I'm trying to do a similar thing using OpenSSH (ssh2) between two OpenBSD
systems. The way I want to do it is using DSA public keys. We'll call these
two machines analyzer and sensor, and i'm trying to connect from a standard
user account (bhenry1) on the analyzer to root on the sensor.
On the analyzer as bhenry1, I ran ssh-keygen -d to generate an ssh2 DSA key,
leaving the passphrase blank. This created two files,
/home/bhenry1/.ssh/id_dsa.pub (public key) and /home/bhenry1/.ssh/id_dsa
(private key). I then copied the id_dsa.pub file contents to
/root/.ssh/authorized_keys2 on the sensor and tried to connect from bhenry1
on the analyzer to root on the sensor via ssh -2 -v [EMAIL PROTECTED]
This is the output I get on the analyzer :
$ whoami
bhenry1
$ ssh -2 -v [EMAIL PROTECTED]
SSH Version OpenSSH-2.1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
debug: Reading configuration data /etc/ssh_config
debug: ssh_connect: getuid 1001 geteuid 0 anon 0
debug: Connecting to 204.83.59.189 [204.83.59.189] port 22.
debug: Allocated local port 974.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH-2.1
Enabling compatibility mode for protocol 2.0
debug: Local version string SSH-2.0-OpenSSH-2.1
debug: Sending KEX init.
debug: done
debug: got kexinit string: diffie-hellman-group1-sha1
debug: got kexinit string: ssh-dss
debug: got kexinit string: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc
debug: got kexinit string: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc
debug: got kexinit string: hmac-sha1,hmac-md5,[EMAIL PROTECTED]
debug: got kexinit string: hmac-sha1,hmac-md5,[EMAIL PROTECTED]
debug: got kexinit string: zlib,none
debug: got kexinit string: zlib,none
debug: got kexinit string:
debug: got kexinit string:
debug: first kex follow == 0
debug: reserved == 0
debug: done read kexinit
debug: kex: server->client 3des-cbc hmac-sha1 none
debug: kex: client->server 3des-cbc hmac-sha1 none
debug: Sending SSH2_MSG_KEXDH_INIT.
debug: bits set: 547/1024
debug: Wait SSH2_MSG_KEXDH_REPLY.
debug: Got SSH2_MSG_KEXDH_REPLY.
debug: keytype ssh-dss
debug: keytype ssh-dss
debug: Host '204.83.59.189' is known and matches the DSA host key.
debug: bits set: 515/1024
debug: len 55 datafellows 0
debug: dsa_verify: signature correct
debug: Wait SSH2_MSG_NEWKEYS.
debug: GOT SSH2_MSG_NEWKEYS.
debug: send SSH2_MSG_NEWKEYS.
debug: done: send SSH2_MSG_NEWKEYS.
debug: done: KEX2.
debug: send SSH2_MSG_SERVICE_REQUEST
debug: service_accept: ssh-userauth
debug: got SSH2_MSG_SERVICE_ACCEPT
debug: authentications that can continue: publickey,password
debug: try pubkey: /home/bhenry1/.ssh/id_dsa
debug: read DSA private key done
debug: sig size 20 20
Connection closed by 204.83.59.189
debug: Calling cleanup 0x144d0(0x0)
The sensor tells me
Aug 23 09:29:33 bsdtest sshd[14118]: fatal: buffer_get: trying to get more
bytes than in buffer
Aug 23 09:29:33 bsdtest sshd[14118]: fatal: buffer_get: trying to get more
bytes than in buffer
any ideas?
Thanks,
Brad
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
Of Traveler Hauptman
Sent: Wednesday, August 23, 2000 8:55 AM
To: [EMAIL PROTECTED]
Subject: OpenSSH problems
I am having trouble setting up OpenSSH to replace rsh. I would like
eliminate the use of passwords for users going between machines on a guarded
beowulf. What I *think* I want is to use RSA + Rhosts authentication. The
docs say that all I need is a /etc/hosts.equiv and /etc/ssh_known_hosts.
However, this doesn't seem to work. Is there anyone who could give me some
pointers or better yet forward a copy of the config files and whatever other
files I need? (feel free to munge the keys... :)
Thanks,
Traveler Hauptman
Theoretical & Applied Mechanics Lab
Northwestern University
