Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com X-Originating-IP: [66.146.167.234] X-Originating-Email: [karlm30 AT hotmail DOT com] X-Sender: karlm30 AT hotmail DOT com From: "Karl M" Cc: cygwin AT cygwin DOT com Subject: Re: OpenSSH public key authentication woes Date: Mon, 26 Apr 2004 09:12:45 -0700 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 26 Apr 2004 16:12:45.0850 (UTC) FILETIME=[4F9EEFA0:01C42BA9] X-IsSubscribed: yes Hi Greg... Try setting your authorized_keys to 644 for now. If that doesn't work, take a look at the problem reporting section on the Cygwin web page. This list would need more information to help further. Thanks, ...Karl >From: Greg Rudd >To: Karl M >CC: >Subject: Re: OpenSSH public key authentication woes >Date: Mon, 26 Apr 2004 18:36:41 +1000 > >On 26/4/04 4:33 pm, "Karl M" wrote: > > > Hi Greg... > > > > I don't see an authorized_keys file in your .ssh directory. It should > > contain the public keys for those users/hosts that are permitted to do > > public key authentication. Just cat the public keys you want together to > > make your authorized_keys file. Then make sure that it is readable by >your > > sshd (ssh server). > > > > HTH > > > > ...Karl > >Hi Karl et al > >I named the files accidentally named the files authorized_hosts instead of >keys. I have corrected this but to no avail. To make the files readable >by >the server I take it that you need to set the modes to 600 for the >authorized_key files (which I have done) > > > > > >> From: Greg Rudd > >> To: > >> CC: Didier Debuf > >> Subject: OpenSSH public key authentication woes > >> Date: Mon, 26 Apr 2004 16:04:41 +1000 > >> > >> Hi All > >> > >> I am trying to get public-key authentication working with openSSH under > >> cygwin. I have been looking on the net and found numorious references >to > >> this problem but noone has posted a summary so as to prevent further >emails > >> on this subject to the list. > >> > >> What is stange is that in testing I can do public key authentication to >the > >> commercial version of SSH which in my case is an alpha (Tru64 4.0g and > >> 5.1a) > >> running 3.2.9.1 but yet can not do public key authentication either to >the > >> local host or from another host. > >> > >> > >> I have checked the ssh_config and sshd_config files and both have > >> RSAAuthetication and Public key authentication are enabled as well as > >> Protocol 2,1 listed in both files and the identity files listed in the > >> /etc/ssh_config file are: > >> > >> IdentityFile ~/.ssh/id_dsa > >> IdentityFile ~/.ssh/identity > >> IdentityFile ~/.ssh/id_rsa > >> IdentityFile ~/.ssh/id_dsa > >> > >> And the contents of the .ssh directory are > >> drwxr-xr-x 1 grudd Domain U 0 Apr 23 20:17 . > >> drwxr-xr-x 1 grudd Domain U 4096 Apr 23 21:24 .. > >> -rw------- 1 grudd Domain U 331 Apr 23 19:37 >authorized_hosts > >> -rw------- 1 grudd Domain U 1204 Apr 23 19:36 >authorized_hosts2 > >> -rw------- 1 grudd Domain U 668 Apr 22 18:20 foo > >> -rw------- 1 grudd Domain U 602 Apr 22 18:20 foo.pub > >> -rw------- 1 grudd Domain U 668 Apr 23 18:32 id_dsa > >> -rw------- 1 grudd Domain U 602 Apr 23 18:32 id_dsa.pub > >> -rw------- 1 grudd Domain U 527 Apr 23 18:03 id_rsa > >> -rw------- 1 grudd Domain U 331 Apr 23 18:03 id_rsa.pub > >> -rw------- 1 grudd Domain U 527 Apr 23 19:05 identity > >> -rw------- 1 grudd Domain U 331 Apr 23 19:05 identity.pub > >> -rw------- 1 grudd Domain U 220 Apr 23 20:17 known_hosts > >> > >> I have been working on this for a couple of days and I am now stumped >for a > >> solution any ideas from the experts here?? > >> > >> > >> Thanks in advance -greg > >> > >> > >> Debug output from the client trying to ssh via public key >authentication to > >> localhost > >> > >> > >> $ ssh -vvv grudd AT localhost > >> OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004 > >> debug1: Reading configuration data /etc/ssh_config > >> debug3: cipher ok: aes128-cbc > >> >[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc] > >> debug3: cipher ok: 3des-cbc > >> >[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc] > >> debug3: cipher ok: blowfish-cbc > >> >[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc] > >> debug3: cipher ok: