Re: [gentoo-user] Ssh DSA/RSA log in
On Wed, Mar 30, 2005 at 01:58:53PM -0300, Pupeno wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Je Mardo Marto 29 2005 14:17, Jeff Smelser skribis: > > On Tuesday 29 March 2005 09:51 am, Pupeno wrote: > > > [EMAIL PROTECTED] .ssh $ ls -la > > > total 24 > > > drwxrwx--- 2 sandra users 4096 mar 29 13:01 . > > > drwxrwx--- 62 sandra users 4096 mar 29 12:40 .. > > > -rw--- 1 sandra users 600 mar 29 13:01 authorized_keys > > > -rw--- 1 sandra users 744 mar 28 03:27 id_dsa > > > -rw--- 1 sandra users 600 mar 28 03:27 id_dsa.pub > > > -rw--- 1 sandra users 222 mar 28 03:19 known_hosts > > > > > > and still doesn't work. > > > > rename authorized_keys to authorized_keys2 > > As it was previusly discused, that's no longer needed, it was only used when > moving from protocol 1 to protocol 2. Anyway, I tried and that didn't work. I probably just missed that information, but: Does changing the permissions for id_dsa.pub to 644 change anything? -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Ssh DSA/RSA log in
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Je Mardo Marto 29 2005 14:45, Digby Tarvin skribis: > It won't work if your '.ssh' directory is group writeable. (because then > anyone in group 'users' could replace files and obtain your uid...) Changed that, and still, doesn't work: [EMAIL PROTECTED] .ssh $ ls -la total 8 drwx-- 2 sandra users 4096 mar 30 14:16 . drwxrwx--- 62 sandra users 4096 mar 30 13:15 .. [EMAIL PROTECTED] .ssh $ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/sandra/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/sandra/.ssh/id_dsa. Your public key has been saved in /home/sandra/.ssh/id_dsa.pub. The key fingerprint is: 1a:4a:9a:e8:ae:57:e7:6e:52:60:4c:0d:71:32:f2:ec [EMAIL PROTECTED] [EMAIL PROTECTED] .ssh $ ls -la total 16 drwx-- 2 sandra users 4096 mar 30 14:17 . drwxrwx--- 62 sandra users 4096 mar 30 13:15 .. - -rw--- 1 sandra users 668 mar 30 14:17 id_dsa - -rw-r--r-- 1 sandra users 600 mar 30 14:17 id_dsa.pub [EMAIL PROTECTED] .ssh $ cat id_dsa.pub >> authorized_keys [EMAIL PROTECTED] .ssh $ ls -la total 20 drwx-- 2 sandra users 4096 mar 30 14:17 . drwxrwx--- 62 sandra users 4096 mar 30 13:15 .. - -rw-r--r-- 1 sandra users 600 mar 30 14:17 authorized_keys - -rw--- 1 sandra users 668 mar 30 14:17 id_dsa - -rw-r--r-- 1 sandra users 600 mar 30 14:17 id_dsa.pub [EMAIL PROTECTED] .ssh $ ssh [EMAIL PROTECTED] The authenticity of host 'liv (10.0.0.2)' can't be established. RSA key fingerprint is cb:1d:5d:51:36:67:b0:09:26:a9:72:2b:98:88:56:e4. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'liv,10.0.0.2' (RSA) to the list of known hosts. Password: It is asking for a password. Thank you. - -- Pupeno: [EMAIL PROTECTED] - http://pupeno.com Reading Science Fiction ? http://sfreaders.com.ar -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCStuRfW48a9PWGkURAiE7AKCOyaPQ4c2qfGjmqczjTC8miNar5ACghLGd ky7uFcmVQqMDJMnSnGgmXSE= =Pjgx -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Ssh DSA/RSA log in
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Je Mardo Marto 29 2005 14:09, Stroller skribis: > Not being paying attention, because this has always worked for me, so > apologies if you've already checked: > > $ ls -l /etc/ssh/sshd_config > -rw-r--r-- 1 root root 2747 Jul 27 2004 /etc/ssh/sshd_config > $ grep -ie RSAAuthentication -ie PubkeyAuthentication -ie > AuthorizedKeysFile /etc/ssh/sshd_config > #RSAAuthentication yes > #PubkeyAuthentication yes > #AuthorizedKeysFile .ssh/authorized_keys > #RhostsRSAAuthentication no > # RhostsRSAAuthentication and HostbasedAuthentication > $ Same here: # grep -ie RSAAuthentication -ie PubkeyAuthentication -ie AuthorizedKeysFile /etc/ssh/sshd_config #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys #RhostsRSAAuthentication no # RhostsRSAAuthentication and HostbasedAuthentication Thanks. - -- Pupeno: [EMAIL PROTECTED] - http://pupeno.com Reading Science Fiction ? http://sfreaders.com.ar -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCSt2pfW48a9PWGkURAgh8AJ9L/xYsDRwVuRxm+cr+nIIvBPWcDgCfW3+M Q1g6JAolVW1Y5vWOS0edliw= =CyzO -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Ssh DSA/RSA log in
