Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Authentication-Warning: slinky.cs.nyu.edu: pechtcha owned process doing -bs
Date: Mon, 26 Apr 2004 08:51:59 -0400 (EDT)
From: Igor Pechtchanski <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: Greg Rudd <G DOT Rudd AT isu DOT usyd DOT edu DOT au>
cc: cygwin AT cygwin DOT com
Subject: Re: OpenSSH public key authentication woes
In-Reply-To: <BCB30738.EED4%G.Rudd@isu.usyd.edu.au>
Message-ID: <Pine.GSO.4.56.0404260845540.23752@slinky.cs.nyu.edu>
References: <BCB30738.EED4%G DOT Rudd AT isu DOT usyd DOT edu DOT au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Scanned-By: MIMEDefang 2.39

On Mon, 26 Apr 2004, Greg Rudd wrote:

> On 26/4/04 4:33 pm, "Karl M" <karlm30 AT XXXXXXX DOT XXX> wrote:

<http://cygwin.com/acronyms/#PCYMTNQREAIYR>.

> > Hi Greg...
> >
> > I don't see an authorized_keys file in your .ssh directory. It should
> > contain the public keys for those users/hosts that are permitted to do
> > public key authentication. Just cat the public keys you want together to
> > make your authorized_keys file. Then make sure that it is readable by your
> > sshd (ssh server).
> >
> > HTH
> >
> > ...Karl
>
> Hi Karl et al
>
> I named the files accidentally named the files authorized_hosts instead
> of keys.  I have corrected this but to no avail.  To make the files
> readable by the server I take it that you need to set the modes to 600
> for the authorized_key files (which I have done)
          ^^^^^^^^^^^^^^
So, is it "authorized_keys", or something else?  Names are important,
otherwise sshd won't be able to find the files.  Also, mode 600 means
"readable/writeable for owner, not accessible by anyone else".  Unless you
run sshd as your user (unlikely), you'll need read access for SYSTEM.  Try
setting the mode to 644.
	Igor

