Hi all,
I installed OpenSSH2.3.0p1. I want to do ssh-connections without
any passwords for both protocol versions 1 and 2.
I generate keys with
ssh-keygen and
ssh-keygen -d and copied the resulting files identity and id_dsa
to authorized_key resp. authorized_key2.
For protocol version 1 all works fine, for protocol version 2 I the
publickey method failed. The debug messages don't give me any hint.
The private key ~/.ssh/id_dsa seems to be read, there is only one
little message:
we did not send a packet, disable method
(the publickey one)
Has anyone on the list this configuration running and could help
me?
Best regards and many thanks in advance!
Ulrike
=======================================================================
Here is my sshd_config, ssh_config and the relevant debug messages
from sshd -d -d -d and ssh -v -v -v <hostname>:
(Here I configured fallback to password authentication).
sshd_config
===========
Port 22
Protocol 2,1
ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /opt/openssh/etc/ssh_host_key
HostKey /opt/openssh/etc/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes
# Logging
SyslogFacility AUTH
LogLevel DEBUG
RhostsAuthentication no
RhostsRSAAuthentication yes
RSAAuthentication yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
# Uncomment to disable s/key passwords
#SkeyAuthentication no
#KbdInteractiveAuthentication yes
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
CheckMail no
#UseLogin no
ssh_config
==========
Host *
ForwardAgent yes
ForwardX11 yes
RhostsAuthentication no
RhostsRSAAuthentication yes
RSAAuthentication yes
PasswordAuthentication yes
# FallBackToRsh no
# UseRsh no
# BatchMode no
CheckHostIP yes
# StrictHostKeyChecking no
IdentityFile ~/.ssh/identity
IdentityFile ~/.ssh/id_dsa
Port 22
Protocol 2,1
Cipher blowfish
# EscapeChar ~
from sshd -d -d -d:
===================
/opt/openssh/sbin/sshd -v -v -v
...
RSA key generation complete.
...
Connection from IP-Address port 795
debug1: Client protocol version 2.0; client software version OpenSSH_2.3.0p1
debug1: no match: OpenSSH_2.3.0p1
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_2.3.0p1
...
WARNING: no primes in /opt/openssh/etc/primes, using old prime
debug1: bits set: 511/1024
debug1: Sending SSH2_MSG_KEX_DH_GEX_GROUP.
debug1: Wait SSH2_MSG_KEX_DH_GEX_INIT.
debug1: bits set: 512/1024
debug1: sig size 20 20
debug1: send SSH2_MSG_NEWKEYS.
debug1: done: send SSH2_MSG_NEWKEYS.
debug1: Wait SSH2_MSG_NEWKEYS.
debug1: GOT SSH2_MSG_NEWKEYS.
debug1: done: KEX2.
debug1: userauth-request for user username service ssh-connection method none
debug1: attempt1
debug2: input_userauth_request: setting up authctxt for username
debug1: Starting up PAM with username "username"
debug2: input_userauth_request: try method none
Failed none for username from IP-Address port 795 ssh2
debug1: userauth-request for user username service ssh-connection method publickey
debug1: attempt2
debug2: input_userauth_request: try method publickey
Failed publickey for username from IP-Address port 795 ssh2
...
from ssh -v -v -v -2 <hostname>
===============================
ssh -v -v -v hostname
...
debug: service_accept: ssh-userauth
debug: got SSH2_MSG_SERVICE_ACCEPT
debug: authentications that can continue: publickey,password
debug: start over, passed a different list
debug: authmethod_lookup publickey
debug: authmethod_is_enabled publickey
debug: next auth method to try is publickey
debug: try pubkey: /home/username/.ssh/id_dsa
debug: read DSA private key done
debug: sig size 20 20
debug: we sent a publickey packet, wait for reply
debug: authentications that can continue: publickey,password
debug: authmethod_lookup publickey
debug: authmethod_is_enabled publickey
debug: next auth method to try is publickey
debug: we did not send a packet, disable method
debug: authmethod_lookup publickey
debug: authmethod_lookup password
debug: authmethod_is_enabled password
debug: next auth method to try is password
--
Ulrike Nitzsche | email: [EMAIL PROTECTED]
| phone: +49-351-4659-463
