OpenSSH public key authentication woes
Karl M
karlm30@hotmail.com
Mon Apr 26 16:53:00 GMT 2004
Hi Greg...
Try setting your authorized_keys to 644 for now. If that doesn't work, take
a look at the problem reporting section on the Cygwin web page. This list
would need more information to help further.
Thanks,
...Karl
>From: Greg Rudd
>To: Karl M
>CC: <cygwin@cygwin.com>
>Subject: Re: OpenSSH public key authentication woes
>Date: Mon, 26 Apr 2004 18:36:41 +1000
>
>On 26/4/04 4:33 pm, "Karl M" wrote:
>
> > Hi Greg...
> >
> > I don't see an authorized_keys file in your .ssh directory. It should
> > contain the public keys for those users/hosts that are permitted to do
> > public key authentication. Just cat the public keys you want together to
> > make your authorized_keys file. Then make sure that it is readable by
>your
> > sshd (ssh server).
> >
> > HTH
> >
> > ...Karl
>
>Hi Karl et al
>
>I named the files accidentally named the files authorized_hosts instead of
>keys. I have corrected this but to no avail. To make the files readable
>by
>the server I take it that you need to set the modes to 600 for the
>authorized_key files (which I have done)
> >
> >
> >> From: Greg Rudd
> >> To: <cygwin@cygwin.com>
> >> CC: Didier Debuf
> >> Subject: OpenSSH public key authentication woes
> >> Date: Mon, 26 Apr 2004 16:04:41 +1000
> >>
> >> Hi All
> >>
> >> I am trying to get public-key authentication working with openSSH under
> >> cygwin. I have been looking on the net and found numorious references
>to
> >> this problem but noone has posted a summary so as to prevent further
>emails
> >> on this subject to the list.
> >>
> >> What is stange is that in testing I can do public key authentication to
>the
> >> commercial version of SSH which in my case is an alpha (Tru64 4.0g and
> >> 5.1a)
> >> running 3.2.9.1 but yet can not do public key authentication either to
>the
> >> local host or from another host.
> >>
> >>
> >> I have checked the ssh_config and sshd_config files and both have
> >> RSAAuthetication and Public key authentication are enabled as well as
> >> Protocol 2,1 listed in both files and the identity files listed in the
> >> /etc/ssh_config file are:
> >>
> >> IdentityFile ~/.ssh/id_dsa
> >> IdentityFile ~/.ssh/identity
> >> IdentityFile ~/.ssh/id_rsa
> >> IdentityFile ~/.ssh/id_dsa
> >>
> >> And the contents of the .ssh directory are
> >> drwxr-xr-x 1 grudd Domain U 0 Apr 23 20:17 .
> >> drwxr-xr-x 1 grudd Domain U 4096 Apr 23 21:24 ..
> >> -rw------- 1 grudd Domain U 331 Apr 23 19:37
>authorized_hosts
> >> -rw------- 1 grudd Domain U 1204 Apr 23 19:36
>authorized_hosts2
> >> -rw------- 1 grudd Domain U 668 Apr 22 18:20 foo
> >> -rw------- 1 grudd Domain U 602 Apr 22 18:20 foo.pub
> >> -rw------- 1 grudd Domain U 668 Apr 23 18:32 id_dsa
> >> -rw------- 1 grudd Domain U 602 Apr 23 18:32 id_dsa.pub
> >> -rw------- 1 grudd Domain U 527 Apr 23 18:03 id_rsa
> >> -rw------- 1 grudd Domain U 331 Apr 23 18:03 id_rsa.pub
> >> -rw------- 1 grudd Domain U 527 Apr 23 19:05 identity
> >> -rw------- 1 grudd Domain U 331 Apr 23 19:05 identity.pub
> >> -rw------- 1 grudd Domain U 220 Apr 23 20:17 known_hosts
> >>
> >> I have been working on this for a couple of days and I am now stumped
>for a
> >> solution any ideas from the experts here??