cast128-cbc > >> >[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc] > >> debug3: cipher ok: arcfour > >> >[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc] > >> debug3: cipher ok: aes192-cbc > >> >[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc] > >> debug3: cipher ok: aes256-cbc > >> >[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc] > >> debug3: ciphers ok: > >> >[aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc] > >> debug2: ssh_connect: needpriv 0 > >> debug1: Connecting to localhost [127.0.0.1] port 22. > >> debug1: Connection established. > >> debug3: Not a RSA1 key file //crescent/grudd/.ssh/id_dsa. > >> debug2: key_type_from_name: unknown key type '-----BEGIN' > >> debug3: key_read: missing keytype > >> debug3: key_read: missing whitespace > >> debug3: key_read: missing whitespace > >> debug3: key_read: missing whitespace > >> debug3: key_read: missing whitespace > >> debug3: key_read: missing whitespace > >> debug3: key_read: missing whitespace > >> debug3: key_read: missing whitespace > >> debug3: key_read: missing whitespace > >> debug3: key_read: missing whitespace > >> debug3: key_read: missing whitespace > >> debug2: key_type_from_name: unknown key type '-----END' > >> debug3: key_read: missing keytype > >> debug1: identity file //crescent/grudd/.ssh/id_dsa type 2 > >> debug1: identity file //crescent/grudd/.ssh/identity type 0 > >> debug1: identity file //crescent/grudd/.ssh/id_rsa type 0 > >> debug3: Not a RSA1 key file //crescent/grudd/.ssh/id_dsa. > >> debug2: key_type_from_name: unknown key type '-----BEGIN' > >> debug3: key_read: missing keytype > >> debug3: key_read: missing whitespace > >> debug3: key_read: missing whitespace > >> debug3: key_read: missing whitespace > >> debug3: key_read: missing whitespace > >> debug3: key_read: missing whitespace > >> debug3: key_read: missing whitespace > >> debug3: key_read: missing whitespace > >> debug3: key_read: missing whitespace > >> debug3: key_read: missing whitespace > >> debug3: key_read: missing whitespace > >> debug2: key_type_from_name: unknown key type '-----END' > >> debug3: key_read: missing keytype > >> debug1: identity file //crescent/grudd/.ssh/id_dsa type 2 > >> debug1: Remote protocol version 2.0, remote software version > >> OpenSSH_3.8.1p1 > >> debug1: match: OpenSSH_3.8.1p1 pat OpenSSH* > >> debug1: Enabling compatibility mode for protocol 2.0 > >> debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 > >> debug1: SSH2_MSG_KEXINIT sent > >> debug1: SSH2_MSG_KEXINIT received > >> debug2: kex_parse_kexinit: > >> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > >> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > >> debug2: kex_parse_kexinit: > >> >aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc > >> debug2: kex_parse_kexinit: > >> >aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc > >> debug2: kex_parse_kexinit: > >> >hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm > >> ac-md5-96 > >> debug2: kex_parse_kexinit: > >> >hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm > >> ac-md5-96 > >> debug2: kex_parse_kexinit: none,zlib > >> debug2: kex_parse_kexinit: none,zlib > >> debug2: kex_parse_kexinit: > >> debug2: kex_parse_kexinit: > >> debug2: kex_parse_kexinit: first_kex_follows 0 > >> debug2: kex_parse_kexinit: reserved 0 > >> debug2: kex_parse_kexinit: > >> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > >> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > >> debug2: kex_parse_kexinit: > >> >aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r > >> ijndael-cbc AT lysator DOT liu DOT se,aes128-ctr,aes192-ctr,aes256-ctr > >> debug2: kex_parse_kexinit: > >> >aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r > >> ijndael-cbc AT lysator DOT liu DOT se,aes128-ctr,aes192-ctr,aes256-ctr > >> debug2: kex_parse_kexinit: > >> >hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm > >> ac-md5-96 > >> debug2: kex_parse_kexinit: > >> >hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm > >> ac-md5-96 > >> debug2: kex_parse_kexinit: none,zlib > >> debug2: kex_parse_kexinit: none,zlib > >> debug2: kex_parse_kexinit: > >> debug2: kex_parse_kexinit: > >> debug2: kex_parse_kexinit: first_kex_follows 0 > >> debug2: kex_parse_kexinit: reserved 0 > >> debug2: mac_init: found hmac-md5 > >> debug1: kex: server->client aes128-cbc hmac-md5 none > >> debug2: mac_init: found hmac-md5 > >> debug1: kex: client->server aes128-cbc hmac-md5 none > >> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > >> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > >> debug2: dh_gen_key: priv key bits set: 143/256 > >> debug2: bits set: 524/1024 > >> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > >> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > >> debug3: check_host_in_hostfile: filename >//crescent/grudd/.ssh/known_hosts > >> debug3: check_host_in_hostfile: match line 1 > >> debug1: Host 'localhost' is known and matches the RSA host key. > >> debug1: Found key in //crescent/grudd/.ssh/known_hosts:1 > >> debug2: bits set: 496/1024 > >> debug1: ssh_rsa_verify: signature correct > >> debug2: kex_derive_keys > >> debug2: set_newkeys: mode 1 > >> debug1: SSH2_MSG_NEWKEYS sent > >> debug1: expecting SSH2_MSG_NEWKEYS > >> debug2: set_newkeys: mode 0 > >> debug1: SSH2_MSG_NEWKEYS received > >> debug1: SSH2_MSG_SERVICE_REQUEST sent > >> debug2: service_accept: ssh-userauth > >> debug1: SSH2_MSG_SERVICE_ACCEPT received > >> debug2: key: //crescent/grudd/.ssh/id_dsa (0x100f24e0) > >> debug2: key: //crescent/grudd/.ssh/id_dsa (0x100e9218) > >> debug1: Authentications that can continue: > >> publickey,password,keyboard-interactive > >> debug3: start over, passed a different list > >> publickey,password,keyboard-interactive > >> debug3: preferred publickey,keyboard-interactive,password > >> debug3: authmethod_lookup publickey > >> debug3: remaining preferred: keyboard-interactive,password > >> debug3: authmethod_is_enabled publickey > >> debug1: Next authentication method: publickey > >> debug1: Offering public key: //crescent/grudd/.ssh/id_dsa > >> debug3: send_pubkey_test > >> debug2: we sent a publickey packet, wait for reply > >> debug1: Authentications that can continue: > >> publickey,password,keyboard-interactive > >> debug1: Offering public key: //crescent/grudd/.ssh/id_dsa > >> debug3: send_pubkey_test > >> debug2: we sent a publickey packet, wait for reply > >> debug1: Authentications that can continue: > >> publickey,password,keyboard-interactive > >> debug2: we did not send a packet, disable method > >> debug3: authmethod_lookup keyboard-interactive > >> debug3: remaining preferred: password > >> debug3: authmethod_is_enabled keyboard-interactive > >> debug1: Next authentication method: keyboard-interactive > >> debug2: userauth_kbdint > >> debug2: we sent a keyboard-interactive packet, wait for reply > >> debug1: Authentications that can continue: > >> publickey,password,keyboard-interactive > >> debug3: userauth_kbdint: disable: no info_req_seen > >> debug2: we did not send a packet, disable method > >> debug3: authmethod_lookup password > >> debug3: remaining preferred: > >> debug3: authmethod_is_enabled password > >> debug1: Next authentication method: password > >> grudd AT localhost's password: > >> > >> > >> > >> Debug output from the server. > >> > >> > >> debug2: read_server_config: filename /etc/sshd_config > >> debug1: sshd version OpenSSH_3.8.1p1 > >> debug1: private host key: #0 type 0 RSA1 > >> debug3: Not a RSA1 key file /etc/ssh_host_rsa_key. > >> debug1: read PEM private key done: type RSA > >> debug1: private host key: #1 type 1 RSA > >> debug3: Not a RSA1 key file /etc/ssh_host_dsa_key. > >> debug1: read PEM private key done: type DSA > >> debug1: private host key: #2 type 2 DSA > >> debug1: Bind to port 22 on 0.0.0.0. > >> Server listening on 0.0.0.0 port 22. > >> Generating 768 bit RSA key. > >> RSA key generation complete. > >> debug1: Server will not fork when running in debugging mode. > >> Connection from 127.0.0.1 port 3545 > >> debug1: Client protocol version 2.0; client software version > >> OpenSSH_3.8.1p1 > >> debug1: match: OpenSSH_3.8.1p1 pat OpenSSH* > >> debug1: Enabling compatibility mode for protocol 2.0 > >> debug1: Local version string SSH-1.99-OpenSSH_3.8.1p1 > >> debug2: Network child is on pid 1572 > >> debug3: preauth child monitor started > >> debug3: mm_request_receive entering > >> debug1: list_hostkey_types: ssh-rsa,ssh-dss > >> debug1: SSH2_MSG_KEXINIT sent > >> debug1: SSH2_MSG_KEXINIT received > >> debug2: kex_parse_kexinit: > >> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > >> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > >> debug2: kex_parse_kexinit: > >> >aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r > >> ijndael-cbc AT lysator DOT liu DOT se,aes128-ctr,aes192-ctr,aes256-ctr > >> debug2: kex_parse_kexinit: > >> >aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r > >> ijndael-cbc AT lysator DOT liu DOT se,aes128-ctr,aes192-ctr,aes256-ctr > >> debug2: kex_parse_kexinit: > >> >hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm > >> ac-md5-96 > >> debug2: kex_parse_kexinit: > >> >hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm > >> ac-md5-96 > >> debug2: kex_parse_kexinit: none,zlib > >> debug2: kex_parse_kexinit: none,zlib > >> debug2: kex_parse_kexinit: > >> debug2: kex_parse_kexinit: > >> debug2: kex_parse_kexinit: first_kex_follows 0 > >> debug2: kex_parse_kexinit: reserved 0 > >> debug2: kex_parse_kexinit: > >> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > >> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > >> debug2: kex_parse_kexinit: > >> >aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r > >> ijndael-cbc AT lysator DOT liu DOT se,aes128-ctr,aes192-ctr,aes256-ctr > >> debug2: kex_parse_kexinit: > >> >aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r > >> ijndael-cbc AT lysator DOT liu DOT se,aes128-ctr,aes192-ctr,aes256-ctr > >> debug2: kex_parse_kexinit: > >> >hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm > >> ac-md5-96 > >> debug2: kex_parse_kexinit: > >> >hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hm > >> ac-md5-96 > >> debug2: kex_parse_kexinit: none,zlib > >> debug2: kex_parse_kexinit: none,zlib > >> debug2: kex_parse_kexinit: > >> debug2: kex_parse_kexinit: > >> debug2: kex_parse_kexinit: first_kex_follows 0 > >> debug2: kex_parse_kexinit: reserved 0 > >> debug2: mac_init: found hmac-md5 > >> debug1: kex: client->server aes128-cbc hmac-md5 none > >> debug2: mac_init: found hmac-md5 > >> debug3: mm_request_send entering: type 5 > >> debug2: monitor_read: 4 used once, disabling now > >> debug3: mm_request_receive entering > >> debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN > >> debug3: mm_request_receive_expect entering: type 5 > >> debug3: mm_request_receive entering > >> debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent > >> debug2: kex_derive_keys > >> debug2: set_newkeys: mode 1 > >> debug1: SSH2_MSG_NEWKEYS sent > >> debug1: expecting SSH2_MSG_NEWKEYS > >> Connection closed by 127.0.0.1 > >> debug1: do_cleanup > >> debug1: do_cleanup > >> debug2: read_server_config: filename /etc/sshd_config > >> debug1: sshd version OpenSSH_3.8.1p1 > >> debug1: private host key: #0 type 0 RSA1 > >> debug3: Not a RSA1 key file /etc/ssh_host_rsa_key. > >> debug1: read PEM private key done: type RSA > >> debug1: private host key: #1 type 1 RSA > >> debug3: Not a RSA1 key file /etc/ssh_host_dsa_key. > >> debug1: read PEM private key done: type DSA > >> debug1: private host key: #2 type 2 DSA > >> > >> > >> > >> ssh_config file > >> > >> > >> > >> -- > >> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > >> Problem reports: http://cygwin.com/problems.html > >> Documentation: http://cygwin.com/docs.html > >> FAQ: http://cygwin.com/faq/ > >> > > > > _________________________________________________________________ > > FREE pop-up blocking with the new MSN Toolbar ­ get it now! > > http://toolbar.msn.com/go/onm00200415ave/direct/01/ > > > > > > -- > > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > > Problem reports: http://cygwin.com/problems.html > > Documentation: http://cygwin.com/docs.html > > FAQ: http://cygwin.com/faq/ > > > > > > >-- >Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >Problem reports: http://cygwin.com/problems.html >Documentation: http://cygwin.com/docs.html >FAQ: http://cygwin.com/faq/ > _________________________________________________________________ Test your ‘Travel Quotient’ and get the chance to win your dream trip! http://travel.msn.com -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/