Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Message-ID: <000901c1b95d$d61e94b0$7464a8c0@mysticom.com> From: "Guy Amir" To: Cc: Subject: openssh publickey authentication problem Date: Tue, 19 Feb 2002 17:55:08 +0200 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0005_01C1B96E.91A62350" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 ------=_NextPart_000_0005_01C1B96E.91A62350 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0006_01C1B96E.91A62350" ------=_NextPart_001_0006_01C1B96E.91A62350 Content-Type: text/plain; charset="windows-1255" Content-Transfer-Encoding: quoted-printable Hi, We are trying to run shell scripts and binaries on remote machine (NT = and Unix) by using ssh (openssh 3.02). The NT (2k and 4) network has PDC. The Cygwin version is 1.3.9. From NT to Unix the public key authentication is working good (RSA and = DSA both). From Unix to NT it doesn't work. The output of ssh -v and the sshd_config (both Unix and NT) are = attached. Thanks for any assistance. Guy Amir Unix system administrator Mysticom L.t.d mailto:guyam AT mysticom DOT com ------=_NextPart_001_0006_01C1B96E.91A62350 Content-Type: text/html; charset="windows-1255" Content-Transfer-Encoding: quoted-printable
Hi,
 
We are trying to run shell = scripts and=20 binaries on remote machine (NT and Unix) by using ssh (openssh=20 3.02).
The NT (2k and 4) network = has=20 PDC.
The Cygwin version is=20 1.3.9.
From NT to Unix the public = key=20 authentication is working good (RSA and DSA both).
From Unix to NT it doesn't=20 work.
 
The output of ssh -v and the = sshd_config=20 (both Unix and NT) are attached.
 
Thanks for any = assistance.
 
Guy Amir
Unix system = administrator
Mysticom L.t.d
mailto:guyam AT mysticom DOT com
 
