Re: RSA-authorization failed

Tue, 10 Oct 2000 17:38:00 -0700 

-----BEGIN PGP SIGNED MESSAGE-----

Hello all,

I solved my authorization-problem (see discussion below).
The solution was very simple:  i changed  "~/.ssh/autorized_keys" in
"~/.ssh/authorized_keys" (included an "h" in the filename). 

Thanks everyone replying to my problem.

Johan Barelds

On Mon, 09 Oct 2000, you wrote:
> Dave,
> First of all: thanks for your reply.
> 
> On Fri, 06 Oct 2000, you wrote:
> > Try using a different encryption.  OpenSSH does not support blowfish since it is
> > patented.
> I tried that and the result is the same as you see in the output below from the
> command "ssh -v alanis". The only difference is that is says that it uses 3des
> instead of blowfish encryption. But it keeps saying that the "Server refuses our
> key".
> 
> Any other suggestions?
> Johan
> 
> >
> >        --Dave
> >        
> > >From: Johan Barelds <[EMAIL PROTECTED]>
> > >Subject: RSA-authorization failed
> > >Date: Thu, 5 Oct 2000 20:04:58 +0200
> > >MIME-Version: 1.0
> > >Content-Transfer-Encoding: 8bit
> > >To: [EMAIL PROTECTED]
> > >
> > >-----BEGIN PGP SIGNED MESSAGE-----
> > >
> > >Hello SSH-readers,
> > >
> > >I do have a problem with RSA-autorization.
> > >For my company i need to setup an secure connection with SSH without the use of
> > >.rhosts or .shosts, and without beeing prompted for a password.
> > >
> > >I understood that this can be done with RSA-autorization. I put the pubkey from
> > >the uid (~/.ssh/indentity.pub) in the file ~/.ssh/autorized_keys on the
> > >remote site. This way it should be possible to login without a password.
> > >Whatever i tried: nothing works.
> > >
> > >The configuration is:
> > >
> > >Local host :          Alcatraz (ssh)
> > >Remote host   Alanis (sshd)
> > >
> > >This is the output i get from "ssh -v alanis" on the local server (Alcatraz):
> > >=========================<knip>=================================
> > >SSH Version OpenSSH-1.2.2, protocol version 1.5. Compiled with SSL.
> > >debug: Reading configuration data /etc/ssh/ssh_config
> > >debug: Applying options for alcatraz
> > >debug: Applying options for *
> > >debug: ssh_connect: getuid 0 geteuid0 anon 0
> > >debug: Connecting to alcatraz [10.0.0.1] port 22.
> > >debug: Allocated local port 799.
> > >debug: Connection established.
> > >debug: Remote protocol version 1.5, remote software version OpenSSH-1.2.2
> > >debug: Waiting for server public key.
> > >debug: Received server public key (768 bits) and host key (1024 bits).
> > >debug: Host 'alcatraz' is known and matches the host key.
> > >debug: Encryption type: blowfish debug: Sent encrypted session key.
> > >debug: Installing crc compensation attack detector.
> > >debug: Received encrypted confirmation.
> > >debug: Trying RSA authentication with key 'root@alanis'
> > >debug: Server refused our key. Permission denied.
> > >debug: Calling cleanup 0x8057320(0x0)
> > >=========================<knip>=================================
> > >
> > >This is the output from "sshd -d" at the remote site (alanis):
> > >=========================<knip>=================================
> > >debug: sshd version OpenSSH-1.2.2
> > >debug: Bind to port 22 on 0.0.0.0.
> > >Server listening on 0.0.0.0 port 22.
> > >Generating 768 bit RSA key.
> > >RSA key generation complete.
> > >debug: Server will not fork when running in debugging mode.
> > >Connection from 10.0.0.1 port 909
> > >debug: Client protocol version 1.5; client software version OpenSSH-1.2.2
> > >debug: Sent 768 bit public key and 1024 bit host key.
> > >debug: Encryption type: 3des
> > >debug: Received session key; encryption turned on.
> > >debug: Installing crc compensation attack detector.
> > >debug: Starting up PAM with username "root"
> > >debug: Attempting authentication for root.
> > >Failed rsa for ROOT from 10.0.0.1 port 909
> > >Connection closed by 10.0.0.1
> > >debug: Calling cleanup 0x804f730(0x0)
> > >debug: Calling cleanup 0x80593d0(0x0)
> > >=========================<knip>=================================
> > >
> > >This is what the ssh_config look like:
> > >=========================<knip>=================================
> > >Host alcatraz
> > >   ForwardAgent yes
> > >   ForwardX11 yes
> > >   RhostsAuthentication no
> > >   RhostsRSAAuthentication no
> > >   RSAAuthentication yes
> > >   PasswordAuthentication no
> > >   FallBackToRsh no
> > >   UseRsh no
> > >   BatchMode no
> > >   CheckHostIP yes
> > >   StrictHostKeyChecking no
> > >   IdentityFile ~/.ssh/identity
> > >   Port 22
> > >   Cipher blowfish
> > >   EscapeChar ~
> > >   GatewayPorts yes
> > >
> > ># Be paranoid
> > > Host *
> > >        ForwardAgent no
> > >        ForwardX11 no
> > >        FallBackToRsh no
> > >        GatewayPorts no
> > >=========================<knip>=================================
> > >
> > >And this is what the sshd_config on the remote site looks like:
> > >=========================<knip>=================================
> > >Port 22
> > >HostKey /etc/ssh/ssh_host_key
> > >ServerKeyBits 768
> > >LoginGraceTime 600
> > >KeyRegenerationInterval 3600
> > >PermitRootLogin yes
> > >IgnoreRhosts no
> > >StrictModes yes
> > >X11Forwarding yes
> > >X11DisplayOffset 10
> > >PrintMotd yes
> > >KeepAlive yes
> > >SyslogFacility AUTH
> > >LogLevel INFO
> > >RhostsAuthentication no
> > >RhostsRSAAuthentication no
> > >RSAAuthentication yes
> > >PasswordAuthentication no
> > >PermitEmptyPasswords no
> > >CheckMail no
> > >UseLogin no
> > >=========================<knip>=================================
> > >
> > >The ~/.ssh/autorized_keys file is only readable, writeable and executable by
> > >the owner (in this case root).
> > >
> > >Can anyone help me with this problem? I can't think of anything else anymore to
> > >check/test.
> > >
> > >Thanks in advance for any reply.
> > >
> > >Greetings,
> > >Johan Barelds
> > >-----BEGIN PGP SIGNATURE-----
> > >Version: 2.6.3i
> > >Charset: noconv
> > >
> > >iQB1AwUBOdzKPoWXbzBwqmlVAQFG0gL/egTJdnFUgTijio/tdpvbypK/vYPieeVY
> > >aZBGNRHi8Q+thbNVX9W6OL9ZFjzw46WmGntGuChkSDlCfzIFlcRSkT1R5hCtTdkq
> > >T98/xGWSdTumfHvF7BnWDzqTYLUTx6kL
> > >=Hqz3
> > >-----END PGP SIGNATURE-----
> >
> > --
> > David Knight French
> > Black Mountain Computer Consulting
> > Voice: (858)279-4862
> > Email: [EMAIL PROTECTED]
> 
> End pgp message
> 
> > 
> > --
> > David Knight French                           
> > Black Mountain Computer Consulting
> > Voice: (858)279-4862
> > Email: [EMAIL PROTECTED]
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3i
> Charset: noconv
> 
> iQB1AwUBOd8qiYWXbzBwqmlVAQFTrwMAgDXzknfoFMStpJncKIm4eYJrSgFsG7ra
> IGXmqkHfqruFxh5KS2R4Wdgvtkr0QKzkMUDZrOrnj/x4Mo9EIF+5Lrl74gxl2Yak
> y1mAJhrKRrVfzjICzTJr3D18Ua8SMtvF
> =Kalf
> -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQB1AwUBOeNiToWXbzBwqmlVAQHltgL+Of1Wkk4tcJVJheU+8fPPK0UvtZjiQo1B
4E8B4xrXqqF0915Auq1rICjennVdLMvf+Xb/YRQKMOMKVXnfBubtXVlcuv1n4BeY
WQT1E6N7vmDQySvdRvLRcs/M/9zFxNJ1
=5dEe
-----END PGP SIGNATURE-----

Reply via email to