> >>
> >>
> >> Thanks in advance -greg
> >>
> >>
> >> Debug output from the client trying to ssh via public key
>authentication to
> >> localhost
> >>
> >>
> >> $ ssh -vvv grudd@localhost
> >> OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
> >> debug1: Reading configuration data /etc/ssh_config
> >> debug3: cipher ok: aes128-cbc
> >>
>[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
> >> debug3: cipher ok: 3des-cbc
> >>
>[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
> >> debug3: cipher ok: blowfish-cbc
> >>
>[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
> >> debug3: cipher ok: cast128-cbc
> >>
>[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
> >> debug3: cipher ok: arcfour
> >>
>[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
> >> debug3: cipher ok: aes192-cbc
> >>
>[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
> >> debug3: cipher ok: aes256-cbc
> >>
>[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
> >> debug3: ciphers ok:
> >>
>[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
> >> debug2: ssh_connect: needpriv 0
> >> debug1: Connecting to localhost [127.0.0.1] port 22.
> >> debug1: Connection established.
> >> debug3: Not a RSA1 key file //crescent/grudd/.ssh/id_dsa.
> >> debug2: key_type_from_name: unknown key type '-----BEGIN'
> >> debug3: key_read: missing keytype
> >> debug3: key_read: missing whitespace
> >> debug3: key_read: missing whitespace
> >> debug3: key_read: missing whitespace
> >> debug3: key_read: missing whitespace
> >> debug3: key_read: missing whitespace
> >> debug3: key_read: missing whitespace
> >> debug3: key_read: missing whitespace
> >> debug3: key_read: missing whitespace
> >> debug3: key_read: missing whitespace
> >> debug3: key_read: missing whitespace
> >> debug2: key_type_from_name: unknown key type '-----END'
> >> debug3: key_read: missing keytype
> >> debug1: identity file //crescent/grudd/.ssh/id_dsa type 2
> >> debug1: identity file //crescent/grudd/.ssh/identity type 0
> >> debug1: identity file //crescent/grudd/.ssh/id_rsa type 0
> >> debug3: Not a RSA1 key file //crescent/grudd/.ssh/id_dsa.
> >> debug2: key_type_from_name: unknown key type '-----BEGIN'
> >> debug3: key_read: missing keytype
> >> debug3: key_read: missing whitespace
> >> debug3: key_read: missing whitespace
> >> debug3: key_read: missing whitespace
> >> debug3: key_read: missing whitespace
> >> debug3: key_read: missing whitespace
> >> debug3: key_read: missing whitespace
> >> debug3: key_read: missing whitespace
> >> debug3: key_read: missing whitespace
> >> debug3: key_read: missing whitespace
> >> debug3: key_read: missing whitespace
> >> debug2: key_type_from_name: unknown key type '-----END'
> >> debug3: key_read: missing keytype
> >> debug1: identity file //crescent/grudd/.ssh/id_dsa type 2
> >> debug1: Remote protocol version 2.0, remote software version
> >> OpenSSH_3.8.1p1
> >> debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*
> >> debug1: Enabling compatibility mode for protocol 2.0
> >> debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
> >> debug1: SSH2_MSG_KEXINIT sent
> >> debug1: SSH2_MSG_KEXINIT received
> >> debug2: kex_parse_kexinit:
> >> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> >> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> >> debug2: kex_parse_kexinit:
> >>
>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
> >> debug2: kex_parse_kexinit:
> >>
>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
> >> debug2: kex_parse_kexinit:
> >>
>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
> >> ac-md5-96
> >> debug2: kex_parse_kexinit:
> >>
>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
> >> ac-md5-96
> >> debug2: kex_parse_kexinit: none,zlib
> >> debug2: kex_parse_kexinit: none,zlib
> >> debug2: kex_parse_kexinit:
> >> debug2: kex_parse_kexinit:
> >> debug2: kex_parse_kexinit: first_kex_follows 0
> >> debug2: kex_parse_kexinit: reserved 0
> >> debug2: kex_parse_kexinit:
> >> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> >> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> >> debug2: kex_parse_kexinit:
> >>
>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
> >> ijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> >> debug2: kex_parse_kexinit:
> >>
>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
> >> ijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> >> debug2: kex_parse_kexinit:
> >>
>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
> >> ac-md5-96
> >> debug2: kex_parse_kexinit:
> >>
>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
> >> ac-md5-96
> >> debug2: kex_parse_kexinit: none,zlib
> >> debug2: kex_parse_kexinit: none,zlib
> >> debug2: kex_parse_kexinit:
> >> debug2: kex_parse_kexinit:
> >> debug2: kex_parse_kexinit: first_kex_follows 0
> >> debug2: kex_parse_kexinit: reserved 0
> >> debug2: mac_init: found hmac-md5
> >> debug1: kex: server->client aes128-cbc hmac-md5 none
> >> debug2: mac_init: found hmac-md5
> >> debug1: kex: client->server aes128-cbc hmac-md5 none
> >> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> >> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> >> debug2: dh_gen_key: priv key bits set: 143/256
> >> debug2: bits set: 524/1024
> >> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> >> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> >> debug3: check_host_in_hostfile: filename
>//crescent/grudd/.ssh/known_hosts
> >> debug3: check_host_in_hostfile: match line 1
> >> debug1: Host 'localhost' is known and matches the RSA host key.
