This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: OpenSSH public key authentication woes


Hi Greg...

Try setting your authorized_keys to 644 for now. If that doesn't work, take a look at the problem reporting section on the Cygwin web page. This list would need more information to help further.

Thanks,

...Karl


From: Greg Rudd
To: Karl M
CC: <cygwin@cygwin.com>
Subject: Re: OpenSSH public key authentication woes
Date: Mon, 26 Apr 2004 18:36:41 +1000

On 26/4/04 4:33 pm, "Karl M" wrote:

> Hi Greg...
>
> I don't see an authorized_keys file in your .ssh directory. It should
> contain the public keys for those users/hosts that are permitted to do
> public key authentication. Just cat the public keys you want together to
> make your authorized_keys file. Then make sure that it is readable by your
> sshd (ssh server).
>
> HTH
>
> ...Karl


Hi Karl et al

I named the files accidentally named the files authorized_hosts instead of
keys. I have corrected this but to no avail. To make the files readable by
the server I take it that you need to set the modes to 600 for the
authorized_key files (which I have done)
>
>
>> From: Greg Rudd
>> To: <cygwin@cygwin.com>
>> CC: Didier Debuf
>> Subject: OpenSSH public key authentication woes
>> Date: Mon, 26 Apr 2004 16:04:41 +1000
>>
>> Hi All
>>
>> I am trying to get public-key authentication working with openSSH under
>> cygwin. I have been looking on the net and found numorious references to
>> this problem but noone has posted a summary so as to prevent further emails
>> on this subject to the list.
>>
>> What is stange is that in testing I can do public key authentication to the
>> commercial version of SSH which in my case is an alpha (Tru64 4.0g and
>> 5.1a)
>> running 3.2.9.1 but yet can not do public key authentication either to the
>> local host or from another host.
>>
>>
>> I have checked the ssh_config and sshd_config files and both have
>> RSAAuthetication and Public key authentication are enabled as well as
>> Protocol 2,1 listed in both files and the identity files listed in the
>> /etc/ssh_config file are:
>>
>> IdentityFile ~/.ssh/id_dsa
>> IdentityFile ~/.ssh/identity
>> IdentityFile ~/.ssh/id_rsa
>> IdentityFile ~/.ssh/id_dsa
>>
>> And the contents of the .ssh directory are
>> drwxr-xr-x 1 grudd Domain U 0 Apr 23 20:17 .
>> drwxr-xr-x 1 grudd Domain U 4096 Apr 23 21:24 ..
>> -rw------- 1 grudd Domain U 331 Apr 23 19:37 authorized_hosts
>> -rw------- 1 grudd Domain U 1204 Apr 23 19:36 authorized_hosts2
>> -rw------- 1 grudd Domain U 668 Apr 22 18:20 foo
>> -rw------- 1 grudd Domain U 602 Apr 22 18:20 foo.pub
>> -rw------- 1 grudd Domain U 668 Apr 23 18:32 id_dsa
>> -rw------- 1 grudd Domain U 602 Apr 23 18:32 id_dsa.pub
>> -rw------- 1 grudd Domain U 527 Apr 23 18:03 id_rsa
>> -rw------- 1 grudd Domain U 331 Apr 23 18:03 id_rsa.pub
>> -rw------- 1 grudd Domain U 527 Apr 23 19:05 identity
>> -rw------- 1 grudd Domain U 331 Apr 23 19:05 identity.pub
>> -rw------- 1 grudd Domain U 220 Apr 23 20:17 known_hosts
>>
>> I have been working on this for a couple of days and I am now stumped for a
>> solution any ideas from the experts here??
>>
>>
>> Thanks in advance -greg
>>
>>
>> Debug output from the client trying to ssh via public key authentication to
>> localhost
>>
>>
>> $ ssh -vvv grudd@localhost
>> OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
>> debug1: Reading configuration data /etc/ssh_config
>> debug3: cipher ok: aes128-cbc
>> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>> debug3: cipher ok: 3des-cbc
>> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>> debug3: cipher ok: blowfish-cbc
>> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>> debug3: cipher ok: cast128-cbc
>> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>> debug3: cipher ok: arcfour
>> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>> debug3: cipher ok: aes192-cbc
>> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>> debug3: cipher ok: aes256-cbc
>> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>> debug3: ciphers ok:
>> [aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc]
>> debug2: ssh_connect: needpriv 0
>> debug1: Connecting to localhost [127.0.0.1] port 22.
>> debug1: Connection established.
>> debug3: Not a RSA1 key file //crescent/grudd/.ssh/id_dsa.
>> debug2: key_type_from_name: unknown key type '-----BEGIN'
>> debug3: key_read: missing keytype
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug2: key_type_from_name: unknown key type '-----END'
>> debug3: key_read: missing keytype
>> debug1: identity file //crescent/grudd/.ssh/id_dsa type 2
>> debug1: identity file //crescent/grudd/.ssh/identity type 0
>> debug1: identity file //crescent/grudd/.ssh/id_rsa type 0
>> debug3: Not a RSA1 key file //crescent/grudd/.ssh/id_dsa.
