On Sat, Feb 15, 2003 at 12:40:08PM -0800, Vineet Kumar wrote: > * Pigeon ([EMAIL PROTECTED]) [030215 11:03]: > > Since protocol 1 is now working, I'm not too bothered about 2 not > > working, but it would be nice to fix it purely on the grounds of not > > liking to have broken stuff around especially when it works for > > everyone else! > > I agree; it's no fun to just give up! It should work. > > Here's what I have on my laptop (which is what I carry around everywhere > and is the local side of things): <snip>
Well, the clot thickens... and the wound heals! So, you had protocol 2 keys, but named 'identity' rather than 'id_rsa', and nothing else in .ssh (no protocol 1 keys, like me). Other than that, the setup was the same, permissions- and config-wise. Same version, too, as on your older end - ssh -V gives: OpenSSH_3.4p1 Debian 1:3.4p1-1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f So, I cleared my protocol 1 keys out into a separate directory, generated a new protocol 2 rsa key pair and called it 'identity' instead of 'id_rsa', copied the public key across to the host. No - still didn't work. Oh, wait a minute: > Here's what I have on a remote host to which I can connect using my key: <snip> > Thalia:~% cat .ssh/authorized_keys > ssh-rsa AAAAB3NzaC1y-<snip>-SE0= /home/vineet/.ssh/identity Mine doesn't end in the key file name, it ends in pigeon@pigeon, which is what ssh-keygen wrote there. So I change pigeon@pigeon to /home/pigeon/.ssh/identity. Result: Still doesn't work. Have a look at ssh -vvv again, and find that it is no longer barfing on the key file and pretending it doesn't know the format, but it does get confused later on because the file is named 'identity' and not 'id_rsa'. So, I rename 'identity' to 'id_rsa' and try again... IT WORKS!!! Huh? The authorized_keys on the host still ends in '/home/pigeon/.ssh/identity', which doesn't exist on either machine. ssh -vvv reveals that it is looking for 'identity', not finding it, trying 'id_rsa', and being happy. BUT... higher up the -vvv output, it is once more complaining that id_rsa isn't a proper key file, as in my original post. >From this, it would appear that for some reason the problem was that ssh-keygen was terminating the keys in 'pigeon@pigeon', but ssh/sshd didn't like that and would prefer them to end in a filename, even if the file doesn't exist... WEIRDY WEIRDY Well, thanks very much for the clue that got it fixed! Nice one! Thanks, Pigeon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]