> >> debug1: Found key in //crescent/grudd/.ssh/known_hosts:1
> >> debug2: bits set: 496/1024
> >> debug1: ssh_rsa_verify: signature correct
> >> debug2: kex_derive_keys
> >> debug2: set_newkeys: mode 1
> >> debug1: SSH2_MSG_NEWKEYS sent
> >> debug1: expecting SSH2_MSG_NEWKEYS
> >> debug2: set_newkeys: mode 0
> >> debug1: SSH2_MSG_NEWKEYS received
> >> debug1: SSH2_MSG_SERVICE_REQUEST sent
> >> debug2: service_accept: ssh-userauth
> >> debug1: SSH2_MSG_SERVICE_ACCEPT received
> >> debug2: key: //crescent/grudd/.ssh/id_dsa (0x100f24e0)
> >> debug2: key: //crescent/grudd/.ssh/id_dsa (0x100e9218)
> >> debug1: Authentications that can continue:
> >> publickey,password,keyboard-interactive
> >> debug3: start over, passed a different list
> >> publickey,password,keyboard-interactive
> >> debug3: preferred publickey,keyboard-interactive,password
> >> debug3: authmethod_lookup publickey
> >> debug3: remaining preferred: keyboard-interactive,password
> >> debug3: authmethod_is_enabled publickey
> >> debug1: Next authentication method: publickey
> >> debug1: Offering public key: //crescent/grudd/.ssh/id_dsa
> >> debug3: send_pubkey_test
> >> debug2: we sent a publickey packet, wait for reply
> >> debug1: Authentications that can continue:
> >> publickey,password,keyboard-interactive
> >> debug1: Offering public key: //crescent/grudd/.ssh/id_dsa
> >> debug3: send_pubkey_test
> >> debug2: we sent a publickey packet, wait for reply
> >> debug1: Authentications that can continue:
> >> publickey,password,keyboard-interactive
> >> debug2: we did not send a packet, disable method
> >> debug3: authmethod_lookup keyboard-interactive
> >> debug3: remaining preferred: password
> >> debug3: authmethod_is_enabled keyboard-interactive
> >> debug1: Next authentication method: keyboard-interactive
> >> debug2: userauth_kbdint
> >> debug2: we sent a keyboard-interactive packet, wait for reply
> >> debug1: Authentications that can continue:
> >> publickey,password,keyboard-interactive
> >> debug3: userauth_kbdint: disable: no info_req_seen
> >> debug2: we did not send a packet, disable method
> >> debug3: authmethod_lookup password
> >> debug3: remaining preferred:
> >> debug3: authmethod_is_enabled password
> >> debug1: Next authentication method: password
> >> grudd@localhost's password:
> >>
> >>
> >>
> >> Debug output from the server.
> >>
> >>
> >> debug2: read_server_config: filename /etc/sshd_config
> >> debug1: sshd version OpenSSH_3.8.1p1
> >> debug1: private host key: #0 type 0 RSA1
> >> debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
> >> debug1: read PEM private key done: type RSA
> >> debug1: private host key: #1 type 1 RSA
> >> debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
> >> debug1: read PEM private key done: type DSA
> >> debug1: private host key: #2 type 2 DSA
> >> debug1: Bind to port 22 on 0.0.0.0.
> >> Server listening on 0.0.0.0 port 22.
> >> Generating 768 bit RSA key.
> >> RSA key generation complete.
> >> debug1: Server will not fork when running in debugging mode.