 
------=_NextPart_001_0006_01C1B96E.91A62350-- ------=_NextPart_000_0005_01C1B96E.91A62350 Content-Type: application/octet-stream; name="sshd_config.NT" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="sshd_config.NT" # This is the sshd server system-wide configuration file. See sshd(8)=0A= # for more information.=0A= =0A= Port 22=0A= #Protocol 2,1=0A= #ListenAddress 0.0.0.0=0A= #ListenAddress ::=0A= =0A= # HostKey for protocol version 1=0A= HostKey /etc/ssh_host_key=0A= # HostKeys for protocol version 2=0A= HostKey /etc/ssh_host_rsa_key=0A= HostKey /etc/ssh_host_dsa_key=0A= =0A= # Lifetime and size of ephemeral version 1 server ke=0A= KeyRegenerationInterval 3600=0A= ServerKeyBits 768=0A= =0A= # Logging=0A= SyslogFacility AUTH=0A= LogLevel INFO=0A= #obsoletes QuietMode and FascistLogging=0A= =0A= # Authentication:=0A= =0A= LoginGraceTime 600=0A= PermitRootLogin yes=0A= # The following setting overrides permission checks on host key files=0A= # and directories. For security reasons set this to "yes" when running=0A= # NT/W2K, NTFS and CYGWIN=3Dntsec.=0A= StrictModes no=0A= =0A= RSAAuthentication yes=0A= PubkeyAuthentication yes=0A= AuthorizedKeysFile %h/.ssh/authorized_keys=0A= # AuthorizedKeysFile //mystifile/guyam/.ssh/authorized_keys=0A= =0A= # rhosts authentication should not be used=0A= RhostsAuthentication no=0A= # Don't read ~/.rhosts and ~/.shosts files=0A= IgnoreRhosts yes=0A= # For this to work you will also need host keys in /etc/ssh_known_hosts=0A= RhostsRSAAuthentication no=0A= # similar for protocol version 2=0A= HostbasedAuthentication no=0A= # Uncomment if you don't trust ~/.ssh/known_hosts for = RhostsRSAAuthentication=0A= #IgnoreUserKnownHosts yes=0A= =0A= # To disable tunneled clear text passwords, change to no here!=0A= PasswordAuthentication yes=0A= PermitEmptyPasswords no=0A= =0A= X11Forwarding no=0A= X11DisplayOffset 10=0A= PrintMotd yes=0A= #PrintLastLog no=0A= KeepAlive yes=0A= #UseLogin no=0A= =0A= #MaxStartups 10:30:60=0A= #Banner /etc/issue.net=0A= #ReverseMappingCheck yes=0A= =0A= Subsystem sftp /usr/sbin/sftp-server=0A= ------=_NextPart_000_0005_01C1B96E.91A62350 Content-Type: application/octet-stream; name="sshd_config.unix" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="sshd_config.unix" # $OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $=0A= =0A= # This sshd was compiled with PATH=3D/usr/bin:/bin:/usr/sbin:/sbin=0A= =0A= # This is the sshd server system-wide configuration file. See sshd(8)=0A= # for more information.=0A= =0A= Port 22=0A= #Protocol 2,1=0A= #ListenAddress 0.0.0.0=0A= #ListenAddress ::=0A= HostKey /etc/ssh/ssh_host_key=0A= HostKey /etc/ssh/ssh_host_rsa_key=0A= HostKey /etc/ssh/ssh_host_dsa_key=0A= ServerKeyBits 768=0A= LoginGraceTime 600=0A= KeyRegenerationInterval 3600=0A= PermitRootLogin yes=0A= #=0A= # Don't read ~/.rhosts and ~/.shosts files=0A= IgnoreRhosts yes=0A= # Uncomment if you don't trust ~/.ssh/known_hosts for = RhostsRSAAuthentication=0A= #IgnoreUserKnownHosts yes=0A= StrictModes yes=0A= X11Forwarding yes=0A= X11DisplayOffset 10=0A= PrintMotd yes=0A= #PrintLastLog no=0A= KeepAlive yes=0A= =0A= # Logging=0A= SyslogFacility AUTHPRIV=0A= LogLevel INFO=0A= #obsoletes QuietMode and FascistLogging=0A= =0A= RhostsAuthentication no=0A= #=0A= # For this to work you will also need host keys in = /etc/ssh/ssh_known_hosts=0A= RhostsRSAAuthentication no=0A= # similar for protocol version 2=0A= HostbasedAuthentication no=0A= #=0A= RSAAuthentication yes=0A= AuthorizedKeysFile %h/.ssh/authorized_keys=0A= =0A= # To disable tunneled clear text passwords, change to no here!=0A= PasswordAuthentication yes=0A= PermitEmptyPasswords no=0A= =0A= # Uncomment to disable s/key passwords =0A= #ChallengeResponseAuthentication no=0A= =0A= # Uncomment to enable PAM keyboard-interactive authentication =0A= # Warning: enabling this may bypass the setting of = 'PasswordAuthentication'=0A= #PAMAuthenticationViaKbdInt yes=0A= =0A= # To change Kerberos options=0A= #KerberosAuthentication no=0A= #KerberosOrLocalPasswd yes=0A= #AFSTokenPassing no=0A= #KerberosTicketCleanup no=0A= =0A= # Kerberos TGT Passing does only work with the AFS kaserver=0A= #KerberosTgtPassing yes=0A= =0A= #CheckMail yes=0A= #UseLogin no=0A= =0A= #MaxStartups 10:30:60=0A= #Banner /etc/issue.net=0A= #ReverseMappingCheck yes=0A= =0A= Subsystem sftp /usr/libexec/openssh/sftp-server=0A= ------=_NextPart_000_0005_01C1B96E.91A62350 Content-Type: application/octet-stream; name="nt2unix.log" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="nt2unix.log" $ ssh -v 192.168.101.180=0A= OpenSSH_3.0.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f=0A= debug1: Reading configuration data /etc/ssh_config=0A= debug1: Seeding random number generator=0A= debug1: Rhosts Authentication disabled, originating port will not be = trusted.=0A= debug1: restore_uid=0A= debug1: ssh_connect: getuid 11364 geteuid 11364 anon 1=0A= debug1: Connecting to 192.168.101.180 [192.168.101.180] port 22.=0A= debug1: temporarily_use_uid: 11364/10513 (e=3D11364)=0A= debug1: restore_uid=0A= debug1: temporarily_use_uid: 11364/10513 (e=3D11364)=0A= debug1: restore_uid=0A= debug1: Connection established.