Re: [SLUG] SSH2 RSA login

From: Ian C. Blenke (icblenke@nks.net)
Date: Fri Sep 27 2002 - 14:28:32 EDT

Next message: Ronan Heffernan: "Re: [SLUG] Can Netscape download file via html?"
Previous message: Logan Tygart: "Re: [SLUG] #apropos filter yeilds only lpf: lpstat on a lpd printer yeilds jetdirect lpd: no entries??"
In reply to: Larry Sanders: "[SLUG] SSH2 RSA login"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Thu, 2002-09-26 at 22:05, Larry Sanders wrote:
> Here is a mystery, at least to me.
> My firewall machine, moshe, is running RH7.2 updated.
> All the remote services are disabled and iptables accepts packets
> for port 222 so I can remotely connect with ssh.
> The sshd service, openssh server 3.1, is running.

Wow. That's old. I'm hoping that's at least a down-ported patched
version (or at least a very recently vendor patched version). You should
be running 3.4p1 for various security reasons.

> I want to connect from a Windows box elsewhere on the internet.
> I have been using putty (1/14/2002) and WinSCP 2.0beta.
> Using sneaker-net with the diskette to install the keys in the linux
> users ~/.ssh/authorized_keys file, then I try to connect.

I don't use putty (being a cygwin openssh purist when I'm forced to use
Windows), but I do know that many windows ssh clients don't gen either
host keys or user keys to keep in a persistent way.

> Using the keys generated by putty-gen, then I get a message from
> logining in that the key is rejected and a prompt for a password,
> not the prompt for the key passphrase. AND then it lets me login.

The first password is for you to "unlock" your local private key from
the file before putty can even send it to the ssh server on the other
end. After it challenges with your private key, the client will either
be accepted or rejected by the server. My guess is the latter is true
here. After this, you may continue logging in with a password
authentication (if that is enabled in your sshd_config on the server).

What type of key did you gen? rsa1? rsa? dsa? did you put it in the
correct authorized_keys (or authorized_keys2 for your version) file? do
those files have the correct permissions? what does /var/log/auth.log
say on the linux box?

> WHAT IS HAPPENING?

There are many possibilities which can only be explored with the
appropriate troubleshooting information. Snippets from your auth.log
would be a good start, as well as a verbose trace of the handshake (like
an "ssh -v" - however you might do that with putty).

- Ian C. Blenke <icblenke@nks.net>

Next message: Ronan Heffernan: "Re: [SLUG] Can Netscape download file via html?"
Previous message: Logan Tygart: "Re: [SLUG] #apropos filter yeilds only lpf: lpstat on a lpd printer yeilds jetdirect lpd: no entries??"
In reply to: Larry Sanders: "[SLUG] SSH2 RSA login"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:04:40 EDT