Re: OpenSSH grief part 2
On 23 Mar 2001, at 20:52, Krzys Majewski wrote:
> What happens if you ssh -v -v -v to both the good machine and the bad
> machine? The output below suggests that the bad machine is choking on
> both your rsa key and your dsa key. The good machine only chokes on
> the dsa key, so maybe it's using whatever rsa key you give it (and
> perhaps this is a different rsa key than you supplied to the bad
> machine). The verbose output from the ssh client would confirm
> this. For example, I think the ssh2 protocol uses only dsa keys.
> -chris
The interesting thing is that the keys were generated by make host-
key, so I don't know why it's rejecting one. The even MORE
interesting thing is that by enabling PAM everything works - although
I still get DSA key rejects from the server. However, here is the
output of ssh -v -v -v from both machines:
--- from athena to hermes ---
lfabio@athena:~$ ssh -v -v -v hermes
OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: getuid 1000 geteuid 0 anon 1
debug1: Connecting to hermes [10.0.0.66] port 22.
debug1: Connection established.
debug1: unknown identity file /home/lfabio/.ssh/identity
debug1: identity file /home/lfabio/.ssh/identity type -1
debug1: unknown identity file /home/lfabio/.ssh/id_rsa
debug1: identity file /home/lfabio/.ssh/id_rsa type -1
debug1: unknown identity file /home/lfabio/.ssh/id_dsa
debug1: identity file /home/lfabio/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_2.5.2p2
debug1: match: OpenSSH_2.5.2p2 pat ^OpenSSH
debug1: Local version string SSH-1.5-OpenSSH_2.5.2p2
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024
bits).
The authenticity of host 'hermes (10.0.0.66)' can't be established.
RSA1 key fingerprint is
b0:79:4b:4b:6a:2c:3d:99:a3:d4:f9:f9:93:18:6d:c0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'hermes,10.0.0.66' (RSA1) to the list of
known hosts.
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Doing password authentication.
lfabio@hermes's password:
debug1: Requesting pty.
debug1: Requesting shell.
debug1: Entering interactive session.
--- end ---
--- from hermes to athena ----
lfabio@hermes:~$ ssh -v -v -v athena
OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: getuid 1000 geteuid 0 anon 1
debug1: Connecting to athena [10.0.0.65] port 22.
debug1: Connection established.
debug1: unknown identity file /home/lfabio/.ssh/identity
debug1: identity file /home/lfabio/.ssh/identity type -1
debug1: unknown identity file /home/lfabio/.ssh/id_rsa
debug1: identity file /home/lfabio/.ssh/id_rsa type -1
debug1: unknown identity file /home/lfabio/.ssh/id_dsa
debug1: identity file /home/lfabio/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_2.5.2p2
debug1: match: OpenSSH_2.5.2p2 pat ^OpenSSH
debug1: Local version string SSH-1.5-OpenSSH_2.5.2p2
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024
bits).
The authenticity of host 'athena (10.0.0.65)' can't be established.
RSA1 key fingerprint is
65:f6:cb:10:02:c0:41:32:22:61:b0:d3:ef:37:e0:c4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'athena,10.0.0.65' (RSA1) to the list of
known hosts.
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Doing password authentication.
lfabio@athena's password:
debug1: Requesting pty.
debug1: Requesting shell.
debug1: Entering interactive session.
--- end ---
The interesting part is that if i ssh -2 forcing the V2 protocol,
which I prefer, I get a lot more debug stuff - but still no errors.
Nonetheless, I'd really like to know why ssh wasn't running without
PAM, especially since it's the only programme which gives me trouble.
Everything else, from sendmail to apache to proftp to pop3d... works
fine on the first try on both machines (and several others, I might
add).
Regards,
Luigi Fabio - lfabio@ve.nettuno.it
Reply to: