I believe that you have two different SSH software. On the Client side you have OpenSSH (www.openssh.org).
On the Server side you have SSH (www.ssh.com). There are versions of SSH that are completely compatible with OpenSSH but others are not. These are the reasons why the two softwares are not completely compatible. Suggestion: Remove SSH2 from the server and install OpenSSH on it. > On Sun, 2004-05-02 at 17:12, Ken Foskey wrote: > > On Sun, 2004-05-02 at 17:07, Howard Lowndes wrote: > > > > > Mmmm. SSH2 on Deb doesn't mention the authorized_keys file in the man > > > pages, just the authorization file and the key files that are listed > > > therein. I already had done the above anyway as it is the way things > > > work on RedHat, but to no avail on Deb. > > > > Ping. Lightbulb. > > > > It is disabled by default on Debian because of the security concerns. > > > > Guessing but look for something like this in your /etc/ssh/sshd_config > > file. > > > > RSAAuthentication yes > > PubkeyAuthentication yes > > #AuthorizedKeysFile %h/.ssh/authorized_keys > > This is getting weirder. > > I put these lines into /etc/ssh2/sshd2_config and it objected to the > PubkeyAuthentication parameter, not once but twice. The parameter was > in there already but was commented out. When I remove _all_ reference > to PubkeyAuthentication it still complains about it, but this time only > once. > > Here is my current /etc/ssh2/sshd2_config: > > # sshd2_config > # SSH 2.0 Server Configuration File > > *: > Port 22 > ListenAddress 0.0.0.0 > Ciphers AnyStd > # Ciphers AnyCipher > # Ciphers AnyStdCipher > # Ciphers 3des > IdentityFile identification > AuthorizationFile authorization > HostKeyFile hostkey > PublicHostKeyFile hostkey.pub > RandomSeedFile random_seed > ForwardAgent yes > ForwardX11 yes > # DEPRECATED PasswordAuthentication yes > PasswordGuesses 3 > # MaxConnections 50 > # 0 == number of connections not limited > MaxConnections 0 > # PermitRootLogin nopwd > PermitRootLogin yes > # DEPRECATED > RSAAuthentication yes > # AuthorizedKeysFile %h/.ssh/authorized_keys > > # AllowedAuthentications publickey,password,hostbased > AllowedAuthentications publickey,password > # RequiredAuthentications publickey,password > ForcePTTYAllocation no > VerboseMode no > PrintMotd yes > CheckMail yes > UserConfigDirectory "%D/.ssh2" > # UserConfigDirectory "/etc/ssh2/auth/%U" > SyslogFacility AUTH > # SyslogFacility LOCAL7 > Ssh1Compatibility yes > Sshd1Path /usr/sbin/sshd1 > # AllowHosts localhost, foobar.com, friendly.org > # DenyHosts evil.org, aol.com > # AllowSHosts trusted.host.org > # DenySHosts not.quite.trusted.org > # NoDelay yes > > # KeepAlive yes > RequireReverseMapping yes > UserKnownHosts yes > > # subsystem definitions > > subsystem-sftp sftp-server > > > ...and this is the dialogue that I get when I start sshd2 in debug mode: > > # sshd2 -v > WARNING: Development-time debugging not compiled in. > WARNING: To enable, configure with --enable-debug and recompile. > WARNING: PubkeyAuthentication configuration keyword is deprecated. Use > AllowedAuthentications. > WARNING: Defining AllowedAuthentications. Parameter PubkeyAuthentication > (already defined) will be ignored. > WARNING: Development-time debugging not compiled in. > WARNING: To enable, configure with --enable-debug and recompile. > debug: Reading private host key from /etc/ssh2/hostkey > debug: Key comment: 1024-bit dsa, [EMAIL PROTECTED], Sun Apr 04 2004 13:33:50 > +1000 > debug: SshUnixConfig/sshunixconfig.c:270/ssh_server_load_host_key: > Reading public host key from: /etc/ssh2/hostkey.pub > debug: Becoming server. > debug: Creating listener > debug: Listener created > sshd2[1281]: Listener created on port 22. > sshd2[1281]: Daemon is running. > debug: Running event loop > > > ...at this point I now try to log in and on the client I get: > > # ssh -v bu > OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Rhosts Authentication disabled, originating port will not be > trusted. > debug1: ssh_connect: needpriv 0 > debug1: Connecting to bu [192.168.255.19] port 22. > debug1: Connection established. > debug1: identity file /root/.ssh/identity type 0 > debug1: identity file /root/.ssh/id_rsa type 1 > debug1: identity file /root/.ssh/id_dsa type 2 > debug1: Remote protocol version 1.99, remote software version 2.0.13 > (non-commercial) > debug1: match: 2.0.13 (non-commercial) pat > 2.0.13*,2.0.14*,2.0.15*,2.0.16*,2.0.17*,2.0.18*,2.0.19* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_3.5p1 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client 3des-cbc hmac-md5 none > debug1: kex: client->server 3des-cbc hmac-md5 none > debug1: dh_gen_key: priv key bits set: 193/384 > debug1: bits set: 517/1024 > debug1: sending SSH2_MSG_KEXDH_INIT > debug1: expecting SSH2_MSG_KEXDH_REPLY > debug1: Host 'bu' is known and matches the DSA host key. > debug1: Found key in /root/.ssh/known_hosts:224 > debug1: bits set: 497/1024 > debug1: ssh_dss_verify: signature correct > debug1: kex_derive_keys > debug1: newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: waiting for SSH2_MSG_NEWKEYS > debug1: newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: done: ssh_kex2. > debug1: send SSH2_MSG_SERVICE_REQUEST > debug1: buggy server: service_accept w/o service > debug1: got SSH2_MSG_SERVICE_ACCEPT > debug1: authentications that can continue: publickey,password > debug1: next auth method to try is publickey > debug1: try pubkey: /root/.ssh/id_rsa > debug1: authentications that can continue: publickey,password > debug1: try pubkey: /root/.ssh/id_dsa > debug1: authentications that can continue: publickey,password > debug1: next auth method to try is password > [EMAIL PROTECTED]'s password: > > > ...and on the server I get this continuation: > > sshd2[1281]: connection from "192.168.255.17" > debug: Sshd2/sshd2.c:653/new_connection_callback: Wrapping stream with > ssh_server_wrap... > debug: ssh_server_wrap: creating transport protocol > debug: ssh_server_wrap: creating userauth protocol > debug: Sshd2/sshd2.c:663/new_connection_callback: done. > debug: new_connection_callback returning > debug: Remote version: SSH-2.0-OpenSSH_3.5p1 > > debug: ssh_sigchld_real_callback > debug: ssh_sigchld_real_callback > > > > All of the perms look OK. At the client end: > > # ll .ssh/ > total 216 > -rw-r--r-- 1 root root 1119 May 1 12:21 authorized_keys > -rw------- 1 root root 668 Mar 25 2001 id_dsa > -rw-r--r-- 1 root root 590 Mar 25 2001 id_dsa.pub > -rw------- 1 root root 515 Mar 29 2001 identity > -rw-r--r-- 1 root root 319 Mar 25 2001 identity.pub > -rw------- 1 root root 883 May 1 12:18 id_rsa > -rw-r--r-- 1 root root 210 May 1 12:18 id_rsa.pub > -rw-r--r-- 1 root root 69970 May 1 12:33 known_hosts > -rw-r--r-- 1 root root 108448 Dec 12 10:19 known_hosts2 > > > > > > > ...and at the server end: > > # ll .ssh2/ > total 24 > -rw------- 1 root root 47 May 2 11:51 authorization > drwx------ 2 root root 4096 Apr 22 14:46 hostkeys > -rw------- 1 root root 590 May 2 11:36 id_dsa.pub > -rw------- 1 root root 319 May 2 11:37 id_rsa1.pub > -rw------- 1 root root 210 May 2 11:37 id_rsa2.pub > -rw------- 1 root root 512 May 3 12:33 random_seed > > > -- > > Thanks > > KenF > > OpenOffice.org developer > -- > Howard. > LANNet Computing Associates - Your Linux people <http://www.lannetlinux.com> > ------------------------------------------ > Flatter government, not fatter government - Get rid of the Australian states. > ------------------------------------------ > To mess up a Linux box, you need to work at it; > to mess up your Windows box, you just need to work on it. > - Scott Granneman, SecurityFocus > > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
