Many older versions of Linux uses the Free Version of SSH. OpenSSH itself is derived from the Free Version of SSH when it was SSH Version 1.2.12.
So, I am not surprised if your Debian Version has the Free Version of SSH and not OpenSSH. For one thing your Server does not understand "Authorized_keys" which is the standard "public keys" used on OpenSSH. > On Thu, 2004-05-13 at 21:06, [EMAIL PROTECTED] wrote: > > I believe that you have two different SSH software. > > > > On the Client side you have OpenSSH (www.openssh.org). > > > > On the Server side you have SSH (www.ssh.com). There > > are versions of SSH that are completely compatible with > > OpenSSH but others are not. > > > > These are the reasons why the two softwares are not > > completely compatible. > > > > Suggestion: Remove SSH2 from the server and install > > OpenSSH on it. > > I hear that, but I am surprised that the Debian package is not OpenSSH. > In fact ssh is symlinked to ssh2 and sshd is symlinked to sshd2, but it > certainly does look to be the SSH product and not the OpenSSH. > > > > > > On Sun, 2004-05-02 at 17:12, Ken Foskey wrote: > > > > On Sun, 2004-05-02 at 17:07, Howard Lowndes wrote: > > > > > > > > > Mmmm. SSH2 on Deb doesn't mention the authorized_keys file in the man > > > > > pages, just the authorization file and the key files that are listed > > > > > therein. I already had done the above anyway as it is the way things > > > > > work on RedHat, but to no avail on Deb. > > > > > > > > Ping. Lightbulb. > > > > > > > > It is disabled by default on Debian because of the security concerns. > > > > > > > > Guessing but look for something like this in your /etc/ssh/sshd_config > > > > file. > > > > > > > > RSAAuthentication yes > > > > PubkeyAuthentication yes > > > > #AuthorizedKeysFile %h/.ssh/authorized_keys > > > > > > This is getting weirder. > > > > > > I put these lines into /etc/ssh2/sshd2_config and it objected to the > > > PubkeyAuthentication parameter, not once but twice. The parameter was > > > in there already but was commented out. When I remove _all_ reference > > > to PubkeyAuthentication it still complains about it, but this time only > > > once. > > > > > > Here is my current /etc/ssh2/sshd2_config: > > > > > > # sshd2_config > > > # SSH 2.0 Server Configuration File > > > > > > *: > > > Port 22 > > > ListenAddress 0.0.0.0 > > > Ciphers AnyStd > > > # Ciphers AnyCipher > > > # Ciphers AnyStdCipher > > > # Ciphers 3des > > > IdentityFile identification > > > AuthorizationFile authorization > > > HostKeyFile hostkey > > > PublicHostKeyFile hostkey.pub > > > RandomSeedFile random_seed > > > ForwardAgent yes > > > ForwardX11 yes > > > # DEPRECATED PasswordAuthentication yes > > > PasswordGuesses 3 > > > # MaxConnections 50 > > > # 0 == number of connections not limited > > > MaxConnections 0 > > > # PermitRootLogin nopwd > > > PermitRootLogin yes > > > # DEPRECATED > > > RSAAuthentication yes > > > # AuthorizedKeysFile %h/.ssh/authorized_keys > > > > > > # AllowedAuthentications publickey,password,hostbased > > > AllowedAuthentications publickey,password > > > # RequiredAuthentications publickey,password > > > ForcePTTYAllocation no > > > VerboseMode no > > > PrintMotd yes > > > CheckMail yes > > > UserConfigDirectory "%D/.ssh2" > > > # UserConfigDirectory "/etc/ssh2/auth/%U" > > > SyslogFacility AUTH > > > # SyslogFacility LOCAL7 > > > Ssh1Compatibility yes > > > Sshd1Path /usr/sbin/sshd1 > > > # AllowHosts localhost, foobar.com, friendly.org > > > # DenyHosts evil.org, aol.com > > > # AllowSHosts trusted.host.org > > > # DenySHosts not.quite.trusted.org > > > # NoDelay yes > > > > > > # KeepAlive yes > > > RequireReverseMapping yes > > > UserKnownHosts yes > > > > > > # subsystem definitions > > > > > > subsystem-sftp sftp-server > > > > > > > > > ...and this is the dialogue that I get when I start sshd2 in debug mode: > > > > > > # sshd2 -v > > > WARNING: Development-time debugging not compiled in. > > > WARNING: To enable, configure with --enable-debug and recompile. > > > WARNING: PubkeyAuthentication configuration keyword is deprecated. Use > > > AllowedAuthentications. > > > WARNING: Defining AllowedAuthentications. Parameter PubkeyAuthentication > > > (already defined) will be ignored. > > > WARNING: Development-time debugging not compiled in. > > > WARNING: To enable, configure with --enable-debug and recompile. > > > debug: Reading private host key from /etc/ssh2/hostkey > > > debug: Key comment: 1024-bit dsa, [EMAIL PROTECTED], Sun Apr 04 2004 13:33:50 > > > +1000 > > > debug: SshUnixConfig/sshunixconfig.c:270/ssh_server_load_host_key: > > > Reading public host key from: /etc/ssh2/hostkey.pub > > > debug: Becoming server. > > > debug: Creating listener > > > debug: Listener created > > > sshd2[1281]: Listener created on port 22. > > > sshd2[1281]: Daemon is running. > > > debug: Running event loop > > > > > > > > > ...at this point I now try to log in and on the client I get: > > > > > > # ssh -v bu > > > OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f > > > debug1: Reading configuration data /etc/ssh/ssh_config > > > debug1: Applying options for * > > > debug1: Rhosts Authentication disabled, originating port will not be > > > trusted. > > > debug1: ssh_connect: needpriv 0 > > > debug1: Connecting to bu [192.168.255.19] port 22. > > > debug1: Connection established. > > > debug1: identity file /root/.ssh/identity type 0 > > > debug1: identity file /root/.ssh/id_rsa type 1 > > > debug1: identity file /root/.ssh/id_dsa type 2 > > > debug1: Remote protocol version 1.99, remote software version 2.0.13 > > > (non-commercial) > > > debug1: match: 2.0.13 (non-commercial) pat > > > 2.0.13*,2.0.14*,2.0.15*,2.0.16*,2.0.17*,2.0.18*,2.0.19* > > > debug1: Enabling compatibility mode for protocol 2.0 > > > debug1: Local version string SSH-2.0-OpenSSH_3.5p1 > > > debug1: SSH2_MSG_KEXINIT sent > > > debug1: SSH2_MSG_KEXINIT received > > > debug1: kex: server->client 3des-cbc hmac-md5 none > > > debug1: kex: client->server 3des-cbc hmac-md5 none > > > debug1: dh_gen_key: priv key bits set: 193/384 > > > debug1: bits set: 517/1024 > > > debug1: sending SSH2_MSG_KEXDH_INIT > > > debug1: expecting SSH2_MSG_KEXDH_REPLY > > > debug1: Host 'bu' is known and matches the DSA host key. > > > debug1: Found key in /root/.ssh/known_hosts:224 > > > debug1: bits set: 497/1024 > > > debug1: ssh_dss_verify: signature correct > > > debug1: kex_derive_keys > > > debug1: newkeys: mode 1 > > > debug1: SSH2_MSG_NEWKEYS sent > > > debug1: waiting for SSH2_MSG_NEWKEYS > > > debug1: newkeys: mode 0 > > > debug1: SSH2_MSG_NEWKEYS received > > > debug1: done: ssh_kex2. > > > debug1: send SSH2_MSG_SERVICE_REQUEST > > > debug1: buggy server: service_accept w/o service > > > debug1: got SSH2_MSG_SERVICE_ACCEPT > > > debug1: authentications that can continue: publickey,password > > > debug1: next auth method to try is publickey > > > debug1: try pubkey: /root/.ssh/id_rsa > > > debug1: authentications that can continue: publickey,password > > > debug1: try pubkey: /root/.ssh/id_dsa > > > debug1: authentications that can continue: publickey,password > > > debug1: next auth method to try is password > > > [EMAIL PROTECTED]'s password: > > > > > > > > > ...and on the server I get this continuation: > > > > > > sshd2[1281]: connection from "192.168.255.17" > > > debug: Sshd2/sshd2.c:653/new_connection_callback: Wrapping stream with > > > ssh_server_wrap... > > > debug: ssh_server_wrap: creating transport protocol > > > debug: ssh_server_wrap: creating userauth protocol > > > debug: Sshd2/sshd2.c:663/new_connection_callback: done. > > > debug: new_connection_callback returning > > > debug: Remote version: SSH-2.0-OpenSSH_3.5p1 > > > > > > debug: ssh_sigchld_real_callback > > > debug: ssh_sigchld_real_callback > > > > > > > > > > > > All of the perms look OK. At the client end: > > > > > > # ll .ssh/ > > > total 216 > > > -rw-r--r-- 1 root root 1119 May 1 12:21 authorized_keys > > > -rw------- 1 root root 668 Mar 25 2001 id_dsa > > > -rw-r--r-- 1 root root 590 Mar 25 2001 id_dsa.pub > > > -rw------- 1 root root 515 Mar 29 2001 identity > > > -rw-r--r-- 1 root root 319 Mar 25 2001 identity.pub > > > -rw------- 1 root root 883 May 1 12:18 id_rsa > > > -rw-r--r-- 1 root root 210 May 1 12:18 id_rsa.pub > > > -rw-r--r-- 1 root root 69970 May 1 12:33 known_hosts > > > -rw-r--r-- 1 root root 108448 Dec 12 10:19 known_hosts2 > > > > > > > > > > > > > > > ...and at the server end: > > > > > > # ll .ssh2/ > > > total 24 > > > -rw------- 1 root root 47 May 2 11:51 authorization > > > drwx------ 2 root root 4096 Apr 22 14:46 hostkeys > > > -rw------- 1 root root 590 May 2 11:36 id_dsa.pub > > > -rw------- 1 root root 319 May 2 11:37 id_rsa1.pub > > > -rw------- 1 root root 210 May 2 11:37 id_rsa2.pub > > > -rw------- 1 root root 512 May 3 12:33 random_seed > > > > > > > -- > > > > Thanks > > > > KenF > > > > OpenOffice.org developer > > > -- > > > Howard. > > > LANNet Computing Associates - Your Linux people > > <http://www.lannetlinux.com> > > > ------------------------------------------ > > > Flatter government, not fatter government - Get rid of the Australian > > states. > > > ------------------------------------------ > > > To mess up a Linux box, you need to work at it; > > > to mess up your Windows box, you just need to work on it. > > > - Scott Granneman, SecurityFocus > > > > > > -- > > > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > > > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- > Howard. > LANNet Computing Associates - Your Linux people <http://www.lannetlinux.com> > ------------------------------------------ > Flatter government, not fatter government - Get rid of the Australian states. > ------------------------------------------ > To mess up a Linux box, you need to work at it; > to mess up your Windows box, you just need to work on it. > - Scott Granneman, SecurityFocus > -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