>> debug2: key_type_from_name: unknown key type '-----BEGIN'
>> debug3: key_read: missing keytype
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug3: key_read: missing whitespace
>> debug2: key_type_from_name: unknown key type '-----END'
>> debug3: key_read: missing keytype
>> debug1: identity file //crescent/grudd/.ssh/id_dsa type 2
>> debug1: Remote protocol version 2.0, remote software version
>> OpenSSH_3.8.1p1
>> debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*
>> debug1: Enabling compatibility mode for protocol 2.0
>> debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
>> debug1: SSH2_MSG_KEXINIT sent
>> debug1: SSH2_MSG_KEXINIT received
>> debug2: kex_parse_kexinit:
>> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>> debug2: kex_parse_kexinit:
>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
>> debug2: kex_parse_kexinit:
>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
>> debug2: kex_parse_kexinit:
>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
>> ac-md5-96
>> debug2: kex_parse_kexinit:
>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
>> ac-md5-96
>> debug2: kex_parse_kexinit: none,zlib
>> debug2: kex_parse_kexinit: none,zlib
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit: first_kex_follows 0
>> debug2: kex_parse_kexinit: reserved 0
>> debug2: kex_parse_kexinit:
>> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>> debug2: kex_parse_kexinit:
>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
>> ijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
>> debug2: kex_parse_kexinit:
>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
>> ijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
>> debug2: kex_parse_kexinit:
>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
>> ac-md5-96
>> debug2: kex_parse_kexinit:
>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
>> ac-md5-96
>> debug2: kex_parse_kexinit: none,zlib
>> debug2: kex_parse_kexinit: none,zlib
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit: first_kex_follows 0
>> debug2: kex_parse_kexinit: reserved 0
>> debug2: mac_init: found hmac-md5
>> debug1: kex: server->client aes128-cbc hmac-md5 none
>> debug2: mac_init: found hmac-md5
>> debug1: kex: client->server aes128-cbc hmac-md5 none
>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>> debug2: dh_gen_key: priv key bits set: 143/256
>> debug2: bits set: 524/1024
>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>> debug3: check_host_in_hostfile: filename //crescent/grudd/.ssh/known_hosts
>> debug3: check_host_in_hostfile: match line 1
>> debug1: Host 'localhost' is known and matches the RSA host key.
>> debug1: Found key in //crescent/grudd/.ssh/known_hosts:1
>> debug2: bits set: 496/1024
>> debug1: ssh_rsa_verify: signature correct
>> debug2: kex_derive_keys
>> debug2: set_newkeys: mode 1
>> debug1: SSH2_MSG_NEWKEYS sent
>> debug1: expecting SSH2_MSG_NEWKEYS
>> debug2: set_newkeys: mode 0
>> debug1: SSH2_MSG_NEWKEYS received
>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>> debug2: service_accept: ssh-userauth
>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>> debug2: key: //crescent/grudd/.ssh/id_dsa (0x100f24e0)
>> debug2: key: //crescent/grudd/.ssh/id_dsa (0x100e9218)
>> debug1: Authentications that can continue:
>> publickey,password,keyboard-interactive
>> debug3: start over, passed a different list
>> publickey,password,keyboard-interactive
>> debug3: preferred publickey,keyboard-interactive,password
>> debug3: authmethod_lookup publickey
>> debug3: remaining preferred: keyboard-interactive,password
>> debug3: authmethod_is_enabled publickey
>> debug1: Next authentication method: publickey
>> debug1: Offering public key: //crescent/grudd/.ssh/id_dsa
>> debug3: send_pubkey_test
>> debug2: we sent a publickey packet, wait for reply
>> debug1: Authentications that can continue:
>> publickey,password,keyboard-interactive
>> debug1: Offering public key: //crescent/grudd/.ssh/id_dsa
>> debug3: send_pubkey_test
>> debug2: we sent a publickey packet, wait for reply
>> debug1: Authentications that can continue:
>> publickey,password,keyboard-interactive
>> debug2: we did not send a packet, disable method
>> debug3: authmethod_lookup keyboard-interactive
>> debug3: remaining preferred: password
>> debug3: authmethod_is_enabled keyboard-interactive
>> debug1: Next authentication method: keyboard-interactive
>> debug2: userauth_kbdint
>> debug2: we sent a keyboard-interactive packet, wait for reply
>> debug1: Authentications that can continue:
>> publickey,password,keyboard-interactive
>> debug3: userauth_kbdint: disable: no info_req_seen
>> debug2: we did not send a packet, disable method
>> debug3: authmethod_lookup password
>> debug3: remaining preferred:
>> debug3: authmethod_is_enabled password
