Date: Thu, 14 Aug 2008 10:25:09 -0700 From: Gavin Spomer <spomerg@cwu.EDU> To: freebsd-stable@freebsd.org Subject: Re: ssh-keygen between SuSE and FreeBSD Message-ID: <48A40805020000900001C185@hermes.cwu.edu>
next in thread | raw e-mail | index | archive | help
>=20 >>> Marian Hettwer <mh@kernel32.de> 08/14/08 9:43 AM >>> > Hi Gavin, > From your Suse, try to run the ssh commando with "-v" or even -vv or = -vvv > to get debugging output. > If you can't figure out what the debugging output wants to tell you, = send > it to the list. > But complete, copy 'n' paste please :) Sure, no problem: (edited) myusername@suseserver:~> ssh -v myusername@freebsdserver OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to freebsdserver [xxx.xxx.xxx.xxx] port 22. debug1: Connection established. debug1: identity file /home/myusername/.ssh/id_rsa type -1 debug1: identity file /home/myusername/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.5p1 = FreeBSD-20061110 debug1: match: OpenSSH_4.5p1 FreeBSD-20061110 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'freebsdserver' is known and matches the DSA host key. debug1: Found key in /home/myusername/.ssh/known_hosts:6 debug1: ssh_dss_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /home/myusername/.ssh/id_rsa debug1: Trying private key: /home/myusername/.ssh/id_dsa debug1: Next authentication method: keyboard-interactive Password: debug1: Authentication succeeded (keyboard-interactive). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG =3D en_US.UTF-8 Last login: Thu Aug 14 10:08:12 2008 from suseserver . [snip] . Welcome to FreeBSD! . [snip] . [myusername@freebsdserver ~]$ > I'm not quite sure right now why you're using rsa keys. I'm always using > dsa keys (ssh-keygen -t dsa). It comes to my mind, that rsa keys are for > ssh version 1, while dsa keys are for ssh version 2. > But I could be wrong here ;) > No man ssh handy right now, sorry. If that's true, then I believe I will start using the dsa ones! I think I = chose rsa because the FreeBSD manual indicated I could use either and I = could only find settings for enabling rsa in sshd_config on the remote = servers, but I'll look again... > > I noticed you made a distinction between password and passphrase. = Could > > you please explain the difference? > > > Well, when you generate a rsa or dsa key, you get asked to enter a > passphrase for that key. > So a passphrase is basically the password to your ssh key. > While the password is the real password of the local user you're trying = to > be. Like ssh foo@bar, the password would be the password of the user foo = at > host bar. > And since everybody likes to know wether someone is talking about the > "password" of a ssh key or the password of a local user, you say = passphrase > to keys and password to local users. > That's how I would explain it :)) Good explanation. I grok, I grok. :D > Cheers, > Marian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48A40805020000900001C185>