Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com X-Originating-IP: [68.101.155.172] X-Originating-Email: [karlm30 AT hotmail DOT com] X-Sender: karlm30 AT hotmail DOT com From: "Karl M" To: cygwin AT cygwin DOT com Subject: RE: OpenSSH public key authentication woes Date: Sun, 25 Apr 2004 23:33:13 -0700 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 26 Apr 2004 06:33:13.0907 (UTC) FILETIME=[59ED8030:01C42B58] X-IsSubscribed: yes Hi Greg... I don't see an authorized_keys file in your .ssh directory. It should contain the public keys for those users/hosts that are permitted to do public key authentication. Just cat the public keys you want together to make your authorized_keys file. Then make sure that it is readable by your sshd (ssh server). HTH ...Karl >From: Greg Rudd >To: >CC: Didier Debuf >Subject: OpenSSH public key authentication woes >Date: Mon, 26 Apr 2004 16:04:41 +1000 > >Hi All > >I am trying to get public-key authentication working with openSSH under >cygwin. I have been looking on the net and found numorious references to >this problem but noone has posted a summary so as to prevent further emails >on this subject to the list. > >What is stange is that in testing I can do public key authentication to the >commercial version of SSH which in my case is an alpha (Tru64 4.0g and >5.1a) >running 3.2.9.1 but yet can not do public key authentication either to the >local host or from another host. > > >I have checked the ssh_config and sshd_config files and both have >RSAAuthetication and Public key authentication are enabled as well as >Protocol 2,1 listed in both files and the identity files listed in the >/etc/ssh_config file are: > > IdentityFile ~/.ssh/id_dsa > IdentityFile ~/.ssh/identity > IdentityFile ~/.ssh/id_rsa > IdentityFile ~/.ssh/id_dsa > >And the contents of the .ssh directory are >drwxr-xr-x 1 grudd Domain U 0 Apr 23 20:17 . >drwxr-xr-x 1 grudd Domain U 4096 Apr 23 21:24 .. >-rw------- 1 grudd Domain U 331 Apr 23 19:37 authorized_hosts >-rw------- 1 grudd Domain U 1204 Apr 23 19:36 authorized_hosts2 >-rw------- 1 grudd Domain U 668 Apr 22 18:20 foo >-rw------- 1 grudd Domain U 602 Apr 22 18:20 foo.pub >-rw------- 1 grudd Domain U 668 Apr 23 18:32 id_dsa >-rw------- 1 grudd Domain U 602 Apr 23 18:32 id_dsa.pub >-rw------- 1 grudd Domain U 527 Apr 23 18:03 id_rsa >-rw------- 1 grudd Domain U 331 Apr 23 18:03 id_rsa.pub >-rw------- 1 grudd Domain U 527 Apr 23 19:05 identity >-rw------- 1 grudd Domain U 331 Apr 23 19:05 identity.pub >-rw------- 1 grudd Domain U 220 Apr 23 20:17 known_hosts > >I have been working on this for a couple of days and I am now stumped for a >solution any ideas from the experts here?? > > >Thanks in advance -greg > > >Debug output from the client trying to ssh via public key authentication to >localhost > > >$ ssh -vvv grudd AT localhost >OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004 >debug1: Reading configuration data /etc/ssh_config >debug3: cipher ok: aes128-cbc >[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc] >debug3: cipher ok: 3des-cbc >[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc] >debug3: cipher ok: blowfish-cbc >[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc] >debug3: cipher ok: cast128-cbc >[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc] >debug3: cipher ok: arcfour >[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc] >debug3: cipher ok: aes192-cbc >[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc] >debug3: cipher ok: aes256-cbc >[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc] >debug3: ciphers ok: >[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc] >debug2: ssh_connect: needpriv 0 >debug1: Connecting to localhost [127.0.0.1] port 22. >debug1: Connection established. >debug3: Not a RSA1 key file //crescent/grudd/.ssh/id_dsa. >debug2: key_type_from_name: unknown key type '-----BEGIN' >debug3: key_read: missing keytype >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug2: key_type_from_name: unknown key type '-----END' >debug3: key_read: missing keytype >debug1: identity file //crescent/grudd/.ssh/id_dsa type 2 >debug1: identity file //crescent/grudd/.ssh/identity type 0 >debug1: identity file //crescent/grudd/.ssh/id_rsa type 0 >debug3: Not a RSA1 key file //crescent/grudd/.ssh/id_dsa. >debug2: key_type_from_name: unknown key type '-----BEGIN' >debug3: key_read: missing keytype >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug2: key_type_from_name: unknown key type '-----END' >debug3: key_read: missing keytype >debug1: identity file //crescent/grudd/.ssh/id_dsa type 2 >debug1: Remote protocol version 2.0, remote software version >OpenSSH_3.8.1p1 >debug1: match: OpenSSH_3.8.1p1 pat OpenSSH* >debug1: Enabling compatibility mode for protocol 2.0 >debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 >debug1: SSH2_MSG_KEXINIT sent >debug1: SSH2_MSG_KEXINIT received >debug2: kex_parse_kexinit: >diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 >debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >debug2: kex_parse_kexinit: >aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc >debug2: kex_parse_kexinit: >aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc >debug2: kex_parse_kexinit: >hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm >ac-md5-96 >debug2: kex_parse_kexinit: >hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm >ac-md5-96 >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: first_kex_follows 0 >debug2: kex_parse_kexinit: reserved 0 >debug2: kex_parse_kexinit: >diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 >debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >debug2: kex_parse_kexinit: >aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r >ijndael-cbc AT lysator DOT liu DOT se,aes128-ctr,aes192-ctr,aes256-ctr >debug2: kex_parse_kexinit: >aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r >ijndael-cbc AT lysator DOT liu DOT se,aes128-ctr,aes192-ctr,aes256-ctr >debug2: kex_parse_kexinit: >hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm >ac-md5-96 >debug2: kex_parse_kexinit: >hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm >ac-md5-96 >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: first_kex_follows 0 >debug2: kex_parse_kexinit: reserved 0 >debug2: mac_init: found hmac-md5 >debug1: kex: server->client aes128-cbc hmac-md5 none >debug2: mac_init: found hmac-md5 >debug1: kex: client->server aes128-cbc hmac-md5 none >debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent >debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP >debug2: dh_gen_key: priv key bits set: 143/256 >debug2: bits set: 524/1024 >debug1: SSH2_MSG_KEX_DH_GEX_INIT sent >debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY >debug3: check_host_in_hostfile: filename //crescent/grudd/.ssh/known_hosts >debug3: check_host_in_hostfile: match line 1 >debug1: Host 'localhost' is known and matches the RSA host key. >debug1: Found key in //crescent/grudd/.ssh/known_hosts:1 >debug2: bits set: 496/1024 >debug1: ssh_rsa_verify: signature correct >debug2: kex_derive_keys >debug2: set_newkeys: mode 1 >debug1: SSH2_MSG_NEWKEYS sent >debug1: expecting SSH2_MSG_NEWKEYS >debug2: set_newkeys: mode 0 >debug1: SSH2_MSG_NEWKEYS received >debug1: SSH2_MSG_SERVICE_REQUEST sent >debug2: service_accept: ssh-userauth >debug1: SSH2_MSG_SERVICE_ACCEPT received >debug2: key: //crescent/grudd/.ssh/id_dsa (0x100f24e0) >debug2: key: //crescent/grudd/.ssh/id_dsa (0x100e9218) >debug1: Authentications that can continue: >publickey,password,keyboard-interactive >debug3: start over, passed a different list >publickey,password,keyboard-interactive >debug3: preferred publickey,keyboard-interactive,password >debug3: authmethod_lookup publickey >debug3: remaining preferred: keyboard-interactive,password >debug3: authmethod_is_enabled publickey >debug1: Next authentication method: publickey >debug1: Offering public key: //crescent/grudd/.ssh/id_dsa >debug3: send_pubkey_test >debug2: we sent a publickey packet, wait for reply >debug1: Authentications that can continue: >publickey,password,keyboard-interactive >debug1: Offering public key: //crescent/grudd/.ssh/id_dsa >debug3: send_pubkey_test >debug2: we sent a publickey packet, wait for reply >debug1: Authentications that can continue: >publickey,password,keyboard-interactive >debug2: we did not send a packet, disable method >debug3: authmethod_lookup keyboard-interactive >debug3: remaining preferred: password >debug3: authmethod_is_enabled keyboard-interactive >debug1: Next authentication method: keyboard-interactive >debug2: userauth_kbdint >debug2: we sent a keyboard-interactive packet, wait for reply >debug1: Authentications that can continue: >publickey,password,keyboard-interactive >debug3: userauth_kbdint: disable: no info_req_seen >debug2: we did not send a packet, disable method >debug3: authmethod_lookup password >debug3: remaining preferred: >debug3: authmethod_is_enabled password >debug1: Next authentication method: password >grudd AT localhost's password: > > > >Debug output from the server. > > >debug2: read_server_config: filename /etc/sshd_config >debug1: sshd version OpenSSH_3.8.1p1 >debug1: private host key: #0 type 0 RSA1 >debug3: Not a RSA1 key file /etc/ssh_host_rsa_key. >debug1: read PEM private key done: type RSA >debug1: private host key: #1 type 1 RSA >debug3: Not a RSA1 key file /etc/ssh_host_dsa_key. >debug1: read PEM private key done: type DSA >debug1: private host key: #2 type 2 DSA >debug1: Bind to port 22 on 0.0.0.0. >Server listening on 0.0.0.0 port 22. >Generating 768 bit RSA key. >RSA key generation complete. >debug1: Server will not fork when running in debugging mode. >Connection from 127.0.0.1 port 3545 >debug1: Client protocol version 2.0; client software version >OpenSSH_3.8.1p1 >debug1: match: OpenSSH_3.8.1p1 pat OpenSSH* >debug1: Enabling compatibility mode for protocol 2.0 >debug1: Local version string SSH-1.99-OpenSSH_3.8.1p1 >debug2: Network child is on pid 1572 >debug3: preauth child monitor started >debug3: mm_request_receive entering >debug1: list_hostkey_types: ssh-rsa,ssh-dss >debug1: SSH2_MSG_KEXINIT sent >debug1: SSH2_MSG_KEXINIT received >debug2: kex_parse_kexinit: >diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 >debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >debug2: kex_parse_kexinit: >aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r >ijndael-cbc AT lysator DOT liu DOT se,aes128-ctr,aes192-ctr,aes256-ctr >debug2: kex_parse_kexinit: >aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r >ijndael-cbc AT lysator DOT liu DOT se,aes128-ctr,aes192-ctr,aes256-ctr >debug2: kex_parse_kexinit: >hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm >ac-md5-96 >debug2: kex_parse_kexinit: >hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm >ac-md5-96 >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: first_kex_follows 0 >debug2: kex_parse_kexinit: reserved 0 >debug2: kex_parse_kexinit: >diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 >debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >debug2: kex_parse_kexinit: >aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r >ijndael-cbc AT lysator DOT liu DOT se,aes128-ctr,aes192-ctr,aes256-ctr >debug2: kex_parse_kexinit: >aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r >ijndael-cbc AT lysator DOT liu DOT se,aes128-ctr,aes192-ctr,aes256-ctr >debug2: kex_parse_kexinit: >hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm >ac-md5-96 >debug2: kex_parse_kexinit: >hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm >ac-md5-96 >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: first_kex_follows 0 >debug2: kex_parse_kexinit: reserved 0 >debug2: mac_init: found hmac-md5 >debug1: kex: client->server aes128-cbc hmac-md5 none >debug2: mac_init: found hmac-md5 >debug3: mm_request_send entering: type 5 >debug2: monitor_read: 4 used once, disabling now >debug3: mm_request_receive entering >debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN >debug3: mm_request_receive_expect entering: type 5 >debug3: mm_request_receive entering >debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent >debug2: kex_derive_keys >debug2: set_newkeys: mode 1 >debug1: SSH2_MSG_NEWKEYS sent >debug1: expecting SSH2_MSG_NEWKEYS >Connection closed by 127.0.0.1 >debug1: do_cleanup >debug1: do_cleanup >debug2: read_server_config: filename /etc/sshd_config >debug1: sshd version OpenSSH_3.8.1p1 >debug1: private host key: #0 type 0 RSA1 >debug3: Not a RSA1 key file /etc/ssh_host_rsa_key. >debug1: read PEM private key done: type RSA >debug1: private host key: #1 type 1 RSA >debug3: Not a RSA1 key file /etc/ssh_host_dsa_key. >debug1: read PEM private key done: type DSA >debug1: private host key: #2 type 2 DSA > > > > ssh_config file > > > >-- >Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >Problem reports: http://cygwin.com/problems.html >Documentation: http://cygwin.com/docs.html >FAQ: http://cygwin.com/faq/ > _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar – get it now! http://toolbar.msn.com/go/onm00200415ave/direct/01/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/