From owner-freebsd-current  Sun May 13  0:44:51 2001
Delivered-To: freebsd-current@freebsd.org
Received: from sol.serv.u-szeged.hu (sol.serv.u-szeged.hu [160.114.51.3])
	by hub.freebsd.org (Postfix) with ESMTP id 70D1937B423
	for <current@freebsd.org>; Sun, 13 May 2001 00:44:44 -0700 (PDT)
	(envelope-from sziszi@petra.hos.u-szeged.hu)
Received: from petra.hos.u-szeged.hu by sol.serv.u-szeged.hu (8.9.3+Sun/SMI-SVR4)
	id JAA28296; Sun, 13 May 2001 09:44:42 +0200 (MEST)
Received: from sziszi by petra.hos.u-szeged.hu with local (Exim 3.12 #1 (Debian))
	id 14yqYT-0003wX-00
	for <current@freebsd.org>; Sun, 13 May 2001 09:44:41 +0200
Date: Sun, 13 May 2001 09:44:41 +0200
From: Szilveszter Adam <sziszi@petra.hos.u-szeged.hu>
To: current@freebsd.org
Subject: Re: ssh public key auth. incompatible between 2.3.0 vs. 2.9?
Message-ID: <20010513094441.A14525@petra.hos.u-szeged.hu>
Mail-Followup-To: Szilveszter Adam <sziszi@petra.hos.u-szeged.hu>,
	current@freebsd.org
References: <200105130540.f4D5eZl71004@bunrab.catwhisker.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200105130540.f4D5eZl71004@bunrab.catwhisker.org>; from david@catwhisker.org on Sat, May 12, 2001 at 10:40:35PM -0700
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hello David,

On Sat, May 12, 2001 at 10:40:35PM -0700, David Wolfskill wrote:
> OK; there's something about the (relatively) new ssh (2.9) in -CURRENT
> I'm not understanding.  I have hunted around for some clues (via man pages
> & the like), but it could well be that I'm still failing to notice
> something -- quite possibly something that should be obvious to even me
> -- and I welcome a clue.

I am working on reproducing this, so I would like to ask for
clarification... Unless I am mistaken, you have 3.2-RELEASE on the machine
that you are connecting to with ssh2 port installed. Right?

And you are trying to use RSA Auth using ssh1 on purpose although both 
sides could use ssh2
in theory. And you are seeing that -CURRENT's ssh does not fall back to RSA
key auth when it cannot use DSA. But you have already used ssh2 to this
host before. (Because it is contained in the known_hosts2 file). 
Maybe this confuses ssh.

In my setup, I have only one server that can do SSH2 (mine, the -CURRENT
box) all others are unable, because they use either older versions of
OpenSSH or the ssh1 from SSH Communications. But I have absolutely no
problem in connecting between them with RSA keys... although I have just
tried (almost) all combinations.:-) Even the -CURRENT server does well,
although ssh2 is the first option tried in the server config because some
windoze clients can do ssh2 already so why not use it? But admittedly I
have not tried RSA auth between two ssh2 capable hosts... will need the
help of a collegaue with it. (who will kindly reboot the machine on the
other end into FreeBSD-STABLE:-) Note that I do not have a known_hosts2 or
an authorized_keys2 file anywhere. 

-- 
Regards:

Szilveszter ADAM
Szeged University
Szeged Hungary

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message