Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Originating-IP: [68.101.155.172]
X-Originating-Email: [karlm30 AT hotmail DOT com]
X-Sender: karlm30 AT hotmail DOT com
From: "Karl M" <karlm30 AT hotmail DOT com>
To: cygwin AT cygwin DOT com
Subject: RE: OpenSSH public key authentication woes
Date: Sun, 25 Apr 2004 23:33:13 -0700
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <BAY10-F5H4dkE5tjI2c0000288a@hotmail.com>
X-OriginalArrivalTime: 26 Apr 2004 06:33:13.0907 (UTC) FILETIME=[59ED8030:01C42B58]
X-IsSubscribed: yes

Hi Greg...

I don't see an authorized_keys file in your .ssh directory. It should 
contain the public keys for those users/hosts that are permitted to do 
public key authentication. Just cat the public keys you want together to 
make your authorized_keys file. Then make sure that it is readable by your 
sshd (ssh server).

HTH

...Karl


>From: Greg Rudd
>To: <cygwin AT cygwin DOT com>
>CC: Didier Debuf
>Subject: OpenSSH public key authentication woes
>Date: Mon, 26 Apr 2004 16:04:41 +1000
>
>Hi All
>
>I am trying to get public-key authentication working with openSSH under
>cygwin.  I have been looking on the net and found numorious references to
>this problem but noone has posted a summary so as to prevent further emails
>on this subject to the list.
>
>What is stange is that in testing I can do public key authentication to the
>commercial version of SSH which in my case is an alpha (Tru64 4.0g and 
>5.1a)
>running 3.2.9.1 but yet can not do public key authentication either to the
>local host or from another host.
>
>
>I have checked the ssh_config and sshd_config files and both have
>RSAAuthetication and Public key authentication are enabled as well as
>Protocol 2,1 listed in both files and the identity files listed in the
>/etc/ssh_config file are:
>
>    IdentityFile ~/.ssh/id_dsa
>    IdentityFile ~/.ssh/identity
>    IdentityFile ~/.ssh/id_rsa
>    IdentityFile ~/.ssh/id_dsa
>
>And the contents of the .ssh directory are
>drwxr-xr-x    1 grudd    Domain U        0 Apr 23 20:17 .
>drwxr-xr-x    1 grudd    Domain U     4096 Apr 23 21:24 ..
>-rw-------    1 grudd    Domain U      331 Apr 23 19:37 authorized_hosts
>-rw-------    1 grudd    Domain U     1204 Apr 23 19:36 authorized_hosts2
>-rw-------    1 grudd    Domain U      668 Apr 22 18:20 foo
>-rw-------    1 grudd    Domain U      602 Apr 22 18:20 foo.pub
>-rw-------    1 grudd    Domain U      668 Apr 23 18:32 id_dsa
>-rw-------    1 grudd    Domain U      602 Apr 23 18:32 id_dsa.pub
>-rw-------    1 grudd    Domain U      527 Apr 23 18:03 id_rsa
>-rw-------    1 grudd    Domain U      331 Apr 23 18:03 id_rsa.pub
>-rw-------    1 grudd    Domain U      527 Apr 23 19:05 identity
>-rw-------    1 grudd    Domain U      331 Apr 23 19:05 identity.pub
>-rw-------    1 grudd    Domain U      220 Apr 23 20:17 known_hosts
>
>I have been working on this for a couple of days and I am now stumped for a
>solution any ideas from the experts here??
>
>
>Thanks in advance -greg
>
>
>Debug output from the client trying to ssh via public key authentication to
>localhost
>
>
>$ ssh -vvv grudd AT localhost
>OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
>debug1: Reading configuration data /etc/ssh_config
>debug3: cipher ok: aes128-cbc
>[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>debug3: cipher ok: 3des-cbc
>[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>debug3: cipher ok: blowfish-cbc
>[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>debug3: cipher ok: cast128-cbc
>[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>debug3: cipher ok: arcfour
>[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>debug3: cipher ok: aes192-cbc
>[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>debug3: cipher ok: aes256-cbc
>[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>debug3: ciphers ok:
>[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>debug2: ssh_connect: needpriv 0
>debug1: Connecting to localhost [127.0.0.1] port 22.
>debug1: Connection established.
>debug3: Not a RSA1 key file //crescent/grudd/.ssh/id_dsa.
>debug2: key_type_from_name: unknown key type '-----BEGIN'
>debug3: key_read: missing keytype
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug2: key_type_from_name: unknown key type '-----END'
>debug3: key_read: missing keytype
>debug1: identity file //crescent/grudd/.ssh/id_dsa type 2
>debug1: identity file //crescent/grudd/.ssh/identity type 0
>debug1: identity file //crescent/grudd/.ssh/id_rsa type 0
