Date: Fri, 26 Oct 2001 08:20:12 -0500 From: Oscar Ricardo Silva <oscars@mail.utexas.edu> To: "Mark Hughes" <mark@dvdnews.co.uk>, questions@freebsd.org Subject: Re: DSA authentication using SSH Message-ID: <5.1.0.14.2.20011026081150.00a6f5d0@mail.utexas.edu> In-Reply-To: <001b01c15dd4$c5af8970$0200a8c0@mark2>
next in thread | previous in thread | raw e-mail | index | archive | help
Although I don't have a real solution, here are two things to try: 1. Check the permissions on the 'authorized_keys' file on the machine you're trying to connect to. Mae sure only the owner has permissions. 2. Before going much farther, update to OpenSSH 2.9.9p2. This way you make sure it's not something specific to the version you're running. Oscar At 05:14 AM 10/26/2001 +0100, Mark Hughes, you wrote: >I'm using freebsd 4.3-release, and trying to connect using DSA >authentication through SSH from my freebsd box to a remote box which is a >cobolt raq (spit!). > >I've created all the keys, copied the public keys, and all that....running >ssh to the host in question gives: > >SSH Version OpenSSH_2.3.0 green@FreeBSD.org 20010321, protocol versions >1.5/2.0. >Compiled with SSL (0x0090600f). >debug: Reading configuration data /home/mark/.ssh/config >debug: Applying options for *digitalspy.co.uk >debug: Reading configuration data /etc/ssh/ssh_config >debug: ssh_connect: getuid 0 geteuid 0 anon 0 >debug: Connecting to digitalspy.co.uk [216.12.209.2] port 22. >debug: Allocated local port 1019. >debug: Connection established. >debug: Remote protocol version 2.0, remote software version OpenSSH_2.9p2 >debug: no match: OpenSSH_2.9p2 >Enabling compatibility mode for protocol 2.0 >debug: Local version string SSH-2.0-OpenSSH_2.3.0 green@FreeBSD.org >20010321 >debug: send KEXINIT >debug: done >debug: wait KEXINIT >debug: got kexinit: >diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 >debug: got kexinit: ssh-dss >debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour >debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour >debug: got kexinit: >hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,h >mac-md5-96 >debug: got kexinit: >hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,h >mac-md5-96 >debug: got kexinit: none,zlib >debug: got kexinit: none,zlib >debug: got kexinit: >debug: got kexinit: >debug: first kex follow: 0 >debug: reserved: 0 >debug: done >debug: kex: server->client 3des-cbc hmac-sha1 none >debug: kex: client->server 3des-cbc hmac-sha1 none >debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST. >debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP. >debug: Got SSH2_MSG_KEX_DH_GEX_GROUP. >debug: bits set: 1007/2049 >debug: Sending SSH2_MSG_KEX_DH_GEX_INIT. >debug: Wait SSH2_MSG_KEX_DH_GEX_REPLY. >debug: Got SSH2_MSG_KEXDH_REPLY. >debug: Host 'digitalspy.co.uk' is known and matches the DSA host key. >debug: bits set: 1014/2049 >debug: len 55 datafellows 0 >debug: dsa_verify: signature correct >debug: Wait SSH2_MSG_NEWKEYS. >debug: GOT SSH2_MSG_NEWKEYS. >debug: send SSH2_MSG_NEWKEYS. >debug: done: send SSH2_MSG_NEWKEYS. >debug: done: KEX2. >debug: send SSH2_MSG_SERVICE_REQUEST >debug: service_accept: ssh-userauth >debug: got SSH2_MSG_SERVICE_ACCEPT >debug: authentications that can continue: >publickey,password,keyboard-interactive >debug: next auth method to try is publickey >debug: try pubkey: /home/mark/.ssh/id_dsa >debug: read DSA private key done >debug: sig size 20 20 >debug: authentications that can continue: >publickey,password,keyboard-interactive >debug: next auth method to try is publickey >debug: no more auth methods to try >Unable to find an authentication method >debug: Calling cleanup 0x8058220(0x0) > >Now it looks to me as though something is going wrong after the key has >been read - it doesn't even seem to be testing it before going on to the >next attempted thing....is this a bug, or am I doing something wrong? > >Thanks in advance, >Mark > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.2.20011026081150.00a6f5d0>