i'm using openssh , and i want to know how i can login to a remote
computer from mine ( which has a dialup connection -- dynamic ip, but with a
dyndns.org hostname) without being asked for a password. i used ssh-keygen to
generate both dsa & rsa keys and i put the pub keys in the remote computer's
~/.ssh/authorized_keys2 & ~/.ssh/authorized_keys, but it still is asking for
a password. What have i done wrong ?
An optimist sees light at the end of every tunnel.
A pessimist fears it might be of an incoming train.
C O G I T O E R G O S U M
> i'm using openssh , and i want to know how i can login to a remote
> computer from mine ( which has a dialup connection -- dynamic ip, but with
> dyndns.org hostname) without being asked for a password. i used ssh-keygen
> generate both dsa & rsa keys and i put the pub keys in the remote
> ~/.ssh/authorized_keys2 & ~/.ssh/authorized_keys, but it still is asking
> a password. What have i done wrong ?
There are several questions here:
1. What password is it asking of you? The RSA and DSA private keys usually
have a passphrase associated with them, which the SSH client will ask of
2. Have you configured client and server for RSA and/or DSA authentication?
3. Are the SSH client user's public keys in ~/.ssh/authorized_keys in the
correct format? Are the permissions on the files correct? Are the filenames
IMHO, the best way to discover what the real problem is, is to call sshd
with the -d option on the SSH server and use 'ssh -v -v' on the client,
monitoring the result. That way, you can trace just about everything that
happens on the client as well as the server. This should help you find the
cause of your problem.
This is funny. Couldn't stand seeing you die without having seen it...
It complains about my rc.status mail...
---------- Forwarded message ----------
Date: Mon, 26 Feb 2001 14:25:36 +0100
Subject: InterScan eManager Content Management Notification! (VBS Type
******Message from InterScan E-Mail VirusWall NT******
The following mail was blocked by InterScan eManager Content Management.
Source mailbox: <draht(a)suse.de>
Destination mailbox(es): <ml(a)lofl.de>,<suse-security(a)suse.com>
Policy: VBS Type Filter
ContentMaster(a)GROHE.AT has encountered an EMail containing potentially dangerous VBS and acted accordingly.
******************* End of message *******************
just checked the "Patches, Updates, Bugfixes" webpage of suse.de for
SuSE 6.4 and was quite surprised to find 23 updates marked as security
updates for January and February, while the security-announce mailing list
contains only 4 announcements for Jan/Feb, although some of the updates
are already quite old like cron or gnuserv.
Is there some special reason for that big discrepancy?
Dipl.-Inform. Frank Steiner mailto:firstname.lastname@example.org
Lehrstuhl f. Programmiersprachen mailto:email@example.com
CAU Kiel, Olshausenstraße 40 Phone: +49 431 880-7265, Fax: -7613
D-24098 Kiel, Germany http://www.informatik.uni-kiel.de/~fst/
"ssh versions 1.2.27 and earlier if compiled with the --with-rsaref
option are vulnerable."
"This problem can be fixed by upgrading to ssh-1.2.28. If this is
not possible, then install the ssh patch "
Suse has latest patch which produces ssh-1.2.27-209 for SuSE 6.3/6.4
(this version was uploaded 15/Feb or so.)
So i thought it looks like brand new vulnerability...
The only link given to 1.2.28 sources is on ftp://ftp.cs.hut.fi/pub/ssh/
which seems does not allow anonymous users...
I would prefer rpm, becouse i have one machine without any sources
due low HDD space, so it couldnt compile at all - but rpmfind did
not find any 1.2.28.
Oh well i would compile sources on other suse 6.3 machine, only if i
could get them.
So my question would be: is it new ssh bug, and no vendors yet
developed patch, or theres some mess with versions and saint?
Where i could get sources of ssh-1.2.28?
P.S. The saint i downloaded today - so it should be up to date
P.P.S. Saint also finds complains on popper, even althought i patched it
on last suse rpm update (pop-99.11.2-5) it seems provaides qpop 2.53, so i got sources from
eudora.com and upgraded popper to 3.1.2 (what a version jump?!)
QUALCOMM`s note on this:
Some versions of Qpopper are vulnerable to buffer overruns.
Qpopper 2.41 and older can be used to obtain root access to your system.
Qpopper 2.53 and older may permit an attacker who has access to a valid account to obtain a shell
with group-id 'mail', potentially allowing read/write access to all mail.
All users of Qpopper are urged to upgrade to the current version.
Gediminas Grigas mailto:firstname.lastname@example.org
>On the installation we have the following problem:
>the first time the firewall script runs the Network is not up so
>we only get an error message.
>Can someone tell me if this is normal or how I can fix this.
I have got the same problem. How can I start the firewall *after* the
network (ippp0) was started?
Sent through GMX FreeMail - http://www.gmx.net
when I read my logs today to check out, what's been going on in the last
two days while I was gone, I found the following :
Feb 25 18:45:57 network identd: request_thread: read(11, ..., 1023)
failed: Connection reset by peer
Feb 25 18:45:57 network xinetd: service ftp, accept: Connection reset
by peer (errno = 104)
Feb 25 18:45:57 network Waiting: Service_connection: accept on
listening socket failed - Resource temporarily unavailable
My box is a normal workstation with an IP not know publically. Does anyone
know, what someone was trying to do?
Any help is apreciated!
******* Where does a newborn go from here? The Net is Vast, and
Here's how I solved the cookies problems evne on windwoes! make the
cookie file "read only" It works pretty well, even for MSN sites.
apparenlty thier computer tries to write to your hard drive and thinks ,
since it sent the message that it must have worked, or if they get an
error message they dont keep trying, either way is ok by moi! It only
annoys my users a little bit, I have them surf to evey "personalised"
site they have and setup personalisations, before I make the file read
only.. and then tell they they dont have any more alloted space to do
more, unless they want to delete some??? <evil grin>
and on a really other topic:
since I cant even get an email reply out of Suse US; phone tree never
has a human pick up I went ot Best Buy , which so many of you have
touted, and got suse7.1 pro for $49 !!!
I am about to log out of this y'ar windwos and get into serious
installation mode ...
afterthought--- Clinton has replaced the military salute with a wink.
At 05:28 PM 25/02/2001, you wrote:
> i'm using openssh , and i want to know how i can login to a remote
>computer from mine ( which has a dialup connection -- dynamic ip, but with a
>dyndns.org hostname) without being asked for a password. i used ssh-keygen to
>generate both dsa & rsa keys and i put the pub keys in the remote computer's
>~/.ssh/authorized_keys2 & ~/.ssh/authorized_keys, but it still is asking for
>a password. What have i done wrong ?
Are you running ssh-agent on your workstation??
Nix - nix(a)susesecurity.com