Date: Sat, 4 Nov 2000 02:08:55 +0530 From: "N. D. Gangadhar" <dhani@pal.ece.iisc.ernet.in> To: freebsd-questions@FreeBSD.org Cc: Marty Cawthon <mrc@ChipChat.ne.jp>, cjclark@reflexnet.net Subject: openssh/RSA: user vs. root behaviour Message-ID: <20001104020855.A3368@vasantam.pal.ece.iisc.ernet.in>
next in thread | raw e-mail | index | archive | help
Hello! [Sorry for the long mail. Since it is a repeat question, and one for which I see no soln. on the list, I put together quite a bit of infomation.] I have the same problem as was discussed in date: Sun, 03 Sep 2000 17:59:34 +0900 (JST) from: Marty Cawthon <mrc@ChipChat.ne.jp> subject: "Re: SSH fails for user, but succeeds for root" message-id: <20000903175934R.mrc@ChipChat.ne.jp> on this list. The differece I see is that I have 4.1.1-RELEASE installed; so /usr/lib/libssl.a as well as /usr/lib/libcrypto.a have RSA in them (and, of course, no /usr/lib/librsa*). Both have 444 permissions. Still only root can use ssh. As su - I get: vasantam# ssh -v pal -l dhani SSH Version OpenSSH-2.1, protocol versions 1.5/2.0. Compiled with SSL (0x0090581f). debug: Reading configuration data /etc/ssh/ssh_config debug: ssh_connect: getuid 0 geteuid 0 anon 0 debug: Connecting to pal.ece.iisc.ernet.in [144.16.64.149] port 22. debug: Allocated local port 1011. debug: Connection established. debug: Remote protocol version 1.5, remote software version OpenSSH-1.2 debug: Local version string SSH-1.5-OpenSSH-2.1 debug: Waiting for server public key. debug: Received server public key (768 bits) and host key (1024 bits). The authenticity of host 'pal.ece.iisc.ernet.in' can't be established. RSA key fingerprint is b2:b2:b8:ac:81:ab:d1:eb:de:50:34:b0:6f:1f:7e:9f. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'pal.ece.iisc.ernet.in' (RSA) to the list of known hosts. debug: Encryption type: 3des debug: Sent encrypted session key. debug: Installing crc compensation attack detector. debug: Received encrypted confirmation. debug: Doing password authentication. dhani@pal.ece.iisc.ernet.in's password: debug: Requesting pty. debug: Requesting shell. debug: Entering interactive session. Last login: Fri Nov 3 23:59:38 2000 from vasantam.pal.ece But as myself I see: [dhani@vasantam:p1 ~]% ssh -v pal -l dhani SSH Version OpenSSH-2.1, protocol versions 1.5/2.0. Compiled with SSL (0x0090581f). debug: Reading configuration data /etc/ssh/ssh_config ssh: no RSA support in libssl and libcrypto. See ssl(8). Disabling protocol version 1 debug: ssh_connect: getuid 0 geteuid 0 anon 0 debug: Connecting to pal.ece.iisc.ernet.in [144.16.64.149] port 22. debug: Allocated local port 1010. debug: Connection established. debug: Remote protocol version 1.5, remote software version OpenSSH-1.2 Protocol major versions differ: 2 vs. 1 debug: Calling cleanup 0x805b5a4(0x0) and more: [dhani@vasantam:p1 ~]% ssh -v vasantam SSH Version OpenSSH-2.1, protocol versions 1.5/2.0. Compiled with SSL (0x0090581f). debug: Reading configuration data /etc/ssh/ssh_config ssh: no RSA support in libssl and libcrypto. See ssl(8). Disabling protocol version 1 debug: ssh_connect: getuid 0 geteuid 0 anon 0 debug: Connecting to vasantam.pal.ece.iisc.ernet.in [144.16.64.246] port 22. debug: Allocated local port 1009. debug: Connection established. debug: Remote protocol version 1.99, remote software version OpenSSH-2.1 Enabling compatibility mode for protocol 2.0 debug: Local version string SSH-2.0-OpenSSH-2.1 debug: send KEXINIT debug: done debug: wait KEXINIT debug: got kexinit: diffie-hellman-group1-sha1 debug: got kexinit: ssh-dss debug: got kexinit: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc debug: got kexinit: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com debug: got kexinit: zlib,none debug: got kexinit: zlib,none debug: got kexinit: debug: got kexinit: debug: first kex follow: 0 debug: reserved: 0 debug: done debug: kex: server->client 3des-cbc hmac-sha1 none debug: kex: client->server 3des-cbc hmac-sha1 none debug: Sending SSH2_MSG_KEXDH_INIT. DH_generate_key debug: Calling cleanup 0x805b5a4(0x0) I have: [dhani@vasantam:p1 ~]% ls -l /usr/lib/libssl* -r--r--r-- 1 root wheel 238240 Sep 26 05:34 /usr/lib/libssl.a lrwxrwxrwx 1 root wheel 11 Nov 2 23:19 /usr/lib/libssl.so -> libssl.so.1 -r--r--r-- 1 root wheel 180928 Sep 26 05:34 /usr/lib/libssl.so.1 -r--r--r-- 1 root wheel 252442 Sep 26 05:34 /usr/lib/libssl_p.a [dhani@vasantam:p1 ~]% ls -l /usr/lib/libcrypt* lrwxrwxrwx 1 root wheel 13 Nov 2 23:19 /usr/lib/libcrypt.a -> libdescrypt.a lrwxrwxrwx 1 root wheel 14 Nov 2 23:19 /usr/lib/libcrypt.so -> libdescrypt.so lrwxrwxrwx 1 root wheel 16 Nov 2 23:19 /usr/lib/libcrypt.so.2 -> libdescrypt.so.2 lrwxrwxrwx 1 root wheel 15 Nov 2 23:19 /usr/lib/libcrypt_p.a -> libdescrypt_p.a -r--r--r-- 1 root wheel 1275196 Sep 26 05:34 /usr/lib/libcrypto.a lrwxrwxrwx 1 root wheel 14 Nov 2 23:19 /usr/lib/libcrypto.so -> libcrypto.so.1 -r--r--r-- 1 root wheel 781268 Sep 26 05:34 /usr/lib/libcrypto.so.1 -r--r--r-- 1 root wheel 1362554 Sep 26 05:34 /usr/lib/libcrypto_p.a Please help me resolve this. Thanks in advance, Gangadhar. -- I am working today; do not want to go anywhere. NANDYALA D. Gangadhar, EE and PAL/ECE, IISc., Bangalore 560 012. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001104020855.A3368>