<html>
<body>
I'm having trouble getting passwordless authentication to work on SSH2.
I'm testing on two servers that share an NIS-mounted directory, but it
ultimately has to work for an offsite user who has SSH2)<br><br>
a) generated keys on the OpenSSH server with a blank passphrase<br>
<tt> ssh-keygen -t
dsa -f ~/.ssh/id_dsa</tt><font face="Fixedsys"> <br>
</font>
copied id_dsa.pub to .ssh/authorized_keys2 (on remote
server)<br>
At this point passwordless connection between two
OpenSSH servers works great<br><br>
b) generated SSH2-style keys<br>
<tt>ssh-keygen -e -f .ssh/id_dsa.pub >
id_dsa_ssh2.pub</tt><font face="Fixedsys"> <br>
</font><tt> ssh-keygen -e -f .ssh/id_dsa > id_dsa_ssh2<br><br>
</tt> copied id_dsa_ssh2.pub and id_dsa_ssh2 to .ssh2
directory (on remote server)<br>
created .ssh2/authorization file
containing:
("" "")<br>
Key id_dsa_ssh2.pub<br>
created .ssh2/identification file
containing:
("""")<br>
IdKey id_dsa_ssh2<br><br>
OpenSSH->SSH2 works. SSH2->OpenSSH, and SSH2-SSH2 want a
password. I've played around with running the server on a different
port using -ddddd and running the client -v. <br><br>
Client:<br>
<blockquote type=cite class=cite cite>debug:
Ssh2Client/sshclient.c:1097/ssh_client_wrap: creating userauth
protocol<br>
debug: Ssh2Client/sshclient.c:399/keycheck_key_match: Host key found from
database.<br>
debug:
Ssh2AuthPubKeyClient/authc-pubkey.c:330/ssh_client_auth_pubkey_send_signature:
Constructing and sending signature...<br>
debug:
Ssh2AuthPubKeyClient/authc-pubkey.c:423/ssh_client_auth_pubkey_send_signature:
ssh_client_auth_pubkey_send_signature: reading
/home/username/.ssh2/id_dsa_ssh2<br>
Passphrase for key "/home/username/.ssh2/id_dsa_ssh2" with
comment "1024-bit DSA, converted from OpenSSH by
username@hostname":</blockquote><font face="Fixedsys" size=5><br>
Server excerpt:<br><br>
</font><blockquote type=cite class=cite cite>debug1: trying public key
file /home/username/.ssh/authorized_keys2<br>
debug3: secure_filename: checking '/home/username/.ssh'<br>
debug3: secure_filename: checking '/home/username'<br>
debug3: secure_filename: terminating check at '/home/username'<br>
debug1: matching key found: file /home/username/.ssh/authorized_keys2,
line 1<br>
Found matching DSA key: <DSA key appears here><br>
debug1: restore_uid: 0/1<br>
debug3: mm_answer_keyallowed: key 7fac8 is allowed<br>
debug3: mm_request_send entering: type 21<br>
debug3: mm_request_receive entering<br>
debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss<br>
Postponed publickey for username from 128.103.zzz.zzz port 52477
ssh2<br>
</blockquote><br>
Thanks for any clue bonks <br>
Betsy<br><br>
PS FWIW the OpenSSH box is Solaris 7 and the SSH2 box is Solaris 8. I've
also got a couple Solaris 9 boxes running Sun SSH. I can go from them to
OpenSSH but not vice versa. <br><br>
PPS: we're getting there with OpenSSH but it's slow going, mainly
because of SSL. And the box that has to work with this isn't mine.
<br><br>
<br>
<x-sigsep><p></x-sigsep>
Betsy
Schwartz
email: betsys@gsd.harvard.edu<br>
Unix Systems
Administrator,CRG
voice: 617-495-5947<br>
Harvard Graduate School of
Design
fax: 617-496-5866<br><br>
<br>
</body>
</html>