On Fri, Oct 27, 2000 at 07:27:26PM -0700, Erick Mechler wrote:
> id_dsa is the default name of the dsa key (used for ssh v2). If tell
> openssh not to use v2, then ssh will use $HOME/.ssh/identity{.pub}.
> If you use v2, then it looks for $HOME/.ssh/id_dsa{.pub}. To create a
> dsa keypair, do "ssh-keygen -d".
I generated key pairs on both machines, and could not get it to work. I
turned off password authentication on the server, and it would still
prompt of a password, but reject it. I turned off password authentication
on the client, and I was not asked for the password. Here is the complete
trace from that effort:
root@charlesc # ssh -v server
SSH Version OpenSSH_2.1.1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
debug: Reading configuration data /root/.ssh/config
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for *
debug: Applying options for server
debug: Seeding random number generator
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to server [192.168.1.64] port 22.
debug: Seeding random number generator
debug: Allocated local port 779.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.1.1
Enabling compatibility mode for protocol 2.0
debug: Local version string SSH-2.0-OpenSSH_2.1.1
debug: send KEXINIT
debug: done
debug: wait KEXINIT
debug: got kexinit: diffie-hellman-group1-sha1
debug: got kexinit: ssh-dss
debug: got kexinit: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc
debug: got kexinit: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc
debug: got kexinit: hmac-sha1,hmac-md5,[EMAIL PROTECTED]
debug: got kexinit: hmac-sha1,hmac-md5,[EMAIL PROTECTED]
debug: got kexinit: zlib,none
debug: got kexinit: zlib,none
debug: got kexinit:
debug: got kexinit:
debug: first kex follow: 0
debug: reserved: 0
debug: done
debug: kex: server->client 3des-cbc hmac-sha1 none
debug: kex: client->server 3des-cbc hmac-sha1 none
debug: Sending SSH2_MSG_KEXDH_INIT.
debug: bits set: 517/1024
debug: Wait SSH2_MSG_KEXDH_REPLY.
debug: Got SSH2_MSG_KEXDH_REPLY.
debug: keytype ssh-dss
debug: keytype ssh-dss
debug: keytype ssh-dss
debug: Host 'server' is known and matches the DSA host key.
debug: bits set: 511/1024
debug: len 55 datafellows 0
debug: dsa_verify: signature correct
debug: Wait SSH2_MSG_NEWKEYS.
debug: GOT SSH2_MSG_NEWKEYS.
debug: send SSH2_MSG_NEWKEYS.
debug: done: send SSH2_MSG_NEWKEYS.
debug: done: KEX2.
debug: send SSH2_MSG_SERVICE_REQUEST
debug: service_accept: ssh-userauth
debug: got SSH2_MSG_SERVICE_ACCEPT
debug: authentications that can continue: publickey,password
debug: try pubkey: /root/.ssh/id_dsa
debug: read DSA private key done
debug: sig size 20 20
debug: authentications that can continue: publickey,password
Permission denied (publickey,password).
debug: Calling cleanup 0x805bdf0(0x0)
>
> Cheers,
> Erick
>
> At Fri, Oct 27, 2000 at 09:24:54AM -0600, Charles Curley said this:
> :: I have installed openssh-2.1.1p1-1 RPMs on both of my test bed
> :: computers. I would like to use RSA authorization rather than password
> :: authorization.
> ::
> :: In my /etc/ssh/sshd_config, I have:
> ::
> :: RSAAuthentication yes
> :: PasswordAuthentication no
> ::
> :: If PasswordAuthentication is yes, I can log in with passwords, which is
> :: fine. If I set it to no, which is what I want, and try to log in with
> :: verbose on, I get this trace:
> ::
> :: debug: send SSH2_MSG_SERVICE_REQUEST
> :: debug: service_accept: ssh-userauth
> :: debug: got SSH2_MSG_SERVICE_ACCEPT
> :: debug: authentications that can continue: publickey,password
> :: debug: key does not exist: /root/.ssh/id_dsa
> :: root@server's password:
> ::
> :: It then goes on to reject the password.
> ::
> :: My question is this: what goes in id_dsa, and how do I get it there?
> ::
> :: I tried copying the identity.pub of the machine loging in to the file on
> :: server, and got the same message.
> ::
> :: The section on how to do this in the FAQ does not address how to do this
> :: with Open SSH. The file names and locations are all wrong. They appear to
> :: be instructions for SSH Communications Security's SSH, not Open SSH.
> ::
> :: Thank you.
> ::
> :: --
> ::
> :: -- C^2
> ::
> :: No windows were crashed in the making of this email.
> ::
> :: Looking for fine software and/or web pages?
> :: http://w3.trib.com/~ccurley
--
-- C^2
No windows were crashed in the making of this email.
Looking for fine software and/or web pages?
http://w3.trib.com/~ccurley
PGP signature
