Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Fri, 19 Sep 2003 10:19:08 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: ssh-keygen and slogin oddity
Message-ID: <20030919081908.GP9981@cygbert.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <20030919074059 DOT 13324343A7 AT nevin DOT research DOT canon DOT com DOT au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030919074059.13324343A7@nevin.research.canon.com.au>
User-Agent: Mutt/1.4.1i

On Fri, Sep 19, 2003 at 05:40:58PM +1000, luke DOT kendall AT cisra DOT canon DOT com DOT au wrote:
> I'm trying to make ssh ask me for a passphrase when I slogin to another
> machine, instead of asking me for my password on that machine.  With no
> luck.
> 
> It always asks me for my password.  If I modify /etc/ssh_config to set
> password authentication to "no", then slogin simply fails without
> asking me for anything.
> 
> Now, I used Cygwin's ssh-keygen (-t dsa) to generate a ~/.ssh/id_dsa
> and .pub pair.  The id_dsa file starts off:

Did you copy the public key to the remote machine into ~/.ssh/authorized_keys?

Does the remote machine allow pub key authentication (look into the remote
sshd_config file if you're allowed to).

> debug1: identity file /home/luke/.ssh/id_rsa type -1
> debug3: Not a RSA1 key file /home/luke/.ssh/id_dsa.
> [...]
> debug1: identity file /home/luke/.ssh/id_dsa type 2
> 
> But is that simply ssh trying to interpret id_dsa as an RSA key, giving
> up, then trying to intrepret it as a DSA key?

That's normal.  Btw., it's RSA1(!), not RSA.  It checks for the key
being an RSA key for ssh1 protocol first.

Another btw., don't use DSA if you can avoid it.  Create your own
RSA ssh2 key with ssh-keygen -t rsa.  It's supposed to be more secure
than DSA keys.

A last btw., didn't you run ssh-user-config which would have created
all those keys for you?

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/