On 26/4/04 4:33 pm, "Karl M" <[EMAIL PROTECTED]> wrote:

> Hi Greg...
> I don't see an authorized_keys file in your .ssh directory. It should
> contain the public keys for those users/hosts that are permitted to do
> public key authentication. Just cat the public keys you want together to
> make your authorized_keys file. Then make sure that it is readable by your
> sshd (ssh server).
> ...Karl

Hi Karl et al

I named the files accidentally named the files authorized_hosts instead of
keys.  I have corrected this but to no avail.  To make the files readable by
the server I take it that you need to set the modes to 600 for the
authorized_key files (which I have done)
>> From: Greg Rudd
>> CC: Didier Debuf
>> Subject: OpenSSH public key authentication woes
>> Date: Mon, 26 Apr 2004 16:04:41 +1000
>> Hi All
>> I am trying to get public-key authentication working with openSSH under
>> cygwin.  I have been looking on the net and found numorious references to
>> this problem but noone has posted a summary so as to prevent further emails
>> on this subject to the list.
>> What is stange is that in testing I can do public key authentication to the
>> commercial version of SSH which in my case is an alpha (Tru64 4.0g and
>> 5.1a)
>> running but yet can not do public key authentication either to the
>> local host or from another host.
>> I have checked the ssh_config and sshd_config files and both have
>> RSAAuthetication and Public key authentication are enabled as well as
>> Protocol 2,1 listed in both files and the identity files listed in the
>> /etc/ssh_config file are:
>>    IdentityFile ~/.ssh/id_dsa
>>    IdentityFile ~/.ssh/identity
>>    IdentityFile ~/.ssh/id_rsa
>>    IdentityFile ~/.ssh/id_dsa
>> And the contents of the .ssh directory are
>> drwxr-xr-x    1 grudd    Domain U        0 Apr 23 20:17 .
>> drwxr-xr-x    1 grudd    Domain U     4096 Apr 23 21:24 ..
>> -rw-------    1 grudd    Domain U      331 Apr 23 19:37 authorized_hosts
>> -rw-------    1 grudd    Domain U     1204 Apr 23 19:36 authorized_hosts2
>> -rw-------    1 grudd    Domain U      668 Apr 22 18:20 foo
>> -rw-------    1 grudd    Domain U      602 Apr 22 18:20 foo.pub
>> -rw-------    1 grudd    Domain U      668 Apr 23 18:32 id_dsa
>> -rw-------    1 grudd    Domain U      602 Apr 23 18:32 id_dsa.pub
>> -rw-------    1 grudd    Domain U      527 Apr 23 18:03 id_rsa
>> -rw-------    1 grudd    Domain U      331 Apr 23 18:03 id_rsa.pub
>> -rw-------    1 grudd    Domain U      527 Apr 23 19:05 identity
>> -rw-------    1 grudd    Domain U      331 Apr 23 19:05 identity.pub
>> -rw-------    1 grudd    Domain U      220 Apr 23 20:17 known_hosts
>> I have been working on this for a couple of days and I am now stumped for a
>> solution any ideas from the experts here??
>> Thanks in advance -greg
>> Debug output from the client trying to ssh via public key authentication to
>> localhost
>> $ ssh -vvv [EMAIL PROTECTED]
>> OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
>> debug1: Reading configuration data /etc/ssh_config
>> debug3: cipher ok: aes128-cbc
>> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>> debug3: cipher ok: 3des-cbc
>> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>> debug3: cipher ok: blowfish-cbc
>> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>> debug3: cipher ok: cast128-cbc
>> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>> debug3: cipher ok: arcfour
>> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>> debug3: cipher ok: aes192-cbc
>> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>> debug3: cipher ok: aes256-cbc
>> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>> debug3: ciphers ok:
>> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>> debug2: ssh_connect: needpriv 0
>> debug1: Connecting to localhost [] port 22.
>> debug1: Connection established.
>> debug3: Not a RSA1 key file //crescent/grudd/.ssh/id_dsa.
>> debug2: key_type_from_name: unknown key type '-----BEGIN'
>> debug3: key_read: missing keytype
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug2: key_type_from_name: unknown key type '-----END'
>> debug3: key_read: missing keytype
>> debug1: identity file //crescent/grudd/.ssh/id_dsa type 2
>> debug1: identity file //crescent/grudd/.ssh/identity type 0
>> debug1: identity file //crescent/grudd/.ssh/id_rsa type 0
>> debug3: Not a RSA1 key file //crescent/grudd/.ssh/id_dsa.