> >> Connection from 127.0.0.1 port 3545
> >> debug1: Client protocol version 2.0; client software version
> >> OpenSSH_3.8.1p1
> >> debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*
> >> debug1: Enabling compatibility mode for protocol 2.0
> >> debug1: Local version string SSH-1.99-OpenSSH_3.8.1p1
> >> debug2: Network child is on pid 1572
> >> debug3: preauth child monitor started
> >> debug3: mm_request_receive entering
> >> debug1: list_hostkey_types: ssh-rsa,ssh-dss
> >> debug1: SSH2_MSG_KEXINIT sent
> >> debug1: SSH2_MSG_KEXINIT received
> >> debug2: kex_parse_kexinit:
> >> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> >> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> >> debug2: kex_parse_kexinit:
> >>
>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
> >> ijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> >> debug2: kex_parse_kexinit:
> >>
>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
> >> ijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> >> debug2: kex_parse_kexinit:
> >>
>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
> >> ac-md5-96
> >> debug2: kex_parse_kexinit:
> >>
>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
> >> ac-md5-96
> >> debug2: kex_parse_kexinit: none,zlib
> >> debug2: kex_parse_kexinit: none,zlib
> >> debug2: kex_parse_kexinit:
> >> debug2: kex_parse_kexinit:
> >> debug2: kex_parse_kexinit: first_kex_follows 0
> >> debug2: kex_parse_kexinit: reserved 0
> >> debug2: kex_parse_kexinit:
> >> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> >> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> >> debug2: kex_parse_kexinit:
> >>
>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
> >> ijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> >> debug2: kex_parse_kexinit:
> >>
>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
> >> ijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> >> debug2: kex_parse_kexinit:
> >>
>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
> >> ac-md5-96
> >> debug2: kex_parse_kexinit:
> >>
>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
> >> ac-md5-96
> >> debug2: kex_parse_kexinit: none,zlib
> >> debug2: kex_parse_kexinit: none,zlib
> >> debug2: kex_parse_kexinit:
> >> debug2: kex_parse_kexinit:
> >> debug2: kex_parse_kexinit: first_kex_follows 0
> >> debug2: kex_parse_kexinit: reserved 0
> >> debug2: mac_init: found hmac-md5
> >> debug1: kex: client->server aes128-cbc hmac-md5 none
> >> debug2: mac_init: found hmac-md5
> >> debug3: mm_request_send entering: type 5
> >> debug2: monitor_read: 4 used once, disabling now
> >> debug3: mm_request_receive entering
> >> debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
> >> debug3: mm_request_receive_expect entering: type 5
> >> debug3: mm_request_receive entering
> >> debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
> >> debug2: kex_derive_keys
> >> debug2: set_newkeys: mode 1
> >> debug1: SSH2_MSG_NEWKEYS sent
> >> debug1: expecting SSH2_MSG_NEWKEYS
> >> Connection closed by 127.0.0.1
> >> debug1: do_cleanup
> >> debug1: do_cleanup
> >> debug2: read_server_config: filename /etc/sshd_config
> >> debug1: sshd version OpenSSH_3.8.1p1
> >> debug1: private host key: #0 type 0 RSA1
> >> debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
> >> debug1: read PEM private key done: type RSA
> >> debug1: private host key: #1 type 1 RSA
> >> debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
> >> debug1: read PEM private key done: type DSA
> >> debug1: private host key: #2 type 2 DSA
> >>
> >>
> >>
> >> ssh_config file
> >>
> >>
> >>
> >> --
> >> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> >> Problem reports: http://cygwin.com/problems.html
> >> Documentation: http://cygwin.com/docs.html
> >> FAQ: http://cygwin.com/faq/
> >>
> >
> > _________________________________________________________________
> > FREE pop-up blocking with the new MSN Toolbar  get it now!
> > http://toolbar.msn.com/go/onm00200415ave/direct/01/
> >
> >
> > --
> > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> > Problem reports: http://cygwin.com/problems.html
> > Documentation: http://cygwin.com/docs.html
> > FAQ: http://cygwin.com/faq/
> >
> >
>
>
>--
>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>Problem reports: http://cygwin.com/problems.html
>Documentation: http://cygwin.com/docs.html
>FAQ: http://cygwin.com/faq/
>
_________________________________________________________________
Test your ‘Travel Quotient’ and get the chance to win your dream trip!
http://travel.msn.com
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list