[lug] Broken ssh
Shannon Johnston
nunar at nunar.com
Thu Mar 14 17:11:58 MST 2002
I've had to name the public key file 'authorized_keys2' in order to get
it to work w/ SSH2.
Shannon
On Thu, 2002-03-14 at 15:35, Glenn Murray wrote:
> Thanks for the suggestion, but it didn't seem to work.
>
> glenn/$ ls .ssh
> id_rsa known_hosts
> glenn/$ ssh -vl gmurray slate
> ...
> debug1: next auth method to try is publickey
> debug1: try privkey: /home/glenn/.ssh/identity
> debug1: try privkey: /home/glenn/.ssh/id_rsa
> debug1: PEM_read_PrivateKey failed
> debug1: read PEM private key done: type <unknown>
> Enter passphrase for key '/home/glenn/.ssh/id_rsa':
> debug1: try privkey: /home/glenn/.ssh/id_dsa
> debug1: next auth method to try is password
> gmurray at slate's password:
>
> It turns out that I can connect to the remote machine with
>
> ssh -1 -l gmurray slate
>
> so I can make it talk with ssh1. But how do I make it work with CVS?
> Naively setting CVS_RSH='ssh -1 ' failed.
>
> I see in my package list that there is an "ssh2" (non-free) which I
> could install instead of "ssh" (OpenSSH). Is this a better
> alternative?
>
> Thanks,
> Glenn Murray
> http://www.mines.edu/~gmurray
>
> On 13 Mar 2002, Hugh Brown wrote:
>
> > You might try logging in to slate and do your key generation there.
> > ssh.com ssh and openssh ssh have different key formats.
> >
> > Hugh
> >
> > On Wed, 2002-03-13 at 16:58, Glenn Murray wrote:
> > > Hi,
> > >
> > > I recently upgraded (i.e., am recovering from) Debian potato to
> > > testing (woody) and now ssh is broken to two non-Linux UNIX servers.
> > > It still works to a non-upgraded Linux box.
> > >
> > > I generated new keys id_rsa and id_rsa.pub and appended the
> > > latter to ~/.ssh/authorized_keys on the remote machine.
> > >
> > > >From below and fiddling with a config file I gather that the public
> > > key business is not working. I really need passwordless connections
> > > for cvs access.
> > >
> > > Any help would be greatly appreciated.
> > >
> > > Thanks,
> > > Glenn Murray
> > > http://www.mines.edu/~gmurray
> > >
> > >
> > > .ssh/$ ssh -v 'gmurray at slate'
> > > OpenSSH_3.0.2p1 Debian 1:3.0.2p1-8, SSH protocols 1.5/2.0, OpenSSL 0x0090603f
> > > debug1: Reading configuration data /home/glenn/.ssh/config
> > > debug1: Applying options for *
> > > debug1: Reading configuration data /etc/ssh/ssh_config
> > > debug1: Seeding random number generator
> > > debug1: Rhosts Authentication disabled, originating port will not be trusted.
> > > debug1: restore_uid
> > > debug1: ssh_connect: getuid 1000 geteuid 1000 anon 1
> > > debug1: Connecting to slate [138.67.1.38] port 22.
> > > debug1: temporarily_use_uid: 1000/1000 (e=1000)
> > > debug1: restore_uid
> > > debug1: temporarily_use_uid: 1000/1000 (e=1000)
> > > debug1: restore_uid
> > > debug1: Connection established.
> > > debug1: identity file /home/glenn/.ssh/identity type 0
> > > debug1: identity file /home/glenn/.ssh/id_rsa type 1
> > > debug1: identity file /home/glenn/.ssh/id_dsa type -1
> > > debug1: Remote protocol version 1.99, remote software version 3.1.0 SSH Secure Shell (non-commercial)
> > > debug1: no match: 3.1.0 SSH Secure Shell (non-commercial)
> > > Enabling compatibility mode for protocol 2.0
> > > debug1: Local version string SSH-2.0-OpenSSH_3.0.2p1 Debian 1:3.0.2p1-8
> > > debug1: SSH2_MSG_KEXINIT sent
> > > debug1: SSH2_MSG_KEXINIT received
> > > debug1: kex: server->client aes128-cbc hmac-md5 none
> > > debug1: kex: client->server aes128-cbc hmac-md5 none
> > > debug1: dh_gen_key: priv key bits set: 133/256
> > > debug1: bits set: 506/1024
> > > debug1: sending SSH2_MSG_KEXDH_INIT
> > > debug1: expecting SSH2_MSG_KEXDH_REPLY
> > > debug1: Host 'slate' is known and matches the DSA host key.
> > > debug1: Found key in /home/glenn/.ssh/known_hosts2:1
> > > debug1: bits set: 512/1024
> > > debug1: ssh_dss_verify: signature correct
> > > debug1: kex_derive_keys
> > > debug1: newkeys: mode 1
> > > debug1: SSH2_MSG_NEWKEYS sent
> > > debug1: waiting for SSH2_MSG_NEWKEYS
> > > debug1: newkeys: mode 0
> > > debug1: SSH2_MSG_NEWKEYS received
> > > debug1: done: ssh_kex2.
> > > debug1: send SSH2_MSG_SERVICE_REQUEST
> > > debug1: service_accept: ssh-userauth
> > > debug1: got SSH2_MSG_SERVICE_ACCEPT
> > > debug1: authentications that can continue: hostbased,publickey,password
> > > debug1: next auth method to try is publickey
> > > debug1: try pubkey: /home/glenn/.ssh/id_rsa
> > > debug1: authentications that can continue: hostbased,publickey,password
> > > debug1: try privkey: /home/glenn/.ssh/id_dsa
> > > debug1: next auth method to try is password
> > > gmurray at slate's password:
> > >
> > > _______________________________________________
> > > Web Page: http://lug.boulder.co.us
> > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > --
> > ------------------------------------
> > System Administrator/Unix Consultant
> > hugh at vecna.com
> > Vecna Technologies, Inc
> > 6525 Belcrest Rd, Suite 612
> > Hyattsville MD, 20782
> > 301.864.7253
> > http://www.vecna.com
> > ------------------------------------
> > Linux Professional Institute Certified - Level 1
> > Sair Linux and GNU Certified Administrator
> > AIX Certified Specialist - System Support
> > ------------------------------------
> >
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list