update your version of openssh. newer versions
of openssh can handle some bugs in older f-secure
pubkey-auth implementations.
On Fri, Jun 30, 2000 at 11:24:22AM -0400, Charles Leeds wrote:
> SSH gurus,
>
> Has anyone succeeded in making F-Secure 4.0 connect to an OpenSSH 2.1.1
> server using DSA key exchange and no password? I have had no luck doing so.
> I stick the public key in ~/.ssh/authorized_keys2, but it never works. I
> can connect fine using a password. I am very familiar with SSH, so your
> answer can be very technical.
>
> Version F-Secure 4.0 _does_ support the SSH2 protocol for certain. The
> version is 4.0 build 19. I exported the public key and cut out the comment
> lines. I then did a join on the other lines in vi so the key was all on one
> line. My openssh version is openssh v2.1.1p1.
>
> Neither can I get ssh 2.2.0 client for Windows to use DSA keys with OpenSSH.
> Below is a debug of such a connection attempt. Can someone interpret what
> is the meaning of "Failed publickey for ROOT from 10.15.50.186 port 3750
> ssh2"...?
>
> Thanks,
> Fox
> [EMAIL PROTECTED]
> Senior Information Security Analyst
> Paranoid American Corporation
>
>
> debug: sshd version OpenSSH_2.1.1
> debug: Seeding random number generator
> debug: read DSA private key done
> debug: Seeding random number generator
> debug: Bind to port 22 on 0.0.0.0.
> Server listening on 0.0.0.0 port 22.
> Generating 768 bit RSA key.
> debug: Seeding random number generator
> debug: Seeding random number generator
> RSA key generation complete.
> debug: Server will not fork when running in debugging mode.
> Connection from 10.15.50.186 port 3750
> debug: Client protocol version 1.99; client software version 2.2.0 SSH
> Secure Shell for Windows
> Enabling compatibility mode for protocol 2.0
> debug: Local version string SSH-1.99-OpenSSH_2.1.1
> debug: send KEXINIT
> debug: done
> debug: wait KEXINIT
> debug: got kexinit: diffie-hellman-group1-sha1
> debug: got kexinit: ssh-dss
> debug: got kexinit: 3des-cbc,blowfish-cbc,twofish-cbc,arcfour
> debug: got kexinit: 3des-cbc,blowfish-cbc,twofish-cbc,arcfour
> debug: got kexinit: hmac-md5,hmac-sha1
> debug: got kexinit: hmac-md5,hmac-sha1
> debug: got kexinit: none
> debug: got kexinit: none
> debug: got kexinit:
> debug: got kexinit:
> debug: first kex follow: 1
> debug: reserved: 0
> debug: done
> debug: kex: client->server 3des-cbc hmac-md5 none
> debug: kex: server->client 3des-cbc hmac-md5 none
> debug: Wait SSH2_MSG_KEXDH_INIT.
> debug: bits set: 519/1024
> debug: bits set: 521/1024
> debug: sig size 20 20
> debug: send SSH2_MSG_NEWKEYS.
> debug: done: send SSH2_MSG_NEWKEYS.
> debug: Wait SSH2_MSG_NEWKEYS.
> debug: GOT SSH2_MSG_NEWKEYS.
> debug: done: KEX2.
> debug: userauth-request for user rootcll service ssh-connection method none
> debug: Starting up PAM with username "rootcll"
> Failed none for ROOT from 10.15.50.186 port 3750 ssh2
> debug: userauth-request for user rootcll service ssh-connection method
> publickey
> debug: keytype ssh-dss
> debug: test key...
> Failed publickey for ROOT from 10.15.50.186 port 3750 ssh2
> debug: userauth-request for user rootcll service ssh-connection method none
> Failed none for ROOT from 10.15.50.186 port 3750 ssh2
> Received disconnect: 13: Authentication cancelled by user.
> debug: Calling cleanup 0x804f230(0x0)
> debug: Calling cleanup 0x805f2b0(0x0)
>
>
