further problems with OpenSSH 2.5.1p1 on RH 6.2

carl at bl.echidna.id.au carl at bl.echidna.id.au
Wed Feb 21 13:03:25 EST 2001 

I'm finding another problem with OpenSSH 2.5.1p1 on RH 6.2 (at least,
I think it's the linux box that is the problem).

I'm ssh'ing to a RH 6.2 box from a Solaris 7 server (scp also... seems
like the same problem).

I'm using authorized_keys and identity.pub files to do it automagically,
and all works well when it's from user to user, where the username is the
same, but if I do something like this :

root at solarisbox: ssh -l blah linuxbox

I'm seeing this :

ssh -1 -v -l blah linuxbox
OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
debug: Reading configuration data /opt/local/etc/ssh_config
debug: Applying options for *
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to linuxbox [1.2.3.4] port 22.
debug: Seeding random number generator
debug: Allocated local port 635.
debug: Connection established.
debug: identity file //.ssh/identity type 0
debug: Remote protocol version 1.99, remote software version OpenSSH_2.5.1p1
debug: match: OpenSSH_2.5.1p1 pat ^OpenSSH
debug: Local version string SSH-1.5-OpenSSH_2.5.1p1
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host 'linuxbox' is known and matches the RSA1 host key.
debug: Found key in //.ssh/known_hosts:12
debug: Seeding random number generator
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Trying RSA authentication with key 'root at solarisbox'
debug: Received RSA challenge from server.
debug: Sending response to host key RSA challenge.
debug: Remote: RSA authentication accepted.
debug: RSA authentication refused.
debug: Doing password authentication.
blah at linuxbox's password: 


I didn't have this problem before upgrading from 2.3.0p1 on both.

running truss on the solaris box shows this :

debug: Found key in //.ssh/known_hosts:12
debug: Seeding random number generator
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
19087:  open("//.ssh/identity", O_RDONLY)               = 4
debug: Trying RSA authentication with key 'root at solarisbox'
debug: Received RSA challenge from server.
19087:  open("//.ssh/identity", O_RDONLY)               = 4
debug: Sending response to host key RSA challenge.
debug: Remote: RSA authentication accepted.
debug: RSA authentication refused.
debug: Doing password authentication.
19087:  open("/dev/tty", O_RDWR)                        = 4
blah at linuxbox's password: 

I can get a passwordless logon if I come from the same username.

I'm going to back out back to 2.3.0p1, and see if that fixes it,
but does anyone have any suggestions?  Maybe I broke a config file?

This is my sshd_config on the linuxbox :

#       $OpenBSD: sshd_config,v 1.32 2001/02/06 22:07:50 deraadt Exp $

# This is the sshd server system-wide configuration file.  See sshd(8)
# for more information.

Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_rsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding no
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes

# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging

RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
#
RSAAuthentication yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Uncomment to disable s/key passwords 
#ChallengeResponseAuthentication no

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

#CheckMail yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes

Subsystem       sftp    /usr/libexec/openssh/sftp-server

Carl

More information about the openssh-unix-dev mailing list