Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Date: Mon, 27 Aug 2001 08:04:19 -0400 (EDT)
From: Prentis Brooks <prentis AT aol DOT net>
To: Anatol Studler <studler AT ise DOT ch>
cc: <cygwin AT cygwin DOT com>, Andreas Bischoff <bischoff AT ise DOT ch>
Subject: Re: SSHD without password permission denied
In-Reply-To: <001f01c12ed6$46ceedd0$525aa8c0@ise.ch>
Message-ID: <Pine.GSO.4.33.0108270802380.12190-100000@magetower.office.aol.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

Your problem is most likely an invalid key.  You need to make sure that the
host key is on a single line in the ssh_known_hosts file and that there aren't
any extraneous characters.  I don't know if the cygwin port of sshd cares about
^M's or not, but it is never a bad idea to remove them.  Most likely, you have
a carriage return inside the antares host key.


On Mon, 27 Aug 2001, Anatol Studler wrote:

> Hi
>
> I installed the latest cygwin (1.3.2) downloaded @ 27.8.2001 an windows 2000
> server sp2.
>
> I did:
>
> modified the system variable "CYGWIN=ntea ntsec title strip_title"
> mkpasswd -d > /etc/passwd
> mkgroup  -d > /etc/group
> iu-config (for telnet)
> inetd --install-as-service
> ssh-host-config (configured sshd as service and with option "ntsec tty")
>
> After that sshd was running fine as a service with the default settings.
> After changing the settings to our needs:
>
> IgnoreRhosts no
> StrictModes yes
> RhostsAuthentication yes
> RhostsRSAAuthentication yes
> RSAAuthentication yes
> PasswordAuthentication no
>
>
> modified /etc/hosts.equiv
> added host antares /etc/ssh_known_hosts (copied ssh_know_hosts from another
> host)
>
> I got a PERMISSION DENIED.
>
> Here is the sshd log:
>
> --------------------------
> $ /usr/sbin/sshd -d
> debug1: Seeding random number generator
> debug1: sshd version OpenSSH_2.9p2
> debug1: private host key: #0 type 0 RSA1
> debug1: read PEM private key done: type RSA
> debug1: private host key: #1 type 1 RSA
> debug1: read PEM private key done: type DSA
> debug1: private host key: #2 type 2 DSA
> debug1: Bind to port 22 on 192.168.90.153.
> Server listening on 192.168.90.153 port 22.
> Generating 768 bit RSA key.
> RSA key generation complete.
> debug1: Server will not fork when running in debugging mode.
> Connection from 192.168.90.43 port 33271
> debug1: Client protocol version 1.5; client software version OpenSSH_2.9p1
> debug1: match: OpenSSH_2.9p1 pat ^OpenSSH
> debug1: Local version string SSH-1.99-OpenSSH_2.9p2
> debug1: Rhosts Authentication disabled, originating port not trusted.
> debug1: Sent 768 bit server key and 1024 bit host key.
> debug1: Encryption type: 3des
> debug1: Received session key; encryption turned on.
> debug1: Installing crc compensation attack detector.
> debug1: Attempting authentication for studler.
> debug1: Trying rhosts with RSA host authentication for client user studler
> debug1: temporarily_use_uid: 11107/10513 (e=10500)
> debug1: restore_uid
> debug1: Rhosts RSA authentication: canonical host antares.ise.ch
> debug1: temporarily_use_uid: 11107/10513 (e=10500)
> debug1: restore_uid
> debug1: Rhosts with RSA host authentication denied: unknown or invalid host
> key
> Failed rhosts-rsa for studler from 192.168.90.43 port 33271 ruser studler
> debug1: temporarily_use_uid: 11107/10513 (e=10500)
> debug1: restore_uid
> Failed rsa for studler from 192.168.90.43 port 33271
> Connection closed by 192.168.90.43
> debug1: Calling cleanup 0x415ec4(0x0)
> --------------------------
>
> What is the problem ? Wy do we get
>
> Rhosts Authentication disabled, originating port not trusted.
>
> Here is also the ssh client log:
>
> --------------------------
> [antares] /home/admin/documentation/win2000 > ssh -v nt115t
> OpenSSH_2.9p1, SSH protocols 1.5/2.0, OpenSSL 0x0090601f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Seeding random number generator
> debug1: Rhosts Authentication disabled, originating port will not be
> trusted.
> debug1: restore_uid
> debug1: ssh_connect: getuid 20885 geteuid 0 anon 1
> debug1: Connecting to nt115t [192.168.90.153] port 22.
> debug1: temporarily_use_uid: 20885/100 (e=0)
> debug1: restore_uid
> debug1: temporarily_use_uid: 20885/100 (e=0)
> debug1: restore_uid
> debug1: Connection established.
> debug1: read PEM private key done: type DSA
> debug1: identity file /home/studler/.ssh/identity type 0
> debug1: identity file /home/studler/.ssh/id_rsa type 1
> debug1: identity file /home/studler/.ssh/id_dsa type 2
> debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2
> debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
> debug1: Local version string SSH-1.5-OpenSSH_2.9p1
> debug1: Waiting for server public key.
> debug1: Received server public key (768 bits) and host key (1024 bits).
> debug1: Host 'nt115t' is known and matches the RSA1 host key.
> debug1: Found key in /home/studler/.ssh/known_hosts:1
> debug1: Encryption type: 3des
> debug1: Sent encrypted session key.
> debug1: Installing crc compensation attack detector.
> debug1: Received encrypted confirmation.
> debug1: Trying rhosts or /etc/hosts.equiv with RSA host authentication.
> debug1: Remote: Accepted for antares.ise.ch [192.168.90.43] by
> /etc/hosts.equiv.
> debug1: Remote: Your host key cannot be verified: unknown or invalid host
> key.
> debug1: Server refused our rhosts authentication or host key.
> debug1: Trying RSA authentication with key 'studler AT NT115T'
> debug1: Server refused our key.
> Permission denied.
> debug1: Calling cleanup 0x8064ea0(0x0)
> --------------------------
>
> Thanks in advance for any help
>
> ./Anatol
>
>
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
>

Prentis Brooks	| prentis AT aol DOT net | 703-265-0914 | AIM: PrentisB
System Administrator - Web Infrastructure & Security

       A knight is sworn to valor.  His heart knows only virtue.  His blade
       defends the helpless.  His word speaks only truth.  His wrath undoes the
       wicked. - the old code of Bowen, last of the dragonslayers


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/