Dave,
First of all: thanks for your reply.
On Fri, 06 Oct 2000, you wrote:
> Try using a different encryption. OpenSSH does not support blowfish since it is
> patented.
I tried that and the result is the same as you see in the output below from the
command "ssh -v alanis". The only difference is that is says that it uses 3des
instead of blowfish encryption. But it keeps saying that the "Server refuses our
key".
Any other suggestions?
Johan
>
> --Dave
>
> >From: Johan Barelds <[EMAIL PROTECTED]>
> >Subject: RSA-authorization failed
> >Date: Thu, 5 Oct 2000 20:04:58 +0200
> >MIME-Version: 1.0
> >Content-Transfer-Encoding: 8bit
> >To: [EMAIL PROTECTED]
> >
> >-----BEGIN PGP SIGNED MESSAGE-----
> >
> >Hello SSH-readers,
> >
> >I do have a problem with RSA-autorization.
> >For my company i need to setup an secure connection with SSH without the use of
> >.rhosts or .shosts, and without beeing prompted for a password.
> >
> >I understood that this can be done with RSA-autorization. I put the pubkey from
> >the uid (~/.ssh/indentity.pub) in the file ~/.ssh/autorized_keys on the
> >remote site. This way it should be possible to login without a password.
> >Whatever i tried: nothing works.
> >
> >The configuration is:
> >
> >Local host : Alcatraz (ssh)
> >Remote host Alanis (sshd)
> >
> >This is the output i get from "ssh -v alanis" on the local server (Alcatraz):
> >=========================<knip>=================================
> >SSH Version OpenSSH-1.2.2, protocol version 1.5. Compiled with SSL.
> >debug: Reading configuration data /etc/ssh/ssh_config
> >debug: Applying options for alcatraz
> >debug: Applying options for *
> >debug: ssh_connect: getuid 0 geteuid0 anon 0
> >debug: Connecting to alcatraz [10.0.0.1] port 22.
> >debug: Allocated local port 799.
> >debug: Connection established.
> >debug: Remote protocol version 1.5, remote software version OpenSSH-1.2.2
> >debug: Waiting for server public key.
> >debug: Received server public key (768 bits) and host key (1024 bits).
> >debug: Host 'alcatraz' is known and matches the host key.
> >debug: Encryption type: blowfish debug: Sent encrypted session key.
> >debug: Installing crc compensation attack detector.
> >debug: Received encrypted confirmation.
> >debug: Trying RSA authentication with key 'root@alanis'
> >debug: Server refused our key. Permission denied.
> >debug: Calling cleanup 0x8057320(0x0)
> >=========================<knip>=================================
> >
> >This is the output from "sshd -d" at the remote site (alanis):
> >=========================<knip>=================================
> >debug: sshd version OpenSSH-1.2.2
> >debug: Bind to port 22 on 0.0.0.0.
> >Server listening on 0.0.0.0 port 22.
> >Generating 768 bit RSA key.
> >RSA key generation complete.
> >debug: Server will not fork when running in debugging mode.
> >Connection from 10.0.0.1 port 909
> >debug: Client protocol version 1.5; client software version OpenSSH-1.2.2
> >debug: Sent 768 bit public key and 1024 bit host key.
> >debug: Encryption type: 3des
> >debug: Received session key; encryption turned on.
> >debug: Installing crc compensation attack detector.
> >debug: Starting up PAM with username "root"
> >debug: Attempting authentication for root.
> >Failed rsa for ROOT from 10.0.0.1 port 909
> >Connection closed by 10.0.0.1
> >debug: Calling cleanup 0x804f730(0x0)
> >debug: Calling cleanup 0x80593d0(0x0)
> >=========================<knip>=================================
> >
> >This is what the ssh_config look like:
> >=========================<knip>=================================
> >Host alcatraz
> > ForwardAgent yes
> > ForwardX11 yes
> > RhostsAuthentication no
> > RhostsRSAAuthentication no
> > RSAAuthentication yes
> > PasswordAuthentication no
> > FallBackToRsh no
> > UseRsh no
> > BatchMode no
> > CheckHostIP yes
> > StrictHostKeyChecking no
> > IdentityFile ~/.ssh/identity
> > Port 22
> > Cipher blowfish
> > EscapeChar ~
> > GatewayPorts yes
> >
> ># Be paranoid
> > Host *
> > ForwardAgent no
> > ForwardX11 no
> > FallBackToRsh no
> > GatewayPorts no
> >=========================<knip>=================================
> >
> >And this is what the sshd_config on the remote site looks like:
> >=========================<knip>=================================
> >Port 22
> >HostKey /etc/ssh/ssh_host_key
> >ServerKeyBits 768
> >LoginGraceTime 600
> >KeyRegenerationInterval 3600
> >PermitRootLogin yes
> >IgnoreRhosts no
> >StrictModes yes
> >X11Forwarding yes
> >X11DisplayOffset 10
> >PrintMotd yes
> >KeepAlive yes
> >SyslogFacility AUTH
> >LogLevel INFO
> >RhostsAuthentication no
> >RhostsRSAAuthentication no
> >RSAAuthentication yes
> >PasswordAuthentication no
> >PermitEmptyPasswords no
> >CheckMail no
> >UseLogin no
> >=========================<knip>=================================
> >
> >The ~/.ssh/autorized_keys file is only readable, writeable and executable by
> >the owner (in this case root).
> >
> >Can anyone help me with this problem? I can't think of anything else anymore to
> >check/test.
> >
> >Thanks in advance for any reply.
> >
> >Greetings,
> >Johan Barelds
> >-----BEGIN PGP SIGNATURE-----
> >Version: 2.6.3i
> >Charset: noconv
> >
> >iQB1AwUBOdzKPoWXbzBwqmlVAQFG0gL/egTJdnFUgTijio/tdpvbypK/vYPieeVY
> >aZBGNRHi8Q+thbNVX9W6OL9ZFjzw46WmGntGuChkSDlCfzIFlcRSkT1R5hCtTdkq
> >T98/xGWSdTumfHvF7BnWDzqTYLUTx6kL
> >=Hqz3
> >-----END PGP SIGNATURE-----
>
> --
> David Knight French
> Black Mountain Computer Consulting
> Voice: (858)279-4862
> Email: [EMAIL PROTECTED]
End pgp message
>
> --
> David Knight French
> Black Mountain Computer Consulting
> Voice: (858)279-4862
> Email: [EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQB1AwUBOd8qiYWXbzBwqmlVAQFTrwMAgDXzknfoFMStpJncKIm4eYJrSgFsG7ra
IGXmqkHfqruFxh5KS2R4Wdgvtkr0QKzkMUDZrOrnj/x4Mo9EIF+5Lrl74gxl2Yak
y1mAJhrKRrVfzjICzTJr3D18Ua8SMtvF
=Kalf
-----END PGP SIGNATURE-----