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Je Mardo Marto 29 2005 15:25, Mark Knecht skribis: > I haven't followed this thread, but yesterday I found this site > withnice instructions for setting up shared keys and auto login. I've > set it up on 5 machines now. Seems to be working nicely. They > recommended 640. > > http://bumblebee.lcs.mit.edu/ssh2/ > > I'm sure 644 probably works also. None worked for this box :( - -- Pupeno: [EMAIL PROTECTED] - http://pupeno.com Reading Science Fiction ? http://sfreaders.com.ar -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCStyZfW48a9PWGkURAvX7AJ4seyp8pJOnSovAskLvI+hn51bzggCfVrK8 MiH9iY4sz5UjPOjepTNZfCs= =OhjA -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Ssh DSA/RSA log in
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Je Mardo Marto 29 2005 14:17, Jeff Smelser skribis: > On Tuesday 29 March 2005 09:51 am, Pupeno wrote: > > [EMAIL PROTECTED] .ssh $ ls -la > > total 24 > > drwxrwx--- 2 sandra users 4096 mar 29 13:01 . > > drwxrwx--- 62 sandra users 4096 mar 29 12:40 .. > > -rw--- 1 sandra users 600 mar 29 13:01 authorized_keys > > -rw--- 1 sandra users 744 mar 28 03:27 id_dsa > > -rw--- 1 sandra users 600 mar 28 03:27 id_dsa.pub > > -rw--- 1 sandra users 222 mar 28 03:19 known_hosts > > > > and still doesn't work. > > rename authorized_keys to authorized_keys2 As it was previusly discused, that's no longer needed, it was only used when moving from protocol 1 to protocol 2. Anyway, I tried and that didn't work. - -- Pupeno: [EMAIL PROTECTED] - http://pupeno.com Reading Science Fiction ? http://sfreaders.com.ar -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCStrQfW48a9PWGkURAtHcAJ0figP7rYrWPX/cPH2v99v9pizs8wCghvkF JtXyfuuwZ/uUfLaC/RV022c= =/WKd -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Ssh DSA/RSA log in
On Tue, 29 Mar 2005 12:01:34 -0500 (EST), A. Khattri <[EMAIL PROTECTED]> wrote: > On Tue, 29 Mar 2005, Pupeno wrote: > > > Even if id_dsa.pub and authorized_keys is group and world readable, it > > doesn't > > work. > > On the servers I used key auth with the .ssh folder is 0700 (i.e. > drwx--) while the authorized_keys file is 0644 (rw-r--r--). I haven't followed this thread, but yesterday I found this site withnice instructions for setting up shared keys and auto login. I've set it up on 5 machines now. Seems to be working nicely. They recommended 640. http://bumblebee.lcs.mit.edu/ssh2/ I'm sure 644 probably works also. - Mark -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Ssh DSA/RSA log in
On Tue, 29 Mar 2005, Pupeno wrote: > Even if id_dsa.pub and authorized_keys is group and world readable, it doesn't > work. On the servers I used key auth with the .ssh folder is 0700 (i.e. drwx--) while the authorized_keys file is 0644 (rw-r--r--). -- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Ssh DSA/RSA log in
It won't work if your '.ssh' directory is group writeable. (because then anyone in group 'users' could replace files and obtain your uid...) Regards, DigbyT > I don't think that's my problem: > > [EMAIL PROTECTED] .ssh $ ls -la > total 24 > drwxrwx--- 2 sandra users 4096 mar 29 13:01 . ---^ > drwxrwx--- 62 sandra users 4096 mar 29 12:40 .. > - -rw--- 1 sandra users 600 mar 29 13:01 authorized_keys > - -rw--- 1 sandra users 744 mar 28 03:27 id_dsa > - -rw--- 1 sandra users 600 mar 28 03:27 id_dsa.pub > - -rw--- 1 sandra users 222 mar 28 03:19 known_hosts > > and still doesn't work. > > Thank you. > > - -- > Pupeno: [EMAIL PROTECTED] - http://pupeno.com > Reading Science Fiction ? http://sfreaders.com.ar > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.1 (GNU/Linux) > > iD8DBQFCSXmefW48a9PWGkURAi/jAJ9XwkSfe92XE2pPxoTboT3mSCk+mwCffA78 > gVfa6/Ht7C3S2bWb9QkHEBA= > =le0t > -END PGP SIGNATURE- > -- > gentoo-user@gentoo.org mailing list -- Digby R. S. Tarvin [EMAIL PROTECTED] http://www.digbyt.com -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Ssh DSA/RSA log in
On Tuesday 29 March 2005 09:51 am, Pupeno wrote: > [EMAIL PROTECTED] .ssh $ ls -la > total 24 > drwxrwx--- 2 sandra users 4096 mar 29 13:01 . > drwxrwx--- 62 sandra users 4096 mar 29 12:40 .. > -rw--- 1 sandra users 600 mar 29 13:01 authorized_keys > -rw--- 1 sandra users 744 mar 28 03:27 id_dsa > -rw--- 1 sandra users 600 mar 28 03:27 id_dsa.pub > -rw--- 1 sandra users 222 mar 28 03:19 known_hosts > > and still doesn't work. rename authorized_keys to authorized_keys2 Jeff pgpYci1VkDMWc.pgp Description: PGP signature