>debug3: Not a RSA1 key file //crescent/grudd/.ssh/id_dsa.
>debug2: key_type_from_name: unknown key type '-----BEGIN'
>debug3: key_read: missing keytype
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug2: key_type_from_name: unknown key type '-----END'
>debug3: key_read: missing keytype
>debug1: identity file //crescent/grudd/.ssh/id_dsa type 2
>debug1: Remote protocol version 2.0, remote software version 
>OpenSSH_3.8.1p1
>debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*
>debug1: Enabling compatibility mode for protocol 2.0
>debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
>debug1: SSH2_MSG_KEXINIT sent
>debug1: SSH2_MSG_KEXINIT received
>debug2: kex_parse_kexinit:
>diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>debug2: kex_parse_kexinit:
>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
>debug2: kex_parse_kexinit:
>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
>debug2: kex_parse_kexinit:
>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm
>ac-md5-96
>debug2: kex_parse_kexinit:
>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm
>ac-md5-96
>debug2: kex_parse_kexinit: none,zlib
>debug2: kex_parse_kexinit: none,zlib
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit: first_kex_follows 0
>debug2: kex_parse_kexinit: reserved 0
>debug2: kex_parse_kexinit:
>diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>debug2: kex_parse_kexinit:
>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
>ijndael-cbc AT lysator DOT liu DOT se,aes128-ctr,aes192-ctr,aes256-ctr
>debug2: kex_parse_kexinit:
>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
>ijndael-cbc AT lysator DOT liu DOT se,aes128-ctr,aes192-ctr,aes256-ctr
>debug2: kex_parse_kexinit:
>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm
>ac-md5-96
>debug2: kex_parse_kexinit:
>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm
>ac-md5-96
>debug2: kex_parse_kexinit: none,zlib
>debug2: kex_parse_kexinit: none,zlib
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit: first_kex_follows 0
>debug2: kex_parse_kexinit: reserved 0
>debug2: mac_init: found hmac-md5
>debug1: kex: server->client aes128-cbc hmac-md5 none
>debug2: mac_init: found hmac-md5
>debug1: kex: client->server aes128-cbc hmac-md5 none
>debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>debug2: dh_gen_key: priv key bits set: 143/256
>debug2: bits set: 524/1024
>debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>debug3: check_host_in_hostfile: filename //crescent/grudd/.ssh/known_hosts
>debug3: check_host_in_hostfile: match line 1
>debug1: Host 'localhost' is known and matches the RSA host key.
>debug1: Found key in //crescent/grudd/.ssh/known_hosts:1
>debug2: bits set: 496/1024
>debug1: ssh_rsa_verify: signature correct
>debug2: kex_derive_keys
>debug2: set_newkeys: mode 1
>debug1: SSH2_MSG_NEWKEYS sent
>debug1: expecting SSH2_MSG_NEWKEYS
>debug2: set_newkeys: mode 0
>debug1: SSH2_MSG_NEWKEYS received
>debug1: SSH2_MSG_SERVICE_REQUEST sent
>debug2: service_accept: ssh-userauth
>debug1: SSH2_MSG_SERVICE_ACCEPT received
>debug2: key: //crescent/grudd/.ssh/id_dsa (0x100f24e0)
>debug2: key: //crescent/grudd/.ssh/id_dsa (0x100e9218)
>debug1: Authentications that can continue:
>publickey,password,keyboard-interactive
>debug3: start over, passed a different list
>publickey,password,keyboard-interactive
>debug3: preferred publickey,keyboard-interactive,password
>debug3: authmethod_lookup publickey
>debug3: remaining preferred: keyboard-interactive,password
>debug3: authmethod_is_enabled publickey
>debug1: Next authentication method: publickey
>debug1: Offering public key: //crescent/grudd/.ssh/id_dsa
>debug3: send_pubkey_test
>debug2: we sent a publickey packet, wait for reply
>debug1: Authentications that can continue:
>publickey,password,keyboard-interactive
>debug1: Offering public key: //crescent/grudd/.ssh/id_dsa
>debug3: send_pubkey_test
>debug2: we sent a publickey packet, wait for reply
>debug1: Authentications that can continue:
>publickey,password,keyboard-interactive
>debug2: we did not send a packet, disable method
>debug3: authmethod_lookup keyboard-interactive
>debug3: remaining preferred: password
>debug3: authmethod_is_enabled keyboard-interactive
>debug1: Next authentication method: keyboard-interactive
>debug2: userauth_kbdint
>debug2: we sent a keyboard-interactive packet, wait for reply
>debug1: Authentications that can continue:
>publickey,password,keyboard-interactive