>> debug2: key_type_from_name: unknown key type '-----BEGIN'
>> debug3: key_read: missing keytype
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug2: key_type_from_name: unknown key type '-----END'
>> debug3: key_read: missing keytype
>> debug1: identity file //crescent/grudd/.ssh/id_dsa type 2
>> debug1: Remote protocol version 2.0, remote software version
>> OpenSSH_3.8.1p1
>> debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*
>> debug1: Enabling compatibility mode for protocol 2.0
>> debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
>> debug1: SSH2_MSG_KEXINIT sent
>> debug1: SSH2_MSG_KEXINIT received
>> debug2: kex_parse_kexinit:
>> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>> debug2: kex_parse_kexinit:
>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
>> debug2: kex_parse_kexinit:
>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
>> debug2: kex_parse_kexinit:
>> hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hm
>> ac-md5-96
>> debug2: kex_parse_kexinit:
>> hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hm
>> ac-md5-96
>> debug2: kex_parse_kexinit: none,zlib
>> debug2: kex_parse_kexinit: none,zlib
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit: first_kex_follows 0
>> debug2: kex_parse_kexinit: reserved 0
>> debug2: kex_parse_kexinit:
>> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>> debug2: kex_parse_kexinit:
>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
>> [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr
>> debug2: kex_parse_kexinit:
>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
>> [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr
>> debug2: kex_parse_kexinit:
>> hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hm
>> ac-md5-96
>> debug2: kex_parse_kexinit:
>> hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hm
>> ac-md5-96
>> debug2: kex_parse_kexinit: none,zlib
>> debug2: kex_parse_kexinit: none,zlib
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit: first_kex_follows 0
>> debug2: kex_parse_kexinit: reserved 0
>> debug2: mac_init: found hmac-md5
>> debug1: kex: server->client aes128-cbc hmac-md5 none
>> debug2: mac_init: found hmac-md5
>> debug1: kex: client->server aes128-cbc hmac-md5 none
>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>> debug2: dh_gen_key: priv key bits set: 143/256
>> debug2: bits set: 524/1024
>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>> debug3: check_host_in_hostfile: filename //crescent/grudd/.ssh/known_hosts
>> debug3: check_host_in_hostfile: match line 1
>> debug1: Host 'localhost' is known and matches the RSA host key.
>> debug1: Found key in //crescent/grudd/.ssh/known_hosts:1
>> debug2: bits set: 496/1024
>> debug1: ssh_rsa_verify: signature correct
>> debug2: kex_derive_keys
>> debug2: set_newkeys: mode 1
>> debug1: SSH2_MSG_NEWKEYS sent
>> debug1: expecting SSH2_MSG_NEWKEYS
>> debug2: set_newkeys: mode 0
>> debug1: SSH2_MSG_NEWKEYS received
>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>> debug2: service_accept: ssh-userauth
>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>> debug2: key: //crescent/grudd/.ssh/id_dsa (0x100f24e0)
>> debug2: key: //crescent/grudd/.ssh/id_dsa (0x100e9218)
>> debug1: Authentications that can continue:
>> publickey,password,keyboard-interactive
>> debug3: start over, passed a different list
>> publickey,password,keyboard-interactive
>> debug3: preferred publickey,keyboard-interactive,password
>> debug3: authmethod_lookup publickey
>> debug3: remaining preferred: keyboard-interactive,password
>> debug3: authmethod_is_enabled publickey
>> debug1: Next authentication method: publickey
>> debug1: Offering public key: //crescent/grudd/.ssh/id_dsa
>> debug3: send_pubkey_test
>> debug2: we sent a publickey packet, wait for reply
>> debug1: Authentications that can continue:
>> publickey,password,keyboard-interactive
>> debug1: Offering public key: //crescent/grudd/.ssh/id_dsa
>> debug3: send_pubkey_test
>> debug2: we sent a publickey packet, wait for reply
>> debug1: Authentications that can continue:
>> publickey,password,keyboard-interactive
>> debug2: we did not send a packet, disable method
>> debug3: authmethod_lookup keyboard-interactive
>> debug3: remaining preferred: password
>> debug3: authmethod_is_enabled keyboard-interactive
>> debug1: Next authentication method: keyboard-interactive
>> debug2: userauth_kbdint
>> debug2: we sent a keyboard-interactive packet, wait for reply
>> debug1: Authentications that can continue:
>> publickey,password,keyboard-interactive
>> debug3: userauth_kbdint: disable: no info_req_seen
>> debug2: we did not send a packet, disable method
>> debug3: authmethod_lookup password
>> debug3: remaining preferred:
>> debug3: authmethod_is_enabled password
>> debug1: Next authentication method: password
>> [EMAIL PROTECTED]'s password:
>> Debug output from the server.