Re: [gentoo-user] Ssh DSA/RSA log in
On Mar 29, 2005, at 4:51 pm, Pupeno wrote: Je Lundo Marto 28 2005 06:26, Henrik Andersson skribis: you may have to check file permisson of authorized_keys ... I don't think that's my problem: Not being paying attention, because this has always worked for me, so apologies if you've already checked: $ ls -l /etc/ssh/sshd_config -rw-r--r-- 1 root root 2747 Jul 27 2004 /etc/ssh/sshd_config $ grep -ie RSAAuthentication -ie PubkeyAuthentication -ie AuthorizedKeysFile /etc/ssh/sshd_config #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys #RhostsRSAAuthentication no # RhostsRSAAuthentication and HostbasedAuthentication $ Stroller. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Ssh DSA/RSA log in
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Je Lundo Marto 28 2005 06:26, Henrik Andersson skribis: > you may have to check file permisson of authorized_keys > > i have: > -rw--- 1 root root 602 Mar 25 18:49 authorized_keys > in root's .ssh/ > the file must only be readable by the user I don't think that's my problem: [EMAIL PROTECTED] .ssh $ ls -la total 24 drwxrwx--- 2 sandra users 4096 mar 29 13:01 . drwxrwx--- 62 sandra users 4096 mar 29 12:40 .. - -rw--- 1 sandra users 600 mar 29 13:01 authorized_keys - -rw--- 1 sandra users 744 mar 28 03:27 id_dsa - -rw--- 1 sandra users 600 mar 28 03:27 id_dsa.pub - -rw--- 1 sandra users 222 mar 28 03:19 known_hosts and still doesn't work. Thank you. - -- Pupeno: [EMAIL PROTECTED] - http://pupeno.com Reading Science Fiction ? http://sfreaders.com.ar -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCSXmefW48a9PWGkURAi/jAJ9XwkSfe92XE2pPxoTboT3mSCk+mwCffA78 gVfa6/Ht7C3S2bWb9QkHEBA= =le0t -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Ssh DSA/RSA log in
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Je Lundo Marto 28 2005 05:18, Dirk Raeder skribis: > My fault. It seems that the sshd doesn't recognize the keys. Check your > /etc/ssh/sshd_config. It should contain these lines: > > Protocol 2 # makes sure the more recent version 2 of ssh is used > RSAAuthentication yes # activates auth via RSA > PubkeyAuthentication yes # activates auth with keyfiles instead of > passwords AuthorizedKeysFile .ssh/authorized_keys > > Of course, you can omit the comments. > IIRC, I had to uncomment these lines when installing my systems to activate > key authorization. I think those options are the default. I believe the problem is not on the server, but on the client, if I copy authorized_keys to lab (another computer), it doesn't work (to ssh from [EMAIL PROTECTED] to [EMAIL PROTECTED]), it's exactly the same, while [EMAIL PROTECTED] to [EMAIL PROTECTED] can use DSA authentication without problem. - -- Pupeno: [EMAIL PROTECTED] - http://pupeno.com Reading Science Fiction ? http://sfreaders.com.ar -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCSXitfW48a9PWGkURAsEiAJ41B3ummb8nVVQ7Gf6PJcAysyUdxwCeKjG9 cLvvoGWlSh7pxTZ4YdM839c= =j1BG -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Ssh DSA/RSA log in
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Je Lundo Marto 28 2005 06:03, Digby Tarvin skribis: > Are you sure your access permissions and ownership is correct for your > authorised_keys file? It will be ignored if it is group or world writeable, > or owned by the wrong person. Have you modified the sshd config file > at all (mine is untouched). I think it is ok: [EMAIL PROTECTED] .ssh $ ls -la total 24 drwxrwx--- 2 sandra users 4096 mar 29 13:01 . drwxrwx--- 62 sandra users 4096 mar 29 12:40 .. - -rw--- 1 sandra users 600 mar 29 13:01 authorized_keys - -rw--- 1 sandra users 744 mar 28 03:27 id_dsa - -rw--- 1 sandra users 600 mar 28 03:27 id_dsa.pub - -rw--- 1 sandra users 222 mar 28 03:19 known_hosts Even if id_dsa.pub and authorized_keys is group and world readable, it doesn't work. Thank you. - -- Pupeno: [EMAIL PROTECTED] - http://pupeno.com Reading Science Fiction ? http://sfreaders.com.ar -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCSXkSfW48a9PWGkURAmaPAKCPCI4qVKd0QDupQq8miX+gqp5cQACfRljQ el+qU6VNt8nTB4N4bHg3HKE= =CZfG -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Ssh DSA/RSA log in
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Je Lundo Marto 28 2005 15:35, Digby Tarvin skribis: > I thought the permissions had to be 600 also, but when I tested it out > on my gentoo box earlier today, 644 seemed ok for the keys file in > the default config: > > [EMAIL PROTECTED]:/etc/init.d> ssh penemunde > Last login: Mon Mar 28 10:00:43 2005 from voyager2.cthulhu.dircon.co.uk > gentoo:/home2/digbyt> cd .ssh > gentoo:.ssh> ls -l > total 8 > -rw-r--r-- 1 digbyt digbyt 1149 Mar 28 09:54 authorized_keys > -rw-r--r-- 1 digbyt digbyt 838 Mar 18 15:14 known_hosts > gentoo:.ssh> ls -ld . > drwx-- 2 digbyt digbyt 4096 Mar 28 09:55 . > gentoo:.ssh> Setting it that way doesn't work for me either. Thank you. - -- Pupeno: [EMAIL PROTECTED] - http://pupeno.com Reading Science Fiction ? http://sfreaders.com.ar -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCSXllfW48a9PWGkURAr9NAKCEmJde6oUY6dpWWR4q+mQbpvQ0aQCfRkMT 1wdGUGpjQeqz3hPBbc0v3so= =0eoN -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Ssh DSA/RSA log in
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Je Lundo Marto 28 2005 14:59, Kashani skribis: > In regards to the problem. Check your permissions. .ssh/ and > authorized_keys should be owned by the local user and have permissions > of 600. If they do not, authentication won't work. I believe they are correct: $ ls -la total 24 drwxrwx--- 2 sandra users 4096 mar 29 13:01 . drwxrwx--- 62 sandra users 4096 mar 29 12:40 .. - -rw--- 1 sandra users 600 mar 29 13:01 authorized_keys - -rw--- 1 sandra users 744 mar 28 03:27 id_dsa - -rw--- 1 sandra users 600 mar 28 03:27 id_dsa.pub - -rw--- 1 sandra users 222 mar 28 03:19 known_hosts Thank you. - -- Pupeno: [EMAIL PROTECTED] - http://pupeno.com Reading Science Fiction ? http://sfreaders.com.ar -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCSXlBfW48a9PWGkURAtHHAKCHlJAW1KX8jRm1r/v7ksxZ/TXTzQCghPv3 UrTHiNQxOuf0o1lCRnP80/0= =I2mL -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Ssh DSA/RSA log in
I thought the permissions had to be 600 also, but when I tested it out on my gentoo box earlier today, 644 seemed ok for the keys file in the default config: [EMAIL PROTECTED]:/etc/init.d> ssh penemunde Last login: Mon Mar 28 10:00:43 2005 from voyager2.cthulhu.dircon.co.uk gentoo:/home2/digbyt> cd .ssh gentoo:.ssh> ls -l total 8 -rw-r--r-- 1 digbyt digbyt 1149 Mar 28 09:54 authorized_keys -rw-r--r-- 1 digbyt digbyt 838 Mar 18 15:14 known_hosts gentoo:.ssh> ls -ld . drwx-- 2 digbyt digbyt 4096 Mar 28 09:55 . gentoo:.ssh> On Mon, Mar 28, 2005 at 11:59:48AM -0600, Kashani wrote: > Digby Tarvin wrote: > >Seems you are right. I had discovered the need for 'authorized_keys2' > >some time ago, and been using it ever since. > > > >But I just tried moving it to 'authorized_keys' and it appears that is > >now accepted for protocol 2 also. > > Yeah authorized_keys2 was a transitional file when protocol 2 first came > out IIRC. Mostly as a way to provide backwards compatibility to older > clients. It hasn't been needed if you were running current server and > client software. > > In regards to the problem. Check your permissions. .ssh/ and > authorized_keys should be owned by the local user and have permissions > of 600. If they do not, authentication won't work. > > kashani > -- > gentoo-user@gentoo.org mailing list -- Digby R. S. Tarvin [EMAIL PROTECTED] http://www.digbyt.com -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Ssh DSA/RSA log in
Digby Tarvin wrote: Seems you are right. I had discovered the need for 'authorized_keys2' some time ago, and been using it ever since. But I just tried moving it to 'authorized_keys' and it appears that is now accepted for protocol 2 also. Yeah authorized_keys2 was a transitional file when protocol 2 first came out IIRC. Mostly as a way to provide backwards compatibility to older clients. It hasn't been needed if you were running current server and client software. In regards to the problem. Check your permissions. .ssh/ and authorized_keys should be owned by the local user and have permissions of 600. If they do not, authentication won't work. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Ssh DSA/RSA log in
