openssh public key (after upgrade) problem
Hello,
in response to DSA-1571 I've upgraded almost all of my servers .
But on server is acting strange.. I cannot use my key-auth anymore..
After upgrading , it's openssh server generated pair of non-vulnerable
keys, then on my client computers that authenticate on this server
i've deleted the server's entry from known_hosts. Then i've uploaded
new id_rsa.pub's on the upgraded server ( not sure if it was
necessary)
Everything should be done clearly , BUT ...
1. Node authenticating on the upgraded server get's something like
that ,(after deletion of .ssh/known_hosts , also there should be no
password):
brama ~ # ssh -p 60200 my.server.dot.com -l wojtek
The authenticity of host '[my.server.dot.com]:60200 ([x.x.x.x]:60200)'
can't be established. <<<<< why ?
RSA key fingerprint is f5:76:cf:6c:81:XX:XX:74:92:52:18:7f:ff:10:b5:2d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[my.server.dot.com]:60200,[x.x.x.x]:60200'
(RSA) to the list of known hosts.
wojtek@my.server.dot.com's password:
^^^^ WTF ?
2. Second node (also with .ssh/known_hosts erased) get's something else :
root@hlds:/# ssh -p 60200 root@my.server.dot.com
root@my.server.dot.com's password:
So only password prompt, without any auth errors.
2a) the same with verbosity :
root@hlds:/# ssh -vp 60200 root@my.server.dot.com
OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8c 05 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to my.server.dot.com [x.x.x.x] port 60200.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_4.3p2 Debian-9etch2
debug1: match: OpenSSH_4.3p2 Debian-9etch2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-9
debug1: Miscellaneous failure
No credentials cache found
debug1: Miscellaneous failure
No credentials cache found
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ids.cebit.com.pl' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:4
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: password
root@my.server.dot.com's password:
I've erased all the keys several times and started from the beggining
but with no effect..
help appreciated
Wojtek
--
Wojciech Ziniewicz
Unix SEX :{look;gawk;find;sed;talk;grep;touch;finger;find;fl
ex;unzip;head;tail; mount;workbone;fsck;yes;gasp;fsck;more;yes;yes;eje
ct;umount;makeclean; zip;split;done;exit:xargs!!;)}
Reply to: