Date: Fri, 21 Apr 2000 10:39:57 -0700 (PDT) From: Archie Cobbs <archie@whistle.com> To: mpp@mppsystems.com (Mike Pritchard) Cc: kris@FreeBSD.OR, freebsd-current@FreeBSD.ORG Subject: Re: ssh to freefall broken Message-ID: <200004211739.KAA03491@bubba.whistle.com> In-Reply-To: <20000421025323.A18027@mppsystems.com> from Mike Pritchard at "Apr 21, 2000 02:53:23 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Pritchard writes: > > Kris Kennaway writes: > > > > $ ssh archie@freefall.freebsd.org > > > > Warning: Server lies about size of server host key: actual size is 1023 bits vs. announced 1024. > > > > Warning: This may be due to an old implementation of ssh. > > > > Warning: identity keysize mismatch: actual 1023, announced 1024 > > > > Agent admitted failure to authenticate using the key. > > > > Authentication agent failed to decrypt challenge. > > > > Enter passphrase for RSA key 'archie@bubba.whistle.com': > > Are you still being asked for your passphrase? I noticed a couple > of days ago that ssh to freefall wanted my passphrase, but I didn't need > it yesterday or today. Sunspots? Full moon? Yes, that's what has changed.. before it never asked, now it always asks. For me it's not intermittent.. it's consistent. > Even before OpenSSH, I've had this problem in the past. Sometimes > it seemed to be due to reverse DNS lookups not resolving > correctly (my ISP wasn't always responding to reverse DNS > lookups correctly). That doesn't seem to be the problem.. I can resolve my IP address from freefall (in another window) at the same time it's failing.. This only happens when going from machine A -> machine B -> freefall. Machine A is 3.4-REL, machine B is either 4.0-stable or 5.0-current (as of a couple of days ago). When going directly from machine A -> freefall it works fine... in this case no newer versions of FreeBSD are invovled. Previously, when machine B was 3.4-REL or pre-4.0-current (as of a few months ago), it worked fine. Since then, only 'machine B' has changed. Machine A (and presumably freefall) haven't. It may be something stupid I'm doing.. but if it is, then I was was doing it before and it used to work :-) It also may have to do with the warning 'Server lies about size of server host key: actual size is 1023 bits vs. announced 1024.' A complete trace is included below. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com [machineA] $ ssh -v machineB SSH Version 1.2.26 [i386-unknown-freebsd3.1], protocol version 1.5. Standard version. Does not use RSAREF. machineA.whistle.com: Reading configuration data /usr/local/etc/ssh_config machineA.whistle.com: Applying options for * machineA.whistle.com: ssh_connect: getuid 1000 geteuid 0 anon 0 machineA.whistle.com: Connecting to machineB [207.76.205.132] port 22. machineA.whistle.com: Allocated local port 751. machineA.whistle.com: Connection established. machineA.whistle.com: Remote protocol version 1.5, remote software version OpenSSH-1.2.2 machineA.whistle.com: Waiting for server public key. machineA.whistle.com: Received server public key (768 bits) and host key (1024 bits). machineA.whistle.com: Host 'machineB' is known and matches the host key. machineA.whistle.com: Initializing random; seed file /home/archie/.ssh/random_seed machineA.whistle.com: IDEA not supported, using 3des instead. machineA.whistle.com: Encryption type: 3des machineA.whistle.com: Sent encrypted session key. machineA.whistle.com: Installing crc compensation attack detector. machineA.whistle.com: Received encrypted confirmation. machineA.whistle.com: Connection to authentication agent opened. machineA.whistle.com: Trying RSA authentication via agent with 'archie@machineA.whistle.com' machineA.whistle.com: Server refused our key. machineA.whistle.com: RSA authentication using agent refused. machineA.whistle.com: Trying RSA authentication with key 'archie@machineA.whistle.com' machineA.whistle.com: Server refused our key. machineA.whistle.com: Doing password authentication. archie@machineB's password: machineA.whistle.com: Requesting pty. machineA.whistle.com: Failed to get local xauth data. machineA.whistle.com: Requesting X11 forwarding with authentication spoofing. machineA.whistle.com: Remote: X11 forwarding disabled in server configuration file. Warning: Remote host denied X11 forwarding, perhaps xauth program could not be run on the server side. machineA.whistle.com: Requesting authentication agent forwarding. machineA.whistle.com: Requesting shell. machineA.whistle.com: Entering interactive session. Last login: Fri Apr 21 10:32:24 2000 from machineA.whistle.co Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.0-STABLE (MACHINEB) #0: Thu Apr 20 10:53:28 PDT 2000 Welcome to FreeBSD! Before seeking technical support, please use the following resources: o Security advisories and updated errata information for all releases are at http://www.FreeBSD.org/releases/ - always consult the ERRATA section for your release first as it's updated frequently. o The Handbook and FAQ documents are at http://www.freebsd.org/ and, along with the mailing lists, can be searched by going to http://www.FreeBSD.org/search.html. If the doc distribution has been installed, they're also available formatted in /usr/share/doc. If you still have a question or problem, please take the output of `uname -a', along with any relevant error messages, and email it as a question to the questions@FreeBSD.org mailing list. If you are unfamiliar with FreeBSD's directory layout, please refer to the hier(7) man page. If you are not familiar with man pages, type "man man". You may also use `/stand/sysinstall' to re-enter the installation and configuration utility. Edit /etc/motd to change this login announcement. You are currently logged on to machineB.whistle.com. [machineB] $ ssh -v archie@freefall.freebsd.org SSH Version OpenSSH-1.2.2, protocol version 1.5. Compiled with SSL. debug: Reading configuration data /etc/ssh/ssh_config debug: ssh_connect: getuid 0 geteuid 0 anon 0 debug: Connecting to freefall.freebsd.org [204.216.27.21] port 22. debug: Allocated local port 1000. debug: Connection established. debug: Remote protocol version 1.5, remote software version 1.2.27 debug: Waiting for server public key. Warning: Server lies about size of server host key: actual size is 1023 bits vs. announced 1024. Warning: This may be due to an old implementation of ssh. debug: Received server public key (768 bits) and host key (1023 bits). Warning: /home/archie/.ssh/known_hosts, line 4: keysize mismatch for host freefall.freebsd.org: actual 1023 vs. announced 1024. Warning: replace 1024 with 1023 in /home/archie/.ssh/known_hosts, line 4. debug: Host 'freefall.freebsd.org' is known and matches the host key. debug: Encryption type: 3des debug: Sent encrypted session key. debug: Installing crc compensation attack detector. debug: Received encrypted confirmation. debug: Trying rhosts or /etc/hosts.equiv with RSA host authentication. machineA.whistle.com: Connection to authentication agent opened. machineA.whistle.com: Forwarding authentication connection. machineA.whistle.com: Allocated channel 0 of type 4. debug: Remote: Rhosts/hosts.equiv authentication refused: client user 'archie', server user 'archie', client host 's205m132.whistle.com'. debug: Server refused our rhosts authentication or host key. Warning: identity keysize mismatch: actual 1023, announced 1024 debug: Trying RSA authentication via agent with 'archie@machineA.whistle.com' debug: Received RSA challenge from server. Agent admitted failure to authenticate using the key. Authentication agent failed to decrypt challenge. debug: Sending response to RSA challenge. debug: Remote: Wrong response to RSA authentication challenge. debug: RSA authentication using agent refused. debug: Trying RSA authentication with key 'archie@machineA.whistle.com' debug: Received RSA challenge from server. Enter passphrase for RSA key 'archie@machineA.whistle.com': machineA.whistle.com: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004211739.KAA03491>