>debug3: userauth_kbdint: disable: no info_req_seen
>debug2: we did not send a packet, disable method
>debug3: authmethod_lookup password
>debug3: remaining preferred:
>debug3: authmethod_is_enabled password
>debug1: Next authentication method: password
>grudd AT localhost's password:
>
>
>
>Debug output from the server.
>
>
>debug2: read_server_config: filename /etc/sshd_config
>debug1: sshd version OpenSSH_3.8.1p1
>debug1: private host key: #0 type 0 RSA1
>debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
>debug1: read PEM private key done: type RSA
>debug1: private host key: #1 type 1 RSA
>debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
>debug1: read PEM private key done: type DSA
>debug1: private host key: #2 type 2 DSA
>debug1: Bind to port 22 on 0.0.0.0.
>Server listening on 0.0.0.0 port 22.
>Generating 768 bit RSA key.
>RSA key generation complete.
>debug1: Server will not fork when running in debugging mode.
>Connection from 127.0.0.1 port 3545
>debug1: Client protocol version 2.0; client software version 
>OpenSSH_3.8.1p1
>debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*
>debug1: Enabling compatibility mode for protocol 2.0
>debug1: Local version string SSH-1.99-OpenSSH_3.8.1p1
>debug2: Network child is on pid 1572
>debug3: preauth child monitor started
>debug3: mm_request_receive entering
>debug1: list_hostkey_types: ssh-rsa,ssh-dss
>debug1: SSH2_MSG_KEXINIT sent
>debug1: SSH2_MSG_KEXINIT received
>debug2: kex_parse_kexinit:
>diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>debug2: kex_parse_kexinit:
>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
>ijndael-cbc AT lysator DOT liu DOT se,aes128-ctr,aes192-ctr,aes256-ctr
>debug2: kex_parse_kexinit:
>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
>ijndael-cbc AT lysator DOT liu DOT se,aes128-ctr,aes192-ctr,aes256-ctr
>debug2: kex_parse_kexinit:
>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm
>ac-md5-96
>debug2: kex_parse_kexinit:
>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm
>ac-md5-96
>debug2: kex_parse_kexinit: none,zlib
>debug2: kex_parse_kexinit: none,zlib
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit: first_kex_follows 0
>debug2: kex_parse_kexinit: reserved 0
>debug2: kex_parse_kexinit:
>diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>debug2: kex_parse_kexinit:
>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
>ijndael-cbc AT lysator DOT liu DOT se,aes128-ctr,aes192-ctr,aes256-ctr
>debug2: kex_parse_kexinit:
>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
>ijndael-cbc AT lysator DOT liu DOT se,aes128-ctr,aes192-ctr,aes256-ctr
>debug2: kex_parse_kexinit:
>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm
>ac-md5-96
>debug2: kex_parse_kexinit:
>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm
>ac-md5-96
>debug2: kex_parse_kexinit: none,zlib
>debug2: kex_parse_kexinit: none,zlib
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit: first_kex_follows 0
>debug2: kex_parse_kexinit: reserved 0
>debug2: mac_init: found hmac-md5
>debug1: kex: client->server aes128-cbc hmac-md5 none
>debug2: mac_init: found hmac-md5
>debug3: mm_request_send entering: type 5
>debug2: monitor_read: 4 used once, disabling now
>debug3: mm_request_receive entering
>debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
>debug3: mm_request_receive_expect entering: type 5
>debug3: mm_request_receive entering
>debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
>debug2: kex_derive_keys
>debug2: set_newkeys: mode 1
>debug1: SSH2_MSG_NEWKEYS sent
>debug1: expecting SSH2_MSG_NEWKEYS
>Connection closed by 127.0.0.1
>debug1: do_cleanup
>debug1: do_cleanup
>debug2: read_server_config: filename /etc/sshd_config
>debug1: sshd version OpenSSH_3.8.1p1
>debug1: private host key: #0 type 0 RSA1
>debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
>debug1: read PEM private key done: type RSA
>debug1: private host key: #1 type 1 RSA
>debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
>debug1: read PEM private key done: type DSA
>debug1: private host key: #2 type 2 DSA
>
>
>
>  ssh_config file
>
>
>
>--
>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>Problem reports:       http://cygwin.com/problems.html
>Documentation:         http://cygwin.com/docs.html
>FAQ:                   http://cygwin.com/faq/
>

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now! 
http://toolbar.msn.com/go/onm00200415ave/direct/01/


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/