openssl w/ rsaref openssh won't configure

Tom Bertelson tbert at abac.com
Thu May 11 22:50:23 EST 2000 

Markus Friedl wrote:
> 
> what's the problem w/ DSA auth?  did you generate a DSA server key?

If you mean "ssh-keygen -d -N '' -f /etc/ssh_host_dsa_key" then yes.

The problem is that it simply refuses the DSA key.  Here are traces from
sshd -d and ssh -v.  Note the lines beginning with "**".

Since the simple test in the configure script fails, I suspect the
problem is with OpenSSL and not ssh.

sshd -d:
debug: sshd version OpenSSH-2.1
debug: Seeding random number generator
debug: read DSA private key done
debug: Seeding random number generator
debug: Bind to port 2202 on 0.0.0.0.
Server listening on 0.0.0.0 port 2202.
Generating 768 bit RSA key.
debug: Seeding random number generator
debug: Seeding random number generator
RSA key generation complete.
debug: Server will not fork when running in debugging mode.
Connection from 127.0.0.1 port 37533
debug: Client protocol version 2.0; client software version OpenSSH-2.1
Enabling compatibility mode for protocol 2.0
debug: Local version string SSH-1.99-OpenSSH-2.1
debug: Sending KEX init.
debug: done
debug: got kexinit string: diffie-hellman-group1-sha1
debug: got kexinit string: ssh-dss
debug: got kexinit string: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc
debug: got kexinit string: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc
debug: got kexinit string: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug: got kexinit string: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug: got kexinit string: none
debug: got kexinit string: none
debug: got kexinit string: 
debug: got kexinit string: 
debug: first kex follow == 0
debug: reserved == 0
debug: done read kexinit
debug: kex: client->server 3des-cbc hmac-sha1 none
debug: kex: server->client 3des-cbc hmac-sha1 none
debug: Wait SSH2_MSG_KEXDH_INIT.
debug: bits set: 513/1024
debug: bits set: 500/1024
debug: sig size 20 20
debug: send SSH2_MSG_NEWKEYS.
debug: done: send SSH2_MSG_NEWKEYS.
debug: Wait SSH2_MSG_NEWKEYS.
debug: GOT SSH2_MSG_NEWKEYS.
debug: done: KEX2.
debug: userauth-request for user tbert service ssh-connection method
none
Failed none for tbert from 127.0.0.1 port 37533 ssh2
** debug: userauth-request for user tbert service ssh-connection method
publickey
** debug: keytype ssh-dss
** Failed publickey for tbert from 127.0.0.1 port 37533 ssh2
debug: userauth-request for user tbert service ssh-connection method
password
Accepted password for tbert from 127.0.0.1 port 37533 ssh2
debug: Entering interactive session for SSH2.

 ** junk removed **

Connection closed by remote host.
debug: Calling cleanup 0x20005a80(0x0)
debug: Calling cleanup 0x20005990(0x0)

ssh -v:
SSH Version OpenSSH-2.1, protocol versions 1.5/2.0.
Compiled with SSL (0x00905100).
debug: Reading configuration data /home/tbert/.ssh/config
debug: Reading configuration data /home/tbert/SSH2/etc/ssh_config
debug: Applying options for *
debug: Seeding random number generator
debug: ssh_connect: getuid 200 geteuid 200 anon 1
debug: Connecting to localhost [127.0.0.1] port 2202.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH-2.1
Enabling compatibility mode for protocol 2.0
debug: Local version string SSH-2.0-OpenSSH-2.1
debug: Sending KEX init.
debug: Seeding random number generator
debug: done
debug: got kexinit string: diffie-hellman-group1-sha1
debug: got kexinit string: ssh-dss
debug: got kexinit string: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc
debug: got kexinit string: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc
debug: got kexinit string: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug: got kexinit string: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug: got kexinit string: zlib,none
debug: got kexinit string: zlib,none
debug: got kexinit string: 
debug: got kexinit string: 
debug: first kex follow == 0
debug: reserved == 0
debug: done read kexinit
debug: kex: server->client 3des-cbc hmac-sha1 none
debug: kex: client->server 3des-cbc hmac-sha1 none
debug: Sending SSH2_MSG_KEXDH_INIT.
debug: bits set: 500/1024
debug: Wait SSH2_MSG_KEXDH_REPLY.
debug: Got SSH2_MSG_KEXDH_REPLY.
** debug: keytype ssh-dss
** debug: Forcing accepting of host key for loopback/localhost.
** debug: bits set: 513/1024
** debug: len 55 datafellows 0
** debug: dsa_verify: signature correct
debug: Wait SSH2_MSG_NEWKEYS.
debug: GOT SSH2_MSG_NEWKEYS.
debug: send SSH2_MSG_NEWKEYS.
debug: done: send SSH2_MSG_NEWKEYS.
debug: done: KEX2.
debug: send SSH2_MSG_SERVICE_REQUEST
debug: service_accept: ssh-userauth
debug: got SSH2_MSG_SERVICE_ACCEPT
debug: authentications that can continue: publickey,password
debug: try pubkey: /home/tbert/.ssh/id_dsa
** debug: PEM_read_bio_DSAPrivateKey failed
debug: read DSA private key done
debug: read DSA private key done
debug: sig size 20 20
debug: authentications that can continue: publickey,password
debug: ssh-userauth2 successfull
debug: fd 5 setting O_NONBLOCK
debug: fd 6 setting O_NONBLOCK
debug: channel 0: new [client-session]
debug: send channel open 0
debug: Entering interactive session.

 ** junk removed **

Connection to localhost closed.
debug: Transferred: stdin 0, stdout 0, stderr 33 bytes in 8.1 seconds
debug: Bytes per second: stdin 0.0, stdout 0.0, stderr 4.1
debug: Exit status 0

-- 
Tom Bertelson           "Any sufficiently advanced technology
RHI Consulting           is indistinguishable from magic."
tbert at abac.com             -- Arthur C. Clarke

More information about the openssh-unix-dev mailing list