Pupeno wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm trying to set up a passwordless log in, using ssh and dsa or rsa keys. For that, I first try to make it work for localhost. So, I do the following steps: [EMAIL PROTECTED] sandra $ cd .ssh Generate a dsa and rsa keys (just in case): [EMAIL PROTECTED] .ssh $ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/sandra/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/sandra/.ssh/id_dsa. Your public key has been saved in /home/sandra/.ssh/id_dsa.pub. The key fingerprint is: bd:7c:9d:d2:7a:c9:e5:df:13:15:69:32:94:e0:bd:29 [EMAIL PROTECTED] [EMAIL PROTECTED] .ssh $ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/sandra/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/sandra/.ssh/id_rsa. Your public key has been saved in /home/sandra/.ssh/id_rsa.pub. The key fingerprint is: e5:72:8b:4c:a2:fb:88:b1:a1:ee:e0:99:0f:9b:1b:27 [EMAIL PROTECTED] [EMAIL PROTECTED] .ssh $ ls id_dsa id_dsa.pub id_rsa id_rsa.pub known_hosts Make them authorized keys: [EMAIL PROTECTED] .ssh $ cat id_dsa.pub id_rsa.pub >> authorized_keys Try to log in to [EMAIL PROTECTED] (liv is localhost): $ ssh [EMAIL PROTECTED] Password: As you can see, it asks me for a password (instead of asking me for a passphrase for the key). It simple doesn't work. This is done with an out of the box openssh configuration (from Gentoo, of course). To gether more information I can run ssh -vv [EMAIL PROTECTED], getting the following: [EMAIL PROTECTED] .ssh $ ssh -vv [EMAIL PROTECTED] OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to liv [10.0.0.2] port 22. debug1: Connection established. debug1: identity file /home/sandra/.ssh/identity type -1 debug2: key_type_from_name: unknown key type '-BEGIN' debug2: key_type_from_name: unknown key type 'Proc-Type:' debug2: key_type_from_name: unknown key type 'DEK-Info:' debug2: key_type_from_name: unknown key type '-END' debug1: identity file /home/sandra/.ssh/id_rsa type 1 debug2: key_type_from_name: unknown key type '-BEGIN' debug2: key_type_from_name: unknown key type 'Proc-Type:' debug2: key_type_from_name: unknown key type 'DEK-Info:' debug2: key_type_from_name: unknown key type '-END' debug1: identity file /home/sandra/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9p1 debug1: match: OpenSSH_3.9p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.9p1 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2:
Re: [gentoo-user] Ssh DSA/RSA log in
Seems you are right. I had discovered the need for 'authorized_keys2' some time ago, and been using it ever since. But I just tried moving it to 'authorized_keys' and it appears that is now accepted for protocol 2 also. However I just tried: cd $HOME/.ssh scp skaro:.ssh/authorized_keys2 . on a newly installed machine, giving: 2.gentoo:.ssh> ls -l total 8 -rw-r--r-- 1 digbyt digbyt 1149 Mar 28 09:54 authorized_keys2 -rw-r--r-- 1 digbyt digbyt 838 Mar 18 15:14 known_hosts And from another host: [EMAIL PROTECTED]:/home/digbyt> ssh gentoo Last login: Mon Mar 28 09:55:21 2005 from voyager2.cthulhu.dircon.co.uk UTF-8 activated! gentoo:/home2/digbyt> So it works as expected for me. Are you sure your access permissions and ownership is correct for your authorised_keys file? It will be ignored if it is group or world writeable, or owned by the wrong person. Have you modified the sshd config file at all (mine is untouched). Regards, DigbyT On Mon, Mar 28, 2005 at 05:25:41AM -0300, Pupeno wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Je Lundo Marto 28 2005 05:01, Digby Tarvin skribis: > > It doesn't seem to be very well documented, but $HOME/authorized_keys > > is for protocol 1 RSA (identity.pub) only. > I don't think that's the case anymore (I remember that, but long ago), in my > other box (lab) with another user (pupeno), I've did the same I did with > [EMAIL PROTECTED] (using authorizied_keys) and it worked. > > > For protocol 2 DSA, and protocol 2 RSA (id_dsa.pub id_rsa.pub) > > you need to create a $HOME/authorized_keys2, ie > > $ cat id_dsa.pub id_rsa.pub >> authorized_keys2 > > > > It had me digging through the source the first time I tried to > > install passwordless ssh > [EMAIL PROTECTED] .ssh $ cat id_dsa.pub id_rsa.pub >> authorized_keys2 > [EMAIL PROTECTED] .ssh $ ssh [EMAIL PROTECTED] > Password: > > It still doesn't work. > > Thank you. > - -- > Pupeno: [EMAIL PROTECTED] - http://pupeno.com > Reading Science Fiction ? http://sfreaders.com.ar > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.1 (GNU/Linux) > > iD8DBQFCR7+HfW48a9PWGkURAtsyAJ9OTezgmSHmKKg/WvgOLkvzWwzofACcDw5H > 6iiBcYMHntJFlGs6u8GVnXI= > =+exw > -END PGP SIGNATURE- > -- > gentoo-user@gentoo.org mailing list -- Digby R. S. Tarvin [EMAIL PROTECTED] http://www.digbyt.com -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Ssh DSA/RSA log in
