Re: OpenSSH grief part 2

To: Krzys Majewski <majewski@cs.ubc.ca>
Cc: debian-user@lists.debian.org, George Wright <GWright@mhiweb.com>
Subject: Re: OpenSSH grief part 2
From: "Luigi Fabio" <lfabio@ve.nettuno.it>
Date: Sun, 25 Mar 2001 06:22:58 -0500
Message-id: <[🔎] 3ABD8EC2.16962.29BF34@localhost>
Reply-to: lfabio@ve.nettuno.it
In-reply-to: <[🔎] 877l1fwyyh.fsf@mi.krzys.com>
References: "Luigi Fabio"'s message of "Fri, 23 Mar 2001 11:20:49 -0500"

On 23 Mar 2001, at 20:52, Krzys Majewski wrote:
> What happens if you ssh -v -v -v to both the good machine and the bad
> machine? The output below suggests  that the bad machine is choking on
> both your  rsa key and your dsa  key. The good machine  only chokes on
> the dsa  key, so maybe  it's using whatever  rsa key you give  it (and
> perhaps  this is  a different  rsa key  than you  supplied to  the bad
> machine).  The  verbose  output  from  the ssh  client  would  confirm
> this. For example, I think the ssh2 protocol uses only dsa keys. 
> -chris
The interesting thing is that the keys were generated by make host-
key, so I don't know why it's rejecting one. The even MORE 
interesting thing is that by enabling PAM everything works - although 
I still get DSA key rejects from the server. However, here is the 
output of ssh -v -v -v from both machines:

--- from athena to hermes ---
lfabio@athena:~$ ssh -v -v -v hermes
OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be 
trusted.
debug1: ssh_connect: getuid 1000 geteuid 0 anon 1
debug1: Connecting to hermes [10.0.0.66] port 22.
debug1: Connection established.
debug1: unknown identity file /home/lfabio/.ssh/identity
debug1: identity file /home/lfabio/.ssh/identity type -1
debug1: unknown identity file /home/lfabio/.ssh/id_rsa
debug1: identity file /home/lfabio/.ssh/id_rsa type -1
debug1: unknown identity file /home/lfabio/.ssh/id_dsa
debug1: identity file /home/lfabio/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version 
OpenSSH_2.5.2p2
debug1: match: OpenSSH_2.5.2p2 pat ^OpenSSH
debug1: Local version string SSH-1.5-OpenSSH_2.5.2p2
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 
bits).
The authenticity of host 'hermes (10.0.0.66)' can't be established.
RSA1 key fingerprint is 
b0:79:4b:4b:6a:2c:3d:99:a3:d4:f9:f9:93:18:6d:c0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'hermes,10.0.0.66' (RSA1) to the list of 
known hosts.
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Doing password authentication.
lfabio@hermes's password:
debug1: Requesting pty.
debug1: Requesting shell.
debug1: Entering interactive session.
--- end ---

--- from hermes to athena ----
lfabio@hermes:~$ ssh -v -v -v athena
OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be 
trusted.
debug1: ssh_connect: getuid 1000 geteuid 0 anon 1
debug1: Connecting to athena [10.0.0.65] port 22.
debug1: Connection established.
debug1: unknown identity file /home/lfabio/.ssh/identity
debug1: identity file /home/lfabio/.ssh/identity type -1
debug1: unknown identity file /home/lfabio/.ssh/id_rsa
debug1: identity file /home/lfabio/.ssh/id_rsa type -1
debug1: unknown identity file /home/lfabio/.ssh/id_dsa
debug1: identity file /home/lfabio/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version 
OpenSSH_2.5.2p2
debug1: match: OpenSSH_2.5.2p2 pat ^OpenSSH
debug1: Local version string SSH-1.5-OpenSSH_2.5.2p2
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 
bits).
The authenticity of host 'athena (10.0.0.65)' can't be established.
RSA1 key fingerprint is 
65:f6:cb:10:02:c0:41:32:22:61:b0:d3:ef:37:e0:c4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'athena,10.0.0.65' (RSA1) to the list of 
known hosts.
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Doing password authentication.
lfabio@athena's password:
debug1: Requesting pty.
debug1: Requesting shell.
debug1: Entering interactive session.
--- end ---

The interesting part is that if i ssh -2 forcing the V2 protocol, 
which I prefer, I get a lot more debug stuff - but still no errors.

Nonetheless, I'd really like to know why ssh wasn't running without 
PAM, especially since it's the only programme which gives me trouble. 
Everything else, from sendmail to apache to proftp to pop3d... works 
fine on the first try on both machines (and several others, I might 
add).


Regards,
Luigi Fabio - lfabio@ve.nettuno.it

Reply to:

Follow-Ups:
- Re: OpenSSH grief part 2
  - From: Krzys Majewski <majewski@cs.ubc.ca>

References:
- Re: OpenSSH grief part 2
  - From: Krzys Majewski <majewski@cs.ubc.ca>

Prev by Date: RE: easy question - getting changed files read
Next by Date: slrnpull posting problem
Previous by thread: Re: OpenSSH grief part 2
Next by thread: Re: OpenSSH grief part 2
Index(es):
- Date
- Thread