>> debug2: read_server_config: filename /etc/sshd_config
>> debug1: sshd version OpenSSH_3.8.1p1
>> debug1: private host key: #0 type 0 RSA1
>> debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
>> debug1: read PEM private key done: type RSA
>> debug1: private host key: #1 type 1 RSA
>> debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
>> debug1: read PEM private key done: type DSA
>> debug1: private host key: #2 type 2 DSA
>> debug1: Bind to port 22 on
>> Server listening on port 22.
>> Generating 768 bit RSA key.
>> RSA key generation complete.
>> debug1: Server will not fork when running in debugging mode.
>> Connection from port 3545
>> debug1: Client protocol version 2.0; client software version
>> OpenSSH_3.8.1p1
>> debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*
>> debug1: Enabling compatibility mode for protocol 2.0
>> debug1: Local version string SSH-1.99-OpenSSH_3.8.1p1
>> debug2: Network child is on pid 1572
>> debug3: preauth child monitor started
>> debug3: mm_request_receive entering
>> debug1: list_hostkey_types: ssh-rsa,ssh-dss
>> debug1: SSH2_MSG_KEXINIT sent
>> debug1: SSH2_MSG_KEXINIT received
>> debug2: kex_parse_kexinit:
>> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>> debug2: kex_parse_kexinit:
>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
>> [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr
>> debug2: kex_parse_kexinit:
>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
>> [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr
>> debug2: kex_parse_kexinit:
>> hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hm
>> ac-md5-96
>> debug2: kex_parse_kexinit:
>> hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hm
>> ac-md5-96
>> debug2: kex_parse_kexinit: none,zlib
>> debug2: kex_parse_kexinit: none,zlib
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit: first_kex_follows 0
>> debug2: kex_parse_kexinit: reserved 0
>> debug2: kex_parse_kexinit:
>> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>> debug2: kex_parse_kexinit:
>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
>> [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr
>> debug2: kex_parse_kexinit:
>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
>> [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr
>> debug2: kex_parse_kexinit:
>> hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hm
>> ac-md5-96
>> debug2: kex_parse_kexinit:
>> hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hm
>> ac-md5-96
>> debug2: kex_parse_kexinit: none,zlib
>> debug2: kex_parse_kexinit: none,zlib
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit: first_kex_follows 0
>> debug2: kex_parse_kexinit: reserved 0
>> debug2: mac_init: found hmac-md5
>> debug1: kex: client->server aes128-cbc hmac-md5 none
>> debug2: mac_init: found hmac-md5
>> debug3: mm_request_send entering: type 5
>> debug2: monitor_read: 4 used once, disabling now
>> debug3: mm_request_receive entering
>> debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
>> debug3: mm_request_receive_expect entering: type 5
>> debug3: mm_request_receive entering
>> debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
>> debug2: kex_derive_keys
>> debug2: set_newkeys: mode 1
>> debug1: SSH2_MSG_NEWKEYS sent
>> debug1: expecting SSH2_MSG_NEWKEYS
>> Connection closed by
>> debug1: do_cleanup
>> debug1: do_cleanup
>> debug2: read_server_config: filename /etc/sshd_config
>> debug1: sshd version OpenSSH_3.8.1p1
>> debug1: private host key: #0 type 0 RSA1
>> debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
>> debug1: read PEM private key done: type RSA
>> debug1: private host key: #1 type 1 RSA
>> debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
>> debug1: read PEM private key done: type DSA
>> debug1: private host key: #2 type 2 DSA
>>  ssh_config file
>> --
>> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>> Problem reports:       http://cygwin.com/problems.html
>> Documentation:         http://cygwin.com/docs.html
>> FAQ:                   http://cygwin.com/faq/
> _________________________________________________________________
> FREE pop-up blocking with the new MSN Toolbar ­ get it now!
> http://toolbar.msn.com/go/onm00200415ave/direct/01/
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/

Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Reply via email to