some problems reading rsa/dsa keys

TARDIEU Emmanuel ETARDIEU at CPR.FR
Thu Jul 6 02:26:57 EST 2000


Hi people,

Please excuse this rather long debug output...

$ uname -a
SunOS echelon 5.6 Generic_105181-17 sun4u sparc SUNW,Ultra-Enterprise

$ /usr/local/openssh/bin/ssh -v x.x.x.x
SSH Version OpenSSH_2.1.1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
debug: Reading configuration data /usr/local/etc/ssh_config
debug: Applying options for *
debug: ssh_connect: getuid 1002 geteuid 0 anon 0
debug: Connecting to x.x.x.x [x.x.x.x] port x.
debug: Connection established.
debug: Remote protocol version 2.0, remote software version 2.0.13
(non-commercial)
datafellows: 2.0.13 (non-commercial)
Enabling compatibility mode for protocol 2.0
debug: Local version string SSH-2.0-OpenSSH_2.1.1
debug: loaded 20 entropy commands from /usr/local/etc/ssh_prng_cmds
debug: Seeding random number generator.
debug: OpenSSL random status is now 0

debug: 3 bytes from system calls
debug: Command 'arp -a -n' timed out
debug: 31 bytes from programs
debug: OpenSSL random status is now 1

debug: loading PRNG seed from file /export/home/joe/.ssh/prng_seed
debug: send KEXINIT
debug: done
debug: wait KEXINIT
debug: got kexinit: diffie-hellman-group1-sha1
debug: got kexinit: ssh-dss
debug: got kexinit: blowfish-cbc
debug: got kexinit: blowfish-cbc
debug: got kexinit: hmac-md5,md5-8,none
debug: got kexinit: hmac-md5,md5-8,none
debug: got kexinit: none,zlib
debug: got kexinit: none,zlib
debug: got kexinit: 
debug: got kexinit: 
debug: first kex follow: 0 
debug: reserved: 0 
debug: done
debug: kex: server->client blowfish-cbc hmac-md5 none
debug: kex: client->server blowfish-cbc hmac-md5 none
debug: Sending SSH2_MSG_KEXDH_INIT.
debug: bits set: 492/1024
debug: Wait SSH2_MSG_KEXDH_REPLY.
debug: Got SSH2_MSG_KEXDH_REPLY.
debug: keytype ssh-dss
debug: keytype ssh-dss
debug: Host 'x.x.x.x' is known and matches the DSA host key.
debug: bits set: 536/1024
debug: len 40 datafellows 15
debug: dsa_verify: signature correct
debug: Wait SSH2_MSG_NEWKEYS.
debug: GOT SSH2_MSG_NEWKEYS.
debug: send SSH2_MSG_NEWKEYS.
debug: done: send SSH2_MSG_NEWKEYS.
debug: done: KEX2.
debug: send SSH2_MSG_SERVICE_REQUEST
debug: buggy server: service_accept w/o service
debug: got SSH2_MSG_SERVICE_ACCEPT
debug: authentications that can continue: publickey
debug: key does not exist: /export/home/joe/.ssh/id_dsa
Permission denied (publickey).
debug: Calling cleanup 0x4e754(0x0)
debug: writing PRNG seed to file /export/home/joe/.ssh/prng_seed
debug: Calling cleanup 0x49204(0x0)

$ cat /usr/local/etc/ssh_config
# This is ssh client systemwide configuration file.  This file provides 
# defaults for users, and the values can be changed in per-user
configuration
# files or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for various options

# Host *
#   ForwardAgent yes
#   ForwardX11 yes
#   RhostsAuthentication yes
#   RhostsRSAAuthentication yes
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   FallBackToRsh yes
#   UseRsh no
#   BatchMode no
#   CheckHostIP yes
#   StrictHostKeyChecking no
#   IdentityFile ~/.ssh/identity
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   EscapeChar ~

# Be paranoid by default
Host *
        ForwardAgent no
        ForwardX11 yes
	  RSAAuthentication yes	        
        FallBackToRsh no
        IdentityFile ~/.ssh2/identification
        Port x
        Protocol 2

$ cat .ssh/identification
IdKey joe_dsa_1024


So, why doesn't the damn thing read the correct key? The key was generated
by ssh-2.0.13, it's a generic 1024bits DSA.

Thanks,
Emmanuel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20000705/d4fbc3d7/attachment.html 


More information about the openssh-unix-dev mailing list