From owner-freebsd-bugs  Fri Jun  1 14:40:12 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 737FB37B423
	for <freebsd-bugs@hub.freebsd.org>; Fri,  1 Jun 2001 14:40:03 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f51Le3k07201;
	Fri, 1 Jun 2001 14:40:03 -0700 (PDT)
	(envelope-from gnats)
Date: Fri, 1 Jun 2001 14:40:03 -0700 (PDT)
Message-Id: <200106012140.f51Le3k07201@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Archie Cobbs <archie@packetdesign.com>
Subject: Re: bin/27821: can't do RSA login via ssh to root account
Reply-To: Archie Cobbs <archie@packetdesign.com>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR bin/27821; it has been noted by GNATS.

From: Archie Cobbs <archie@packetdesign.com>
To: Bill Fenner <fenner@research.att.com>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: bin/27821: can't do RSA login via ssh to root account
Date: Fri, 01 Jun 2001 14:33:11 -0700

 Bill Fenner wrote:
 > I'm doing this with both RSA and DSA keys under stock FreeBSD 4.3 without
 > a problem.  The RSA public key is in /root/.ssh/authorized_keys, the
 > DSA public key is in /root/.ssh/authorized_keys2, both my RSA and DSA
 > keys are loaded in my ssh-agent, and root logins "just work".
 
 Hmm.. it looks like the problem doesn't have to do with root anymore,
 instead ssh is trying to use my ${HOME}/.ssh/identity instead of the
 identity I've chosen for the agent via ssh-add.. e.g., here's a trace
 
 Notice below it's trying to use the 'archie@bubba.whistle.com' RSA
 identity instead of the one I specified (~archie/ambit/rsakey/ambitkey).
 
 I even tried using the '-i' flag..
 
 The /etc/ssh/sshd_config file on the remote machine is the standard
 one with 'RSAAuthentication yes' in it.
 
 -Archie
 
 __________________________________________________________________________
 Archie Cobbs     *     Packet Design     *     http://www.packetdesign.com
 
 bubba 118 eval `ssh-agent`
 Agent pid 61927
 bubba 119 env|grep SSH
 SSH_AUTH_SOCK=/tmp/ssh-g47PGWOn/agent.61926
 SSH_AGENT_PID=61927
 bubba 120 ssh-add ~archie/ambit/rsakey/ambitkey
 Need passphrase for /home/archie/ambit/rsakey/ambitkey
 Enter passphrase for /home/archie/ambit/rsakey/ambitkey: 
 Identity added: /home/archie/ambit/rsakey/ambitkey
 (/home/archie/ambit/rsakey/ambitkey)
 bubba 121 ssh-add -l
 1024 31:ea:a7:af:40:dc:34:f5:84:78:df:46:2b:f1:a5:a2
 /home/archie/ambit/rsakey/ambitkey
 bubba 122 ssh -v  vernier@192.168.10.2
 SSH Version OpenSSH_2.3.0 green@FreeBSD.org 20010321, protocol versions 1.5/2.0.
 Compiled with SSL (0x0090600f).
 debug: Reading configuration data /etc/ssh/ssh_config
 debug: ssh_connect: getuid 1000 geteuid 1000 anon 1
 debug: Connecting to (null) [192.168.10.2] port 22.
 debug: Connection established.
 debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0
 green@FreeBSD.org 20010321
 debug: match: OpenSSH_2.3.0 green@FreeBSD.org 20010321 pat ^OpenSSH[-_]2\.3
 
 debug: Local version string SSH-1.5-OpenSSH_2.3.0 green@FreeBSD.org 20010321
 debug: Waiting for server public key.
 debug: Received server public key (768 bits) and host key (1024 bits).
 debug: Host '192.168.10.2' is known and matches the RSA host key.
 debug: Encryption type: 3des
 debug: Sent encrypted session key.
 debug: Installing crc compensation attack detector.
 debug: Received encrypted confirmation.
 debug: RSA authentication using agent refused.
 debug: Trying RSA authentication with key 'archie@bubba.whistle.com'
 debug: Server refused our key.
 debug: Doing password authentication.
 vernier@192.168.10.2's password: 
 bubba 123 ssh -v -i /home/archie/ambit/rsakey/ambitkey vernier@192.168.10.2
 SSH Version OpenSSH_2.3.0 green@FreeBSD.org 20010321, protocol versions 1.5/2.0.
 Compiled with SSL (0x0090600f).
 debug: Reading configuration data /etc/ssh/ssh_config
 debug: ssh_connect: getuid 1000 geteuid 1000 anon 1
 debug: Connecting to (null) [192.168.10.2] port 22.
 debug: Connection established.
 debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0
 green@FreeBSD.org 20010321
 debug: match: OpenSSH_2.3.0 green@FreeBSD.org 20010321 pat ^OpenSSH[-_]2\.3
 
 debug: Local version string SSH-1.5-OpenSSH_2.3.0 green@FreeBSD.org 20010321
 debug: Waiting for server public key.
 debug: Received server public key (768 bits) and host key (1024 bits).
 debug: Host '192.168.10.2' is known and matches the RSA host key.
 debug: Encryption type: 3des
 debug: Sent encrypted session key.
 debug: Installing crc compensation attack detector.
 debug: Received encrypted confirmation.
 debug: RSA authentication using agent refused.
 debug: Bad key file /home/archie/ambit/rsakey/ambitkey.
 debug: Doing password authentication.
 vernier@192.168.10.2's password:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message