>> debug1: Next authentication method: password
>> grudd@localhost's password:
>>
>>
>>
>> Debug output from the server.
>>
>>
>> debug2: read_server_config: filename /etc/sshd_config
>> debug1: sshd version OpenSSH_3.8.1p1
>> debug1: private host key: #0 type 0 RSA1
>> debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
>> debug1: read PEM private key done: type RSA
>> debug1: private host key: #1 type 1 RSA
>> debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
>> debug1: read PEM private key done: type DSA
>> debug1: private host key: #2 type 2 DSA
>> debug1: Bind to port 22 on 0.0.0.0.
>> Server listening on 0.0.0.0 port 22.
>> Generating 768 bit RSA key.
>> RSA key generation complete.
>> debug1: Server will not fork when running in debugging mode.
>> Connection from 127.0.0.1 port 3545
>> debug1: Client protocol version 2.0; client software version
>> OpenSSH_3.8.1p1
>> debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*
>> debug1: Enabling compatibility mode for protocol 2.0
>> debug1: Local version string SSH-1.99-OpenSSH_3.8.1p1
>> debug2: Network child is on pid 1572
>> debug3: preauth child monitor started
>> debug3: mm_request_receive entering
>> debug1: list_hostkey_types: ssh-rsa,ssh-dss
>> debug1: SSH2_MSG_KEXINIT sent
>> debug1: SSH2_MSG_KEXINIT received
>> debug2: kex_parse_kexinit:
>> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>> debug2: kex_parse_kexinit:
>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
>> ijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
>> debug2: kex_parse_kexinit:
>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
>> ijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
>> debug2: kex_parse_kexinit:
>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
>> ac-md5-96
>> debug2: kex_parse_kexinit:
>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
>> ac-md5-96
>> debug2: kex_parse_kexinit: none,zlib
>> debug2: kex_parse_kexinit: none,zlib
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit: first_kex_follows 0
>> debug2: kex_parse_kexinit: reserved 0
>> debug2: kex_parse_kexinit:
>> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>> debug2: kex_parse_kexinit:
>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
>> ijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
>> debug2: kex_parse_kexinit:
>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
>> ijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
>> debug2: kex_parse_kexinit:
>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
>> ac-md5-96
>> debug2: kex_parse_kexinit:
>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
>> ac-md5-96
>> debug2: kex_parse_kexinit: none,zlib
>> debug2: kex_parse_kexinit: none,zlib
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit: first_kex_follows 0
>> debug2: kex_parse_kexinit: reserved 0
>> debug2: mac_init: found hmac-md5
>> debug1: kex: client->server aes128-cbc hmac-md5 none
>> debug2: mac_init: found hmac-md5
>> debug3: mm_request_send entering: type 5
>> debug2: monitor_read: 4 used once, disabling now
>> debug3: mm_request_receive entering
>> debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
>> debug3: mm_request_receive_expect entering: type 5
>> debug3: mm_request_receive entering
>> debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
>> debug2: kex_derive_keys
>> debug2: set_newkeys: mode 1
>> debug1: SSH2_MSG_NEWKEYS sent
>> debug1: expecting SSH2_MSG_NEWKEYS
>> Connection closed by 127.0.0.1
>> debug1: do_cleanup
>> debug1: do_cleanup
>> debug2: read_server_config: filename /etc/sshd_config
>> debug1: sshd version OpenSSH_3.8.1p1
>> debug1: private host key: #0 type 0 RSA1
>> debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
>> debug1: read PEM private key done: type RSA
>> debug1: private host key: #1 type 1 RSA
>> debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
>> debug1: read PEM private key done: type DSA
>> debug1: private host key: #2 type 2 DSA
>>
>>
>>
>> ssh_config file
>>
>>
>>
>> --
>> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>> Problem reports: http://cygwin.com/problems.html
>> Documentation: http://cygwin.com/docs.html
>> FAQ: http://cygwin.com/faq/
>>
>
> _________________________________________________________________
> FREE pop-up blocking with the new MSN Toolbar ­ get it now!
> http://toolbar.msn.com/go/onm00200415ave/direct/01/
>
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Problem reports: http://cygwin.com/problems.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
>
>



-- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/


_________________________________________________________________
Test your ?Travel Quotient? and get the chance to win your dream trip! http://travel.msn.com



-- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]