Re: [PLUG] ssh rsa authentication troubles
also sprach gabriel rosenkoetter (on Wed, 17 Jan 2001 12:51:23PM -0500):
Presuming the sirius you mean is mine, Martin, it's actually running OpenSSH 2.1.1 too. (I know /usr/local/sbin/sshd still exists and is SSH.com's 1.2.27, but it's not the one that's run out of rc.local, and it'll get wiped when that machine is upgraded to NetBSD 1.5 later this week... especially since 1.5 ships with NetBSD's port of OpenSSH 2.2.)
of course it's yours. that's why i called them sirius and uriel and not A and B so you'd know. but yes, thanks for the pattern update...
OpenSSH is pickier about syntax. (For instance, where SSH.com's ssh will accept any white space in its /etc/ssh_config and ~/.ssh/config files, OpenSSH insists on tabs.)
now, ssh_config was just now converted to all tabs but with no effect. uriel, sirius, localhost, and ceylon still ask for passwords...
I have no problem connecting to any of those machines with RSA authentication, using either 1.2.2x or 2.1.1 clients.
well, good to know. what was that thingy about micro$oft support center giving lightbulb support? "what do you mean your bulb doesn't work? we have approximately the same model here and it works perfectly."
What does your authorized_keys file look like? (It's safe to post that, don't worry... all we could do with it is let you into our computers.)
ooooh. is that why the files are called identity.pub ? aha. find it attached...
Presuming you're using OpenSSH 2.1.1 locally, this config file simply won't work. All those spaces MUST be tabs. Btw, I strongly
done and doesn't work still.
disagree with allowing X11 and Agent forwarding to *... default should be off, you should turn it on for specific, trusted hosts.
i know, and i did enable * simply to get this working. once it's working, i'll kick the * setting. no worries, i am aware...
I'm shocked that OpenSSH's sshd isn't bitching loudly about this. (Have you checked your logs?)
bitching loudly about what? the indentation of the files pasted into my previous email was mine to make it easier for you to read. in the actual files /^[ ^I]* finds nothing... thanks for your time! martin [greetings from the heart of the sun]# echo madduck@!#:1:s@\@@@.net -- i'd give my right arm to be ambidextrous.
by the way, i solved the problem. SSH protocol 2 does not support RSA anymore, it's now using DSA. however, OpenSSH 2.x.x can speak SSH1.x with clients that are SSH1.x, and then it uses RSA. but whenever i was speaking to clients that are capable of SSH2, OpenSSH would use SSH2 and therefore not know anything about RSA keys. now i have DSA keys for my hosts and once i updated OpenSSH to 2.3.0, ssh-agent and ssh-add work as expected with RSA and DSA keys, although a bit awkward. does anyone know how to add both, RSA and DSA identities with only one password query, considering that the passphrases for both keys are identical? thanks, martin [greetings from the heart of the sun]# echo madduck@!#:1:s@\@@@.net -- a life? where can i download that?
On Mon, Jan 22, 2001 at 09:18:14PM -0500, MaD dUCK wrote:
by the way, i solved the problem.
SSH protocol 2 does not support RSA anymore, it's now using DSA. however, OpenSSH 2.x.x can speak SSH1.x with clients that are SSH1.x, and then it uses RSA. but whenever i was speaking to clients that are capable of SSH2, OpenSSH would use SSH2 and therefore not know anything about RSA keys.
now i have DSA keys for my hosts and once i updated OpenSSH to 2.3.0, ssh-agent and ssh-add work as expected with RSA and DSA keys, although a bit awkward.
does anyone know how to add both, RSA and DSA identities with only one password query, considering that the passphrases for both keys are identical?
If I'm getting you right, your RSA key should go into your ~/.ssh/authorized_keays file, and DSA key into ~/.ssh/authorized_keys2 directory. I mean your public keys on the server side. Then you use your passphrase only to log in. -Kastus
participants (2)
-
kastus@tsoft.com -
MaD dUCK