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Je Lundo Marto 28 2005 05:01, Digby Tarvin skribis: > It doesn't seem to be very well documented, but $HOME/authorized_keys > is for protocol 1 RSA (identity.pub) only. I don't think that's the case anymore (I remember that, but long ago), in my other box (lab) with another user (pupeno), I've did the same I did with [EMAIL PROTECTED] (using authorizied_keys) and it worked. > For protocol 2 DSA, and protocol 2 RSA (id_dsa.pub id_rsa.pub) > you need to create a $HOME/authorized_keys2, ie > $ cat id_dsa.pub id_rsa.pub >> authorized_keys2 > > It had me digging through the source the first time I tried to > install passwordless ssh [EMAIL PROTECTED] .ssh $ cat id_dsa.pub id_rsa.pub >> authorized_keys2 [EMAIL PROTECTED] .ssh $ ssh [EMAIL PROTECTED] Password: It still doesn't work. Thank you. - -- Pupeno: [EMAIL PROTECTED] - http://pupeno.com Reading Science Fiction ? http://sfreaders.com.ar -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCR7+HfW48a9PWGkURAtsyAJ9OTezgmSHmKKg/WvgOLkvzWwzofACcDw5H 6iiBcYMHntJFlGs6u8GVnXI= =+exw -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Ssh DSA/RSA log in
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pupeno wrote: >>>Now Sandra can ssh from her account to her >>>account on the same machine without a password. > > No, she can't, it doesn't work, check my commands and you'll see it is still > asking for a password. My fault. It seems that the sshd doesn't recognize the keys. Check your /etc/ssh/sshd_config. It should contain these lines: Protocol 2 # makes sure the more recent version 2 of ssh is used RSAAuthentication yes # activates auth via RSA PubkeyAuthentication yes # activates auth with keyfiles instead of passwords AuthorizedKeysFile .ssh/authorized_keys Of course, you can omit the comments. IIRC, I had to uncomment these lines when installing my systems to activate key authorization. - -- Dirk Raeder I prefer encrypted and signed messages. My GPG key is available at hkp://blackhole.pca.dfn.de with ID 0x05EB5446 Registered Linux user #378554 http://counter.li.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCR73U2QYJ1wXrVEYRApZuAJ9gp3EtQgNjQF5tjo6jT132utItJACfYwWu dJxXWPG84JveUlTBzYMJQaE= =yDSL -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Ssh DSA/RSA log in
It doesn't seem to be very well documented, but $HOME/authorized_keys is for protocol 1 RSA (identity.pub) only. For protocol 2 DSA, and protocol 2 RSA (id_dsa.pub id_rsa.pub) you need to create a $HOME/authorized_keys2, ie $ cat id_dsa.pub id_rsa.pub >> authorized_keys2 It had me digging through the source the first time I tried to install passwordless ssh Regards, DigbyT On Mon, Mar 28, 2005 at 03:20:03AM -0300, Pupeno wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > I'm trying to set up a passwordless log in, using ssh and dsa or rsa keys. > For > that, I first try to make it work for localhost. So, I do the following > steps: > > [EMAIL PROTECTED] sandra $ cd .ssh > > Generate a dsa and rsa keys (just in case): > > [EMAIL PROTECTED] .ssh $ ssh-keygen -t dsa > Generating public/private dsa key pair. > Enter file in which to save the key (/home/sandra/.ssh/id_dsa): > Enter passphrase (empty for no passphrase): > Enter same passphrase again: > Your identification has been saved in /home/sandra/.ssh/id_dsa. > Your public key has been saved in /home/sandra/.ssh/id_dsa.pub. > The key fingerprint is: > bd:7c:9d:d2:7a:c9:e5:df:13:15:69:32:94:e0:bd:29 [EMAIL PROTECTED] > [EMAIL PROTECTED] .ssh $ ssh-keygen -t rsa > Generating public/private rsa key pair. > Enter file in which to save the key (/home/sandra/.ssh/id_rsa): > Enter passphrase (empty for no passphrase): > Enter same passphrase again: > Your identification has been saved in /home/sandra/.ssh/id_rsa. > Your public key has been saved in /home/sandra/.ssh/id_rsa.pub. > The key fingerprint is: > e5:72:8b:4c:a2:fb:88:b1:a1:ee:e0:99:0f:9b:1b:27 [EMAIL PROTECTED] > [EMAIL PROTECTED] .ssh $ ls > id_dsa id_dsa.pub id_rsa id_rsa.pub known_hosts > > Make them authorized keys: > > [EMAIL PROTECTED] .ssh $ cat id_dsa.pub id_rsa.pub >> authorized_keys > > Try to log in to [EMAIL PROTECTED] (liv is localhost): > > $ ssh [EMAIL PROTECTED] > Password: > > As you can see, it asks me for a password (instead of asking me for a > passphrase for the key). It simple doesn't work. > This is done with an out of the box openssh configuration (from Gentoo, of > course). > > To gether more information I can run ssh -vv [EMAIL PROTECTED], getting the > following: > > [EMAIL PROTECTED] .ssh $ ssh -vv [EMAIL PROTECTED] > OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004 > debug1: Reading configuration data /etc/ssh/ssh_config > debug2: ssh_connect: needpriv 0 > debug1: Connecting to liv [10.0.0.2] port 22. > debug1: Connection established. > debug1: identity file /home/sandra/.ssh/identity type -1 > debug2: key_type_from_name: unknown key type '-BEGIN' > debug2: key_type_from_name: unknown key type 'Proc-Type:' > debug2: key_type_from_name: unknown key type 'DEK-Info:' > debug2: key_type_from_name: unknown key type '-END' > debug1: identity file /home/sandra/.ssh/id_rsa type 1 > debug2: key_type_from_name: unknown key type '-BEGIN' > debug2: key_type_from_name: unknown key type 'Proc-Type:' > debug2: key_type_from_name: unknown key type 'DEK-Info:' > debug2: key_type_from_name: unknown key type '-END' > debug1: identity file /home/sandra/.ssh/id_dsa type 2 > debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9p1 > debug1: match: OpenSSH_3.9p1 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_3.9p1 > debug2: fd 3 setting O_NONBLOCK > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL > PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL > PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL > PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL > PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,h
Re: [gentoo-user] Ssh DSA/RSA log in
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Je Lundo Marto 28 2005 03:34, Dirk Raeder skribis: > To sum up what you did: > > You created the dsa-key as user sandra and copied the public key to > sandra's authorized_keys. Yes. > Now Sandra can ssh from her account to her > account on the same machine without a password. No, she can't, it doesn't work, check my commands and you'll see it is still asking for a password. > What you have to do for passwordless log in, which is rather insecure: > Create a dsa- or rsa-key for the user you want to open the ssh connection > from, probably your account. > Copy the public key to the file ~/.ssh/authorized_keys on the machine and > account you want to log in. That doesn't work either, if I copy the keys to lab, another computer in this same LAN, the results are the same. Since one computer is a better environment than two (easier to control), I wanted to make it work first from and to liv, for sandra. Thanks. - -- Pupeno: [EMAIL PROTECTED] - http://pupeno.com Reading Science Fiction ? http://sfreaders.com.ar -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCR69AfW48a9PWGkURAsylAJ9i5jVfbqKvh1MUWgImN10AIgA7WACgk/hi Ev+M2H4mVZMYw+DH8WQdnsM= =GyPH -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Ssh DSA/RSA log in