> >> From: Greg Rudd
> >> To: <cygwin AT XXXXXX DOT XXX>
> >> CC: Didier Debuf
> >> Subject: OpenSSH public key authentication woes
> >> Date: Mon, 26 Apr 2004 16:04:41 +1000
> >>
> >> Hi All
> >>
> >> I am trying to get public-key authentication working with openSSH
> >> under cygwin.  I have been looking on the net and found numorious
> >> references to this problem but noone has posted a summary so as to
> >> prevent further emails on this subject to the list.
> >>
> >> What is stange is that in testing I can do public key authentication
> >> to the commercial version of SSH which in my case is an alpha (Tru64
> >> 4.0g and 5.1a) running 3.2.9.1 but yet can not do public key
> >> authentication either to the local host or from another host.
> >>
> >>
> >> I have checked the ssh_config and sshd_config files and both have
> >> RSAAuthetication and Public key authentication are enabled as well as
> >> Protocol 2,1 listed in both files and the identity files listed in the
> >> /etc/ssh_config file are:
> >>
> >>    IdentityFile ~/.ssh/id_dsa
> >>    IdentityFile ~/.ssh/identity
> >>    IdentityFile ~/.ssh/id_rsa
> >>    IdentityFile ~/.ssh/id_dsa
> >>
> >> And the contents of the .ssh directory are
> >> drwxr-xr-x    1 grudd    Domain U        0 Apr 23 20:17 .
> >> drwxr-xr-x    1 grudd    Domain U     4096 Apr 23 21:24 ..
> >> -rw-------    1 grudd    Domain U      331 Apr 23 19:37 authorized_hosts
> >> -rw-------    1 grudd    Domain U     1204 Apr 23 19:36 authorized_hosts2
> >> -rw-------    1 grudd    Domain U      668 Apr 22 18:20 foo
> >> -rw-------    1 grudd    Domain U      602 Apr 22 18:20 foo.pub
> >> -rw-------    1 grudd    Domain U      668 Apr 23 18:32 id_dsa
> >> -rw-------    1 grudd    Domain U      602 Apr 23 18:32 id_dsa.pub
> >> -rw-------    1 grudd    Domain U      527 Apr 23 18:03 id_rsa
> >> -rw-------    1 grudd    Domain U      331 Apr 23 18:03 id_rsa.pub
> >> -rw-------    1 grudd    Domain U      527 Apr 23 19:05 identity
> >> -rw-------    1 grudd    Domain U      331 Apr 23 19:05 identity.pub
> >> -rw-------    1 grudd    Domain U      220 Apr 23 20:17 known_hosts
> >>
> >> I have been working on this for a couple of days and I am now stumped
> >> for a solution any ideas from the experts here??
> >>
> >>
> >> Thanks in advance -greg
> >>
> >>
> >> Debug output from the client trying to ssh via public key authentication to
> >> localhost
> >>
> >>
> >> $ ssh -vvv grudd AT localhost
> >> OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
> >> [host debug output snipped]
> >>
> >> Debug output from the server.
> >> [server debug output snipped]
> >>
> >> debug2: read_server_config: filename /etc/sshd_config
> >> debug1: sshd version OpenSSH_3.8.1p1
> >> debug1: private host key: #0 type 0 RSA1
> >> debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
> >> debug1: read PEM private key done: type RSA
> >> debug1: private host key: #1 type 1 RSA
> >> debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
> >> debug1: read PEM private key done: type DSA
> >> debug1: private host key: #2 type 2 DSA
> >> debug1: Bind to port 22 on 0.0.0.0.
> >> Server listening on 0.0.0.0 port 22.
> >> Generating 768 bit RSA key.
> >> RSA key generation complete.
> >> debug1: Server will not fork when running in debugging mode.
> >> Connection from 127.0.0.1 port 3545
> >> debug1: Client protocol version 2.0; client software version
> >> OpenSSH_3.8.1p1
> >> debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*
> >> debug1: Enabling compatibility mode for protocol 2.0
> >> debug1: Local version string SSH-1.99-OpenSSH_3.8.1p1
> >> debug2: Network child is on pid 1572
> >> debug3: preauth child monitor started
> >> debug3: mm_request_receive entering
> >> debug1: list_hostkey_types: ssh-rsa,ssh-dss
> >> debug1: SSH2_MSG_KEXINIT sent
> >> debug1: SSH2_MSG_KEXINIT received
> >> debug2: kex_parse_kexinit:
> >> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> >> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> >> debug2: kex_parse_kexinit:
> >> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
> >> ijndael-cbc AT lysator DOT liu DOT se,aes128-ctr,aes192-ctr,aes256-ctr
> >> debug2: kex_parse_kexinit:
> >> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
> >> ijndael-cbc AT lysator DOT liu DOT se,aes128-ctr,aes192-ctr,aes256-ctr
> >> debug2: kex_parse_kexinit:
> >> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm
> >> ac-md5-96
> >> debug2: kex_parse_kexinit:
> >> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm
> >> ac-md5-96
> >> debug2: kex_parse_kexinit: none,zlib
> >> debug2: kex_parse_kexinit: none,zlib
> >> debug2: kex_parse_kexinit:
> >> debug2: kex_parse_kexinit:
> >> debug2: kex_parse_kexinit: first_kex_follows 0
> >> debug2: kex_parse_kexinit: reserved 0
> >> debug2: kex_parse_kexinit:
> >> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> >> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> >> debug2: kex_parse_kexinit:
> >> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
> >> ijndael-cbc AT lysator DOT liu DOT se,aes128-ctr,aes192-ctr,aes256-ctr
> >> debug2: kex_parse_kexinit:
> >> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
> >> ijndael-cbc AT lysator DOT liu DOT se,aes128-ctr,aes192-ctr,aes256-ctr
> >> debug2: kex_parse_kexinit:
> >> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm
> >> ac-md5-96
> >> debug2: kex_parse_kexinit:
> >> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm
> >> ac-md5-96
> >> debug2: kex_parse_kexinit: none,zlib
> >> debug2: kex_parse_kexinit: none,zlib
> >> debug2: kex_parse_kexinit:
> >> debug2: kex_parse_kexinit:
> >> debug2: kex_parse_kexinit: first_kex_follows 0
> >> debug2: kex_parse_kexinit: reserved 0
> >> debug2: mac_init: found hmac-md5
> >> debug1: kex: client->server aes128-cbc hmac-md5 none
> >> debug2: mac_init: found hmac-md5
> >> debug3: mm_request_send entering: type 5
> >> debug2: monitor_read: 4 used once, disabling now
> >> debug3: mm_request_receive entering
> >> debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
> >> debug3: mm_request_receive_expect entering: type 5
> >> debug3: mm_request_receive entering
> >> debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
> >> debug2: kex_derive_keys
> >> debug2: set_newkeys: mode 1
> >> debug1: SSH2_MSG_NEWKEYS sent
> >> debug1: expecting SSH2_MSG_NEWKEYS
> >> Connection closed by 127.0.0.1
> >> debug1: do_cleanup
> >> debug1: do_cleanup
> >> debug2: read_server_config: filename /etc/sshd_config
> >> debug1: sshd version OpenSSH_3.8.1p1
> >> debug1: private host key: #0 type 0 RSA1
> >> debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
> >> debug1: read PEM private key done: type RSA
> >> debug1: private host key: #1 type 1 RSA
> >> debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
> >> debug1: read PEM private key done: type DSA
> >> debug1: private host key: #2 type 2 DSA
> >>
> >>  ssh_config file

-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor AT watson DOT ibm DOT com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster."  -- Patrick Naughton

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/