Mail Archives: cygwin/2001/08/27/08:04:51
Your problem is most likely an invalid key. You need to make sure that the
host key is on a single line in the ssh_known_hosts file and that there aren't
any extraneous characters. I don't know if the cygwin port of sshd cares about
^M's or not, but it is never a bad idea to remove them. Most likely, you have
a carriage return inside the antares host key.
On Mon, 27 Aug 2001, Anatol Studler wrote:
> Hi
>
> I installed the latest cygwin (1.3.2) downloaded @ 27.8.2001 an windows 2000
> server sp2.
>
> I did:
>
> modified the system variable "CYGWIN=ntea ntsec title strip_title"
> mkpasswd -d > /etc/passwd
> mkgroup -d > /etc/group
> iu-config (for telnet)
> inetd --install-as-service
> ssh-host-config (configured sshd as service and with option "ntsec tty")
>
> After that sshd was running fine as a service with the default settings.
> After changing the settings to our needs:
>
> IgnoreRhosts no
> StrictModes yes
> RhostsAuthentication yes
> RhostsRSAAuthentication yes
> RSAAuthentication yes
> PasswordAuthentication no
>
>
> modified /etc/hosts.equiv
> added host antares /etc/ssh_known_hosts (copied ssh_know_hosts from another
> host)
>
> I got a PERMISSION DENIED.
>
> Here is the sshd log:
>
> --------------------------
> $ /usr/sbin/sshd -d
> debug1: Seeding random number generator
> debug1: sshd version OpenSSH_2.9p2
> debug1: private host key: #0 type 0 RSA1
> debug1: read PEM private key done: type RSA
> debug1: private host key: #1 type 1 RSA
> debug1: read PEM private key done: type DSA
> debug1: private host key: #2 type 2 DSA
> debug1: Bind to port 22 on 192.168.90.153.
> Server listening on 192.168.90.153 port 22.
> Generating 768 bit RSA key.
> RSA key generation complete.
> debug1: Server will not fork when running in debugging mode.
> Connection from 192.168.90.43 port 33271
> debug1: Client protocol version 1.5; client software version OpenSSH_2.9p1
> debug1: match: OpenSSH_2.9p1 pat ^OpenSSH
> debug1: Local version string SSH-1.99-OpenSSH_2.9p2
> debug1: Rhosts Authentication disabled, originating port not trusted.
> debug1: Sent 768 bit server key and 1024 bit host key.
> debug1: Encryption type: 3des
> debug1: Received session key; encryption turned on.
> debug1: Installing crc compensation attack detector.
> debug1: Attempting authentication for studler.
> debug1: Trying rhosts with RSA host authentication for client user studler
> debug1: temporarily_use_uid: 11107/10513 (e=10500)
> debug1: restore_uid
> debug1: Rhosts RSA authentication: canonical host antares.ise.ch
> debug1: temporarily_use_uid: 11107/10513 (e=10500)
> debug1: restore_uid
> debug1: Rhosts with RSA host authentication denied: unknown or invalid host
> key
> Failed rhosts-rsa for studler from 192.168.90.43 port 33271 ruser studler
> debug1: temporarily_use_uid: 11107/10513 (e=10500)
> debug1: restore_uid
> Failed rsa for studler from 192.168.90.43 port 33271
> Connection closed by 192.168.90.43
> debug1: Calling cleanup 0x415ec4(0x0)
> --------------------------
>
> What is the problem ? Wy do we get
>
> Rhosts Authentication disabled, originating port not trusted.
>
> Here is also the ssh client log:
>
> --------------------------
> [antares] /home/admin/documentation/win2000 > ssh -v nt115t
> OpenSSH_2.9p1, SSH protocols 1.5/2.0, OpenSSL 0x0090601f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Seeding random number generator
> debug1: Rhosts Authentication disabled, originating port will not be
> trusted.
> debug1: restore_uid
> debug1: ssh_connect: getuid 20885 geteuid 0 anon 1
> debug1: Connecting to nt115t [192.168.90.153] port 22.
> debug1: temporarily_use_uid: 20885/100 (e=0)
> debug1: restore_uid
> debug1: temporarily_use_uid: 20885/100 (e=0)
> debug1: restore_uid
> debug1: Connection established.
> debug1: read PEM private key done: type DSA
> debug1: identity file /home/studler/.ssh/identity type 0
> debug1: identity file /home/studler/.ssh/id_rsa type 1
> debug1: identity file /home/studler/.ssh/id_dsa type 2
> debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2
> debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
> debug1: Local version string SSH-1.5-OpenSSH_2.9p1
> debug1: Waiting for server public key.
> debug1: Received server public key (768 bits) and host key (1024 bits).
> debug1: Host 'nt115t' is known and matches the RSA1 host key.
> debug1: Found key in /home/studler/.ssh/known_hosts:1
> debug1: Encryption type: 3des
> debug1: Sent encrypted session key.
> debug1: Installing crc compensation attack detector.
> debug1: Received encrypted confirmation.
> debug1: Trying rhosts or /etc/hosts.equiv with RSA host authentication.
> debug1: Remote: Accepted for antares.ise.ch [192.168.90.43] by
> /etc/hosts.equiv.
> debug1: Remote: Your host key cannot be verified: unknown or invalid host
> key.
> debug1: Server refused our rhosts authentication or host key.
> debug1: Trying RSA authentication with key 'studler AT NT115T'
> debug1: Server refused our key.
> Permission denied.
> debug1: Calling cleanup 0x8064ea0(0x0)
> --------------------------
>
> Thanks in advance for any help
>
> ./Anatol
>
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting: http://cygwin.com/bugs.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
>
Prentis Brooks | prentis AT aol DOT net | 703-265-0914 | AIM: PrentisB
System Administrator - Web Infrastructure & Security
A knight is sworn to valor. His heart knows only virtue. His blade
defends the helpless. His word speaks only truth. His wrath undoes the
wicked. - the old code of Bowen, last of the dragonslayers
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -