i thought agent forwarding didn't work with ssh2/dsa keys. am i mistaken?
-tcl.
On Tue, 13 Feb 2001, Don Faulkner wrote:
> Anne,
>
> Thanks for the suggestion. I always forget about easy things like debug
> On OpenSSH, (I'm running openssh 2.3.0 p1) it's '-v'
>
> I do have DSA authentication enabled on all machines. Before they were
> moved into their current configuration (with system2 now 'behind'
> system1), I was able to ssh to both system and DSA authenticate. Of
> course, in that case, the agent isn't forwarding, but talking directly to
> sshd on the particular machine.
>
> (My apologies to the list for the following debug output. I've clipped
> things I don't think are important to the discussion.)
>
> Here's how it works now:
>
> [def@laptop def]$ ssh -v system1
> debug: Reading configuration data /home/def/.ssh/config
> debug: Applying options for *
> debug: Reading configuration data /etc/ssh/ssh_config
> debug: Seeding random number generator
> ...
> debug: Host 'system1' is known and matches the DSA host key.
> ...
> debug: GOT SSH2_MSG_NEWKEYS.
> debug: send SSH2_MSG_NEWKEYS.
> debug: done: send SSH2_MSG_NEWKEYS.
> debug: done: KEX2.
> debug: send SSH2_MSG_SERVICE_REQUEST
> debug: service_accept: ssh-userauth
> debug: got SSH2_MSG_SERVICE_ACCEPT
> debug: authentications that can continue: publickey,password
> debug: trying DSA agent key /home/def/.ssh/id_dsa
> debug: ssh-userauth2 successfull
> ...
> [def@system1 def]$ ssh -v system2
> debug: Reading configuration data /etc/ssh/ssh_config
> debug: Seeding random number generator
> ...
> debug: Host 'system2' is known and matches the DSA host key.
> ...
> debug: dsa_verify: signature correct
> debug: Wait SSH2_MSG_NEWKEYS.
> debug: GOT SSH2_MSG_NEWKEYS.
> debug: send SSH2_MSG_NEWKEYS.
> debug: done: send SSH2_MSG_NEWKEYS.
> debug: done: KEX2.
> debug: send SSH2_MSG_SERVICE_REQUEST
> debug: service_accept: ssh-userauth
> debug: got SSH2_MSG_SERVICE_ACCEPT
> debug: authentications that can continue: publickey,password
> debug: next auth method to try is publickey
> debug: key does not exist: /home/def/.ssh/id_dsa
> debug: next auth method to try is password
> def@web2's password:
>
>
>
> --
> Don Faulkner, KB5WPM |
> | "All that is gold does not glitter."
> ( This space unintentionally | "not all those who wander are lost."
> left blank ) | --J.R.R. Tolkien
>
> On Tue, 13 Feb 2001 [EMAIL PROTECTED] wrote:
>
> > Hi Don,
> >
> > Here's some thoughts on this. Do you have public key authentication defined on the
>server side?
> >
> > Run your clinet and server in debug mode (I think it's -D with OpenSSH) and see
>what that tells you when you try to connect.
> >
> > -Anne
> >
> >
> > On Tue, Feb 13, 2001 at 11:19:02AM -0800, Don Faulkner wrote:
> > > First time I've tried this, so I'm probably really confused.
> > >
> > > I've had ssh-agent working on my laptop for some time. Now, I want to ssh
> > > to system1, and from my shell on system1, ssh to system2.
> > >
> > > So I do
> > > laptop$ eval `ssh-agent`
> > > laptop$ ssh-add $HOME/.ssh/id_dsa
> > > laptop$ ssh system1
> > >
> > > system1$ ssh system2
> > > enter password for user@system2:
> > >
> > > What am I doing wrong here? Do I need to start an ssh-agent as part of my
> > > logon process in system1? or is there something else going on?
> > >
> > > --
> > > Don Faulkner, KB5WPM |
> > > | "All that is gold does not glitter."
> > > ( This space unintentionally | "not all those who wander are lost."
> > > left blank ) | --J.R.R. Tolkien
> > >
> > >
> > ------------------------------------------------------------------------
> > Anne Carasik | An unsophisticated forecaster uses
> > Principal Security Consultant | statistics as a drunken man uses
> > SSH Communications Security, Inc. | lamp-posts - for support rather than
> > Email: [EMAIL PROTECTED] | for illumination. -Andrew Lang
> > ------------------------------------------------------------------------
> > Unless stated otherwise above, the opinions expressed herein are my own,
> > not of my employer.
> >
>
>