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pupeno wrote: > I'm trying to set up a passwordless log in, using ssh and dsa or rsa > keys. For that, I first try to make it work for localhost. So, I do the > following steps: > > [EMAIL PROTECTED] sandra $ cd .ssh > > Generate a dsa and rsa keys (just in case): > > [EMAIL PROTECTED] .ssh $ ssh-keygen -t dsa Generating public/private dsa key > pair. Enter file in which to save the key (/home/sandra/.ssh/id_dsa): > Enter passphrase (empty for no passphrase): Enter same passphrase again: > Your identification has been saved in /home/sandra/.ssh/id_dsa. Your > public key has been saved in /home/sandra/.ssh/id_dsa.pub. The key > fingerprint is: bd:7c:9d:d2:7a:c9:e5:df:13:15:69:32:94:e0:bd:29 > [EMAIL PROTECTED] [EMAIL PROTECTED] .ssh $ ssh-keygen -t rsa Generating > public/private > rsa key pair. Enter file in which to save the key > (/home/sandra/.ssh/id_rsa): Enter passphrase (empty for no passphrase): > Enter same passphrase again: Your identification has been saved in > /home/sandra/.ssh/id_rsa. Your public key has been saved in > /home/sandra/.ssh/id_rsa.pub. The key fingerprint is: > e5:72:8b:4c:a2:fb:88:b1:a1:ee:e0:99:0f:9b:1b:27 [EMAIL PROTECTED] [EMAIL > PROTECTED] > .ssh $ ls id_dsa id_dsa.pub id_rsa id_rsa.pub known_hosts > > Make them authorized keys: > > [EMAIL PROTECTED] .ssh $ cat id_dsa.pub id_rsa.pub >> authorized_keys > > Try to log in to [EMAIL PROTECTED] (liv is localhost): > > $ ssh [EMAIL PROTECTED] Password: > > > Any help will be very appretiated. Thank you. To sum up what you did: You created the dsa-key as user sandra and copied the public key to sandra's authorized_keys. Now Sandra can ssh from her account to her account on the same machine without a password. What you have to do for passwordless log in, which is rather insecure: Create a dsa- or rsa-key for the user you want to open the ssh connection from, probably your account. Copy the public key to the file ~/.ssh/authorized_keys on the machine and account you want to log in. HTH - -- Dirk Raeder I prefer encrypted and signed messages. My GPG key is available at hkp://blackhole.pca.dfn.de with ID 0x05EB5446 Registered Linux user #378554 http://counter.li.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCR6Vu2QYJ1wXrVEYRAgmQAKC52CXI+G1oG1wFAfc7pF+BDn/GKACgi9y5 Zv1XpjDexoKAsYvcWUXM58o= =1fOv -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
[gentoo-user] Ssh DSA/RSA log in
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm trying to set up a passwordless log in, using ssh and dsa or rsa keys. For that, I first try to make it work for localhost. So, I do the following steps: [EMAIL PROTECTED] sandra $ cd .ssh Generate a dsa and rsa keys (just in case): [EMAIL PROTECTED] .ssh $ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/sandra/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/sandra/.ssh/id_dsa. Your public key has been saved in /home/sandra/.ssh/id_dsa.pub. The key fingerprint is: bd:7c:9d:d2:7a:c9:e5:df:13:15:69:32:94:e0:bd:29 [EMAIL PROTECTED] [EMAIL PROTECTED] .ssh $ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/sandra/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/sandra/.ssh/id_rsa. Your public key has been saved in /home/sandra/.ssh/id_rsa.pub. The key fingerprint is: e5:72:8b:4c:a2:fb:88:b1:a1:ee:e0:99:0f:9b:1b:27 [EMAIL PROTECTED] [EMAIL PROTECTED] .ssh $ ls id_dsa id_dsa.pub id_rsa id_rsa.pub known_hosts Make them authorized keys: [EMAIL PROTECTED] .ssh $ cat id_dsa.pub id_rsa.pub >> authorized_keys Try to log in to [EMAIL PROTECTED] (liv is localhost): $ ssh [EMAIL PROTECTED] Password: As you can see, it asks me for a password (instead of asking me for a passphrase for the key). It simple doesn't work. This is done with an out of the box openssh configuration (from Gentoo, of course). To gether more information I can run ssh -vv [EMAIL PROTECTED], getting the following: [EMAIL PROTECTED] .ssh $ ssh -vv [EMAIL PROTECTED] OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to liv [10.0.0.2] port 22. debug1: Connection established. debug1: identity file /home/sandra/.ssh/identity type -1 debug2: key_type_from_name: unknown key type '-BEGIN' debug2: key_type_from_name: unknown key type 'Proc-Type:' debug2: key_type_from_name: unknown key type 'DEK-Info:' debug2: key_type_from_name: unknown key type '-END' debug1: identity file /home/sandra/.ssh/id_rsa type 1 debug2: key_type_from_name: unknown key type '-BEGIN' debug2: key_type_from_name: unknown key type 'Proc-Type:' debug2: key_type_from_name: unknown key type 'DEK-Info:' debug2: key_type_from_name: unknown key type '-END' debug1: identity file /home/sandra/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9p1 debug1: match: OpenSSH_3.9p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.9p1 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: d
