I can find via apt-get for 7.2 though is v 3.1. I'm using
http://ayo.freshrpms.net/redhat/7.2/i386/updates)
I just now also uncommented a bit more, to give:
# HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
and then ran:
# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
Generating public/private rsa key pair.
/etc/ssh/ssh_host_rsa_key already exists.
Overwrite (y/n)? y
....
]# /etc/rc.d/init.d/sshd restart
Stopping sshd: [ OK ]
Starting sshd:Disabling protocol version 1. Could not load host key
[ OK ]
I also tried commenting out the version 1 rsa key, and restarting sshd,
but got the same error.
And worse still, after doing similar operations on the old RH 6.2
system, coo, I still get the bizarre behaviour that on posh, slogin to
coo, actually logs me into posh. I have to slogin to posh on posh to
actually login to coo!
Nor would ssh ask me for any pass phrases; but since I haven't
transferred any user public keys yet, I guess that's fair enough that it
asked me for a password instead.
OTOH, since you're supposed to transfer them by doing (in my case):
$ ssh-keygen -t rsa # PubkeyAuthentication: RSA key for SSH2
$ cat .ssh/id_rsa.pub | ssh [EMAIL PROTECTED] \
"cat - >>.ssh/authorized_keys"
and slogin coo actually puts me on posh, I'd have to manually (floppy)
transfer the key.
I've attached relevant output below.
luke
: /home/luke; ping coo
PING coo.localdomain (192.168.1.101) from 192.168.1.101 : 56(84) bytes of data.
64 bytes from coo.localdomain (192.168.1.101): icmp_seq=0 ttl=64 time=80 usec
64 bytes from coo.localdomain (192.168.1.101): icmp_seq=1 ttl=64 time=42 usec
--- coo.localdomain ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.042/0.061/0.080/0.019 ms
: /home/luke; host coo
Host coo not found: 3(NXDOMAIN)
: /home/luke; host coo.localdomain
Host coo.localdomain not found: 3(NXDOMAIN)
: /home/luke; ping coo
PING coo.localdomain (192.168.1.101) from 192.168.1.101 : 56(84) bytes of data.
64 bytes from coo.localdomain (192.168.1.101): icmp_seq=0 ttl=64 time=53 usec
64 bytes from coo.localdomain (192.168.1.101): icmp_seq=1 ttl=64 time=45 usec
--- coo.localdomain ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.045/0.049/0.053/0.004 ms
: /home/luke; slogin -v coo
OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 501 geteuid 0 anon 1
debug1: Connecting to coo [192.168.1.101] port 22.
debug1: temporarily_use_uid: 501/500 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 501/500 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/luke/.ssh/identity type -1
debug1: identity file /home/luke/.ssh/id_rsa type 1
debug1: identity file /home/luke/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 138/256
debug1: bits set: 1591/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'coo' is known and matches the RSA host key.
debug1: Found key in /home/luke/.ssh/known_hosts:1
debug1: bits set: 1588/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /home/luke/.ssh/identity
debug1: try pubkey: /home/luke/.ssh/id_rsa
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: try privkey: /home/luke/.ssh/id_dsa
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is password
[EMAIL PROTECTED]'s password:
debug1: packet_send2: adding 64 (len 59 padlen 5 extra_pad 64)
debug1: ssh-userauth2 successful: method password
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 0
debug1: channel request 0: pty-req
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: channel request 0: x11-req
debug1: channel request 0: shell
debug1: fd 3 setting TCP_NODELAY
debug1: channel 0: open confirm rwindow 0 rmax 32768
Last login: Wed Aug 13 17:51:44 2003 from coo.localdomain
Trying to source .env
LD_LIBRARY_PATH is /usr/lib:/lib:/usr/X11/lib:/usr/local/lib
bash-2.05$ uname -a
Linux posh 2.4.20-pre10-ac1 #2 Mon Nov 11 01:30:46 EST 2002 i686 unknown
bash-2.05$ ping coo
PING coo.localdomain (192.168.1.101) from 192.168.1.101 : 56(84) bytes of data.
64 bytes from coo.localdomain (192.168.1.101): icmp_seq=0 ttl=64 time=53 usec
64 bytes from coo.localdomain (192.168.1.101): icmp_seq=1 ttl=64 time=44 usec
--- coo.localdomain ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.044/0.048/0.053/0.008 ms
bash-2.05$ ping posh
PING posh.localdomain (192.168.1.100) from 192.168.1.101 : 56(84) bytes of data.
64 bytes from posh.localdomain (192.168.1.100): icmp_seq=0 ttl=255 time=718 usec
64 bytes from posh.localdomain (192.168.1.100): icmp_seq=1 ttl=255 time=397 usec
--- posh.localdomain ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.397/0.557/0.718/0.162 ms
luke
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
