Date: Fri, 1 Jun 2001 14:40:03 -0700 (PDT) From: Archie Cobbs <archie@packetdesign.com> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/27821: can't do RSA login via ssh to root account Message-ID: <200106012140.f51Le3k07201@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/27821; it has been noted by GNATS.
From: Archie Cobbs <archie@packetdesign.com>
To: Bill Fenner <fenner@research.att.com>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: bin/27821: can't do RSA login via ssh to root account
Date: Fri, 01 Jun 2001 14:33:11 -0700
Bill Fenner wrote:
> I'm doing this with both RSA and DSA keys under stock FreeBSD 4.3 without
> a problem. The RSA public key is in /root/.ssh/authorized_keys, the
> DSA public key is in /root/.ssh/authorized_keys2, both my RSA and DSA
> keys are loaded in my ssh-agent, and root logins "just work".
Hmm.. it looks like the problem doesn't have to do with root anymore,
instead ssh is trying to use my ${HOME}/.ssh/identity instead of the
identity I've chosen for the agent via ssh-add.. e.g., here's a trace
Notice below it's trying to use the 'archie@bubba.whistle.com' RSA
identity instead of the one I specified (~archie/ambit/rsakey/ambitkey).
I even tried using the '-i' flag..
The /etc/ssh/sshd_config file on the remote machine is the standard
one with 'RSAAuthentication yes' in it.
-Archie
__________________________________________________________________________
Archie Cobbs * Packet Design * http://www.packetdesign.com
bubba 118 eval `ssh-agent`
Agent pid 61927
bubba 119 env|grep SSH
SSH_AUTH_SOCK=/tmp/ssh-g47PGWOn/agent.61926
SSH_AGENT_PID=61927
bubba 120 ssh-add ~archie/ambit/rsakey/ambitkey
Need passphrase for /home/archie/ambit/rsakey/ambitkey
Enter passphrase for /home/archie/ambit/rsakey/ambitkey:
Identity added: /home/archie/ambit/rsakey/ambitkey
(/home/archie/ambit/rsakey/ambitkey)
bubba 121 ssh-add -l
1024 31:ea:a7:af:40:dc:34:f5:84:78:df:46:2b:f1:a5:a2
/home/archie/ambit/rsakey/ambitkey
bubba 122 ssh -v vernier@192.168.10.2
SSH Version OpenSSH_2.3.0 green@FreeBSD.org 20010321, protocol versions 1.5/2.0.
Compiled with SSL (0x0090600f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: ssh_connect: getuid 1000 geteuid 1000 anon 1
debug: Connecting to (null) [192.168.10.2] port 22.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0
green@FreeBSD.org 20010321
debug: match: OpenSSH_2.3.0 green@FreeBSD.org 20010321 pat ^OpenSSH[-_]2\.3
debug: Local version string SSH-1.5-OpenSSH_2.3.0 green@FreeBSD.org 20010321
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host '192.168.10.2' is known and matches the RSA host key.
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: RSA authentication using agent refused.
debug: Trying RSA authentication with key 'archie@bubba.whistle.com'
debug: Server refused our key.
debug: Doing password authentication.
vernier@192.168.10.2's password:
bubba 123 ssh -v -i /home/archie/ambit/rsakey/ambitkey vernier@192.168.10.2
SSH Version OpenSSH_2.3.0 green@FreeBSD.org 20010321, protocol versions 1.5/2.0.
Compiled with SSL (0x0090600f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: ssh_connect: getuid 1000 geteuid 1000 anon 1
debug: Connecting to (null) [192.168.10.2] port 22.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0
green@FreeBSD.org 20010321
debug: match: OpenSSH_2.3.0 green@FreeBSD.org 20010321 pat ^OpenSSH[-_]2\.3
debug: Local version string SSH-1.5-OpenSSH_2.3.0 green@FreeBSD.org 20010321
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host '192.168.10.2' is known and matches the RSA host key.
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: RSA authentication using agent refused.
debug: Bad key file /home/archie/ambit/rsakey/ambitkey.
debug: Doing password authentication.
vernier@192.168.10.2's password:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106012140.f51Le3k07201>