[BBLISA] SSH2 to OpenSSH authentication

Betsy Schwartz betsys at gsd.harvard.edu
Tue Feb 24 19:41:04 EST 2004 

I'm having trouble getting passwordless authentication to work on SSH2. I'm 
testing on two servers that share an NIS-mounted directory, but it 
ultimately has to work for an offsite user who has SSH2)

a) generated keys on the OpenSSH server with a blank passphrase
           ssh-keygen -t dsa -f ~/.ssh/id_dsa
                     copied id_dsa.pub to  .ssh/authorized_keys2   (on 
remote server)
     At this point passwordless connection between two OpenSSH servers 
works great

b) generated SSH2-style keys
    ssh-keygen -e -f .ssh/id_dsa.pub > id_dsa_ssh2.pub
   ssh-keygen -e -f .ssh/id_dsa > id_dsa_ssh2

     copied id_dsa_ssh2.pub and id_dsa_ssh2 to .ssh2 directory (on remote 
server)
     created .ssh2/authorization file 
containing:                                      ("" "")
         Key id_dsa_ssh2.pub
     created .ssh2/identification file 
containing:                                     ("""")
         IdKey id_dsa_ssh2

OpenSSH->SSH2 works. SSH2->OpenSSH, and SSH2-SSH2 want a password.  I've 
played around with running the server on a different port using -ddddd and 
running the client -v.

Client:
>debug: Ssh2Client/sshclient.c:1097/ssh_client_wrap: creating userauth protocol
>debug: Ssh2Client/sshclient.c:399/keycheck_key_match: Host key found from 
>database.
>debug: 
>Ssh2AuthPubKeyClient/authc-pubkey.c:330/ssh_client_auth_pubkey_send_signature: 
>Constructing and sending signature...
>debug: 
>Ssh2AuthPubKeyClient/authc-pubkey.c:423/ssh_client_auth_pubkey_send_signature: 
>ssh_client_auth_pubkey_send_signature: reading /home/username/.ssh2/id_dsa_ssh2
>Passphrase for key "/home/username/.ssh2/id_dsa_ssh2" with comment 
>"1024-bit DSA, converted from OpenSSH by username at hostname":

Server excerpt:

>debug1: trying public key file /home/username/.ssh/authorized_keys2
>debug3: secure_filename: checking '/home/username/.ssh'
>debug3: secure_filename: checking '/home/username'
>debug3: secure_filename: terminating check at '/home/username'
>debug1: matching key found: file /home/username/.ssh/authorized_keys2, line 1
>Found matching DSA key: <DSA key appears here>
>debug1: restore_uid: 0/1
>debug3: mm_answer_keyallowed: key 7fac8 is allowed
>debug3: mm_request_send entering: type 21
>debug3: mm_request_receive entering
>debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss
>Postponed publickey for username from 128.103.zzz.zzz port 52477 ssh2

Thanks for any clue bonks
Betsy

PS FWIW the OpenSSH box is Solaris 7 and the SSH2 box is Solaris 8. I've 
also got a couple Solaris 9 boxes running Sun SSH. I can go from them to 
OpenSSH but not vice versa.

PPS: we're getting there with  OpenSSH but it's slow going, mainly because 
of SSL. And the box that has to work with this isn't mine.



Betsy Schwartz                                                    email: 
betsys at gsd.harvard.edu
Unix Systems Administrator,CRG                           voice: 617-495-5947
Harvard Graduate School of Design                         fax:    617-496-5866


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.bblisa.org/pipermail/bblisa/attachments/20040224/dc933b2b/attachment.htm

More information about the bblisa mailing list