ssh-keygen and slogin oddity
I'm trying to make ssh ask me for a passphrase when I slogin to another machine, instead of asking me for my password on that machine. With no luck. It always asks me for my password. If I modify /etc/ssh_config to set password authentication to no, then slogin simply fails without asking me for anything. Now, I used Cygwin's ssh-keygen (-t dsa) to generate a ~/.ssh/id_dsa and .pub pair. The id_dsa file starts off: -BEGIN DSA PRIVATE KEY- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,A40CC4090416489F Which generates this error in slogin: : /home/luke ; slogin -v -v -v nevin OpenSSH_3.6.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090702f debug1: Reading configuration data /etc/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug2: ssh_connect: needpriv 0 debug1: Connecting to nevin [10.2.1.9] port 22. debug1: Connection established. debug1: identity file /home/luke/.ssh/identity type 0 debug1: identity file /home/luke/.ssh/id_rsa type -1 debug3: Not a RSA1 key file /home/luke/.ssh/id_dsa. debug2: key_type_from_name: unknown key type '-BEGIN' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'Proc-Type:' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'DEK-Info:' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-END' debug3: key_read: missing keytype debug1: identity file /home/luke/.ssh/id_dsa type 2 But is that simply ssh trying to interpret id_dsa as an RSA key, giving up, then trying to intrepret it as a DSA key? Anyway, any idea why ssh won't ask me for my passphrase? I discovered that you can't strace slogin, either. Any idea how to diagnose what's going on? luke -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: ssh-keygen and slogin oddity
On Fri, Sep 19, 2003 at 05:40:58PM +1000, [EMAIL PROTECTED] wrote: I'm trying to make ssh ask me for a passphrase when I slogin to another machine, instead of asking me for my password on that machine. With no luck. It always asks me for my password. If I modify /etc/ssh_config to set password authentication to no, then slogin simply fails without asking me for anything. Now, I used Cygwin's ssh-keygen (-t dsa) to generate a ~/.ssh/id_dsa and .pub pair. The id_dsa file starts off: Did you copy the public key to the remote machine into ~/.ssh/authorized_keys? Does the remote machine allow pub key authentication (look into the remote sshd_config file if you're allowed to). debug1: identity file /home/luke/.ssh/id_rsa type -1 debug3: Not a RSA1 key file /home/luke/.ssh/id_dsa. [...] debug1: identity file /home/luke/.ssh/id_dsa type 2 But is that simply ssh trying to interpret id_dsa as an RSA key, giving up, then trying to intrepret it as a DSA key? That's normal. Btw., it's RSA1(!), not RSA. It checks for the key being an RSA key for ssh1 protocol first. Another btw., don't use DSA if you can avoid it. Create your own RSA ssh2 key with ssh-keygen -t rsa. It's supposed to be more secure than DSA keys. A last btw., didn't you run ssh-user-config which would have created all those keys for you? Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developermailto:[EMAIL PROTECTED] Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: ssh-keygen and slogin oddity
Corinna, do you have any reference for this? Unless this is something inherent in the ssh protocol or its implementation, which I'm not familiar with, I'm not aware that crypto systems based on discrete logarithms (DSA) are less secure than those based on factoring large integers (RSA). FWIW: - RSA verifies much faster than DSA, whereas DSA signs faster than RSA - RSA can also be used for en-/decryption, whereas DSA can not - RSA was patented in the USA, but the patent ran out in the meantime - strong encryption crypto (eg RSA) was export restricted from the US, but this restriction was deregulated Patrick Corinna Vinschen schrieb: [snip] Another btw., don't use DSA if you can avoid it. Create your own RSA ssh2 key with ssh-keygen -t rsa. It's supposed to be more secure than DSA keys. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: ssh-keygen and slogin oddity
On Fri, Sep 19, 2003 at 02:19:54PM +0200, Patrick Eisenacher wrote: Corinna, do you have any reference for this? There has been discussion about this on the openssh-unix-dev mailing list. Basically RSA is a better choice when the source of random numbers is suspect. A description of this problem in conjunction with DSA is in the WARNING.RNG file in the openssh source package. For the next version I'll put in into /usr/share/doc/openssh as well. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developermailto:[EMAIL PROTECTED] Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/