=0A= debug1: read PEM private key done: type DSA=0A= debug1: read PEM private key done: type RSA=0A= debug1: identity file //mystifile/guyam/.ssh/identity type -1=0A= debug1: identity file //mystifile/guyam/.ssh/id_rsa type -1=0A= debug1: identity file //mystifile/guyam/.ssh/id_dsa type 2=0A= debug1: Remote protocol version 1.99, remote software version = OpenSSH_3.0.2p1=0A= debug1: match: OpenSSH_3.0.2p1 pat ^OpenSSH=0A= Enabling compatibility mode for protocol 2.0=0A= debug1: Local version string SSH-2.0-OpenSSH_3.0.2p1=0A= debug1: SSH2_MSG_KEXINIT sent=0A= debug1: SSH2_MSG_KEXINIT received=0A= debug1: kex: server->client aes128-cbc hmac-md5 none=0A= debug1: kex: client->server aes128-cbc hmac-md5 none=0A= debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent=0A= debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP=0A= debug1: dh_gen_key: priv key bits set: 125/256=0A= debug1: bits set: 1570/3191=0A= debug1: SSH2_MSG_KEX_DH_GEX_INIT sent=0A= debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY=0A= debug1: Host '192.168.101.180' is known and matches the RSA host key.=0A= debug1: Found key in //mystifile/guyam/.ssh/known_hosts:1=0A= debug1: bits set: 1590/3191=0A= debug1: ssh_rsa_verify: signature correct=0A= debug1: kex_derive_keys=0A= debug1: newkeys: mode 1=0A= debug1: SSH2_MSG_NEWKEYS sent=0A= debug1: waiting for SSH2_MSG_NEWKEYS=0A= debug1: newkeys: mode 0=0A= debug1: SSH2_MSG_NEWKEYS received=0A= debug1: done: ssh_kex2.=0A= debug1: send SSH2_MSG_SERVICE_REQUEST=0A= debug1: service_accept: ssh-userauth=0A= debug1: got SSH2_MSG_SERVICE_ACCEPT=0A= debug1: authentications that can continue: = publickey,password,keyboard-interacti=0A= ve=0A= debug1: next auth method to try is publickey=0A= debug1: try privkey: //mystifile/guyam/.ssh/identity=0A= debug1: try privkey: //mystifile/guyam/.ssh/id_rsa=0A= debug1: read PEM private key done: type RSA=0A= debug1: ssh-userauth2 successful: method publickey=0A= debug1: channel 0: new [client-session]=0A= debug1: send channel open 0=0A= debug1: Entering interactive session.=0A= debug1: ssh_session2_setup: id 0=0A= debug1: channel request 0: shell=0A= debug1: channel 0: open confirm rwindow 0 rmax 16384=0A= Last login: Tue Feb 19 19:26:10 2002 from 192.168.100.116=0A= guyam AT mystiterm:/users/guyam 33 >=0A= ------=_NextPart_000_0005_01C1B96E.91A62350 Content-Type: application/octet-stream; name="unix2nt.log" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="unix2nt.log" guyam AT mystiterm:/users/guyam 34 > ssh -v 192.168.100.116=0A= OpenSSH_3.0.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f=0A= debug1: Reading configuration data /usr/etc/ssh_config=0A= debug1: Seeding random number generator=0A= debug1: Rhosts Authentication disabled, originating port will not be = trusted.=0A= debug1: restore_uid=0A= debug1: ssh_connect: getuid 2032 geteuid 0 anon 1=0A= debug1: Connecting to 192.168.100.116 [192.168.100.116] port 22.=0A= debug1: temporarily_use_uid: 2032/300 (e=3D0)=0A= debug1: restore_uid=0A= debug1: temporarily_use_uid: 2032/300 (e=3D0)=0A= debug1: restore_uid=0A= debug1: Connection established.=0A= debug1: read PEM private key done: type DSA=0A= debug1: read PEM private key done: type RSA=0A= debug1: identity file /users/guyam/.ssh/identity type -1=0A= debug1: identity file /users/guyam/.ssh/id_rsa type 1=0A= debug1: identity file /users/guyam/.ssh/id_dsa type -1=0A= debug1: Remote protocol version 1.99, remote software version = OpenSSH_3.0.2p1=0A= debug1: match: OpenSSH_3.0.2p1 pat ^OpenSSH=0A= Enabling compatibility mode for protocol 2.0=0A= debug1: Local version string SSH-2.0-OpenSSH_3.0.2p1=0A= debug1: SSH2_MSG_KEXINIT sent=0A= debug1: SSH2_MSG_KEXINIT received=0A= debug1: kex: server->client aes128-cbc hmac-md5 none=0A= debug1: kex: client->server aes128-cbc hmac-md5 none=0A= debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent=0A= debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP=0A= debug1: dh_gen_key: priv key bits set: 125/256=0A= debug1: bits set: 1611/3191=0A= debug1: SSH2_MSG_KEX_DH_GEX_INIT sent=0A= debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY=0A= debug1: Host '192.168.100.116' is known and matches the RSA host key.=0A= debug1: Found key in /users/guyam/.ssh/known_hosts:1=0A= debug1: bits set: 1631/3191=0A= debug1: ssh_rsa_verify: signature correct=0A= debug1: kex_derive_keys=0A= debug1: newkeys: mode 1=0A= debug1: SSH2_MSG_NEWKEYS sent=0A= debug1: waiting for SSH2_MSG_NEWKEYS=0A= debug1: newkeys: mode 0=0A= debug1: SSH2_MSG_NEWKEYS received=0A= debug1: done: ssh_kex2.=0A= debug1: send SSH2_MSG_SERVICE_REQUEST=0A= debug1: service_accept: ssh-userauth=0A= debug1: got SSH2_MSG_SERVICE_ACCEPT=0A= debug1: authentications that can continue: = publickey,password,keyboard-interacti=0A= ve=0A= debug1: next auth method to try is publickey=0A= debug1: try privkey: /users/guyam/.ssh/identity=0A= debug1: try pubkey: /users/guyam/.ssh/id_rsa=0A= debug1: authentications that can continue: = publickey,password,keyboard-interacti=0A= ve=0A= debug1: try privkey: /users/guyam/.ssh/id_dsa=0A= debug1: read PEM private key done: type DSA=0A= debug1: authentications that can continue: = publickey,password,keyboard-interacti=0A= ve=0A= debug1: next auth method to try is keyboard-interactive=0A= debug1: authentications that can continue: = publickey,password,keyboard-interacti=0A= ve=0A= debug1: next auth method to try is keyboard-interactive=0A= debug1: authentications that can continue: = publickey,password,keyboard-interacti=0A= ve=0A= debug1: next auth method to try is password=0A= guyam AT 192 DOT 168 DOT 100 DOT 116's password:=0A= ------=_NextPart_000_0005_01C1B96E.91A62350 Content-Type: text/plain; charset=us-ascii -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ------=_NextPart_000_0005_01C1B96E.91A62350--