Mailing-List:	contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT sourceware DOT cygnus DOT com>
List-Archive:	<http://sourceware.cygnus.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT sourceware DOT cygnus DOT com>
List-Help:	<mailto:cygwin-help AT sourceware DOT cygnus DOT com>, <http://sourceware.cygnus.com/ml/#faqs>
Sender:	cygwin-owner AT sourceware DOT cygnus DOT com
Delivered-To:	mailing list cygwin AT sourceware DOT cygnus DOT com
Message-ID:	<3947E709.9446033B@vinschen.de>
Date:	Wed, 14 Jun 2000 22:11:53 +0200
From:	Corinna Vinschen <corinna AT vinschen DOT de>
Reply-To:	cygwin <cygwin AT sourceware DOT cygnus DOT com>
X-Mailer:	Mozilla 4.73 [en] (X11; I; Linux 2.2.14 i686)
X-Accept-Language:	de, en
MIME-Version:	1.0
To:	Alexander Vorobiev <avorobiev AT usa DOT net>
CC:	cygwin <cygwin AT sourceware DOT cygnus DOT com>
Subject:	Re: OpenSSH and RSA authentication problem
References:	<ym0n1kpms1u DOT fsf AT infarmis DOT abn DOT com> <640eFmwJo0579M04 AT www DOT netaddress DOT com> <ym0itvcmef6 DOT fsf AT infarmis DOT abn DOT com> <657eFNRZm1003M29 AT www DOT netaddress DOT com> <ym0d7lkm6tt DOT fsf AT infarmis DOT abn DOT com>

There's no hint for a specific problem in sshd but it
seems as if you didn't cat your identity.pub file to
authorized_keys. At least the message is identical.
If it would be a permission problem, eg. your authorized_keys
file isn't readable by you, the debug output of ssh -v
would contain:

debug: Remote: Could not open /home/corinna/.ssh/authorized_keys for
reading.
debug: Remote: If your home is on an NFS volume, it may need to be
world-readable

Note that the below output is exactly(!) the same if
your authorized_keys file doesn't exist.


Corinna

Alexander Vorobiev wrote:
> 
> Corinna Vinschen <corinna AT vinschen DOT de>    writes:
> >  Anyway. Please send the output of sshd -d and ssh -V in
> >  case of RSA authentication. Maybe that there is some
> >  interesting info.
> 
> avorobiev$ /usr/local/sbin/sshd.exe -d
> debug: sshd version OpenSSH-1.2.2
> debug: Bind to port 22 on 0.0.0.0.
> Server listening on 0.0.0.0 port 22.
> Generating 768 bit RSA key.
> RSA key generation complete.
> debug: Server will not fork when running in debugging mode.
> Connection from 127.0.0.1 port 4085
> debug: Client protocol version 1.5; client software version OpenSSH-1.2.2
> debug: Sent 768 bit public key and 1024 bit host key.
> debug: Encryption type: 3des
> debug: Received session key; encryption turned on.
> debug: Installing crc compensation attack detector.
> debug: Attempting authentication for administrator.
> debug: seteuid 500: Not owner
> debug: seteuid 500: Not owner
> Failed rsa for administrator from 127.0.0.1 port 4085
> Connection closed by 127.0.0.1
> debug: Calling cleanup 0x411ebc(0x0)
> avorobiev$
> 
> and here is what client displays (the same machine):
> 
> avorobiev$ slogin -v localhost
> SSH Version OpenSSH-1.2.2, protocol version 1.5.
> Compiled with SSL.
> debug: Reading configuration data /usr/local/etc/ssh_config
> debug: Applying options for *
> debug: seteuid 500: Not owner
> debug: ssh_connect: getuid 500 geteuid 500 anon 1
> debug: Connecting to localhost [127.0.0.1] port 22.
> debug: seteuid 500: Not owner
> debug: seteuid 500: Not owner
> debug: seteuid 500: Not owner
> debug: seteuid 500: Not owner
> debug: Connection established.
> debug: setuid 500: Not owner
> debug: Remote protocol version 1.5, remote software version OpenSSH-1.2.2
> debug: Waiting for server public key.
> debug: Received server public key (768 bits) and host key (1024 bits).
> debug: Forcing accepting of host key for loopback/localhost.
> debug: Encryption type: 3des
> debug: Sent encrypted session key.
> debug: Installing crc compensation attack detector.
> debug: Received encrypted confirmation.
> debug: Trying RSA authentication with key 'administrator AT NTBOX'
> debug: Server refused our key.
> Permission denied.
> debug: Calling cleanup 0x40bb1c(0x0)
> avorobiev$
> 
> and here is what client displays when I try to connect from unix box
> (real ip addresses and machine names changed):
> 
> slogin xx.xx.xx.xx -l administrator -v
> SSH Version 1.2.27 [hppa1.1-hp-hpux10.20], protocol version 1.5.
> Standard version.  Does not use RSAREF.
> unixbox: Reading configuration data /homedirs/avorobiev/.ssh/config
> unixbox: Applying options for *
> unixbox: ssh_connect: getuid 1799 geteuid 1799 anon 1
> unixbox: Connecting to xx.xx.xx.xx port 22.
> unixbox: Connection established.
> unixbox: Remote protocol version 1.5, remote software version OpenSSH-1.2.2
> unixbox: Waiting for server public key.
> unixbox: Received server public key (768 bits) and host key (1024 bits).
> unixbox: Host 'xx.xx.xx.xx' is known and matches the host key.
> unixbox: Initializing random; seed file /homedirs/avorobiev/.ssh/random_seed
> unixbox: IDEA not supported, using 3des instead.
> unixbox: Encryption type: 3des
> unixbox: Sent encrypted session key.
> unixbox: Installing crc compensation attack detector.
> unixbox: Received encrypted confirmation.
> unixbox: No agent.
> unixbox: Trying RSA authentication with key 'avorobiev AT UNIXBOX'
> unixbox: Server refused our key.
> Permission denied.
> 
> in the latter case sshd -d outputs exactly the same messages as in the
> former case (connection from localhost) but with different ip
> addresses of course
> 
> all RSA-related files (identity, authorized_hosts etc) seem to be
> ok. It all looks like some permission problem...
> 
> Alexander
> 
> --
> Narrowness of experience leads to narrowness of imagination
>         -- Rob Pike
> 
> --
> Want to unsubscribe from this list?
> Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com

-- 
Corinna Vinschen
Cygwin Developer
Cygnus Solutions, a Red Hat company

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com

- Raw text -