further problems with OpenSSH 2.5.1p1 on RH 6.2

mouring at etoh.eviladmin.org mouring at etoh.eviladmin.org
Wed Feb 21 17:48:27 EST 2001


Consider moving to 0.9.6 OpenSSL.  I belive part of the issues are
the RPMs are compiled against 0.9.6 and odd things occur when you
use 0.9.5a.

- Ben

On Wed, 21 Feb 2001 carl at bl.echidna.id.au wrote:

> I'm finding another problem with OpenSSH 2.5.1p1 on RH 6.2 (at least,
> I think it's the linux box that is the problem).
> 
> I'm ssh'ing to a RH 6.2 box from a Solaris 7 server (scp also... seems
> like the same problem).
> 
> I'm using authorized_keys and identity.pub files to do it automagically,
> and all works well when it's from user to user, where the username is the
> same, but if I do something like this :
> 
> root at solarisbox: ssh -l blah linuxbox
> 
> I'm seeing this :
> 
> ssh -1 -v -l blah linuxbox
> OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
> debug: Reading configuration data /opt/local/etc/ssh_config
> debug: Applying options for *
> debug: ssh_connect: getuid 0 geteuid 0 anon 0
> debug: Connecting to linuxbox [1.2.3.4] port 22.
> debug: Seeding random number generator
> debug: Allocated local port 635.
> debug: Connection established.
> debug: identity file //.ssh/identity type 0
> debug: Remote protocol version 1.99, remote software version OpenSSH_2.5.1p1
> debug: match: OpenSSH_2.5.1p1 pat ^OpenSSH
> debug: Local version string SSH-1.5-OpenSSH_2.5.1p1
> debug: Waiting for server public key.
> debug: Received server public key (768 bits) and host key (1024 bits).
> debug: Host 'linuxbox' is known and matches the RSA1 host key.
> debug: Found key in //.ssh/known_hosts:12
> debug: Seeding random number generator
> debug: Encryption type: 3des
> debug: Sent encrypted session key.
> debug: Installing crc compensation attack detector.
> debug: Received encrypted confirmation.
> debug: Trying RSA authentication with key 'root at solarisbox'
> debug: Received RSA challenge from server.
> debug: Sending response to host key RSA challenge.
> debug: Remote: RSA authentication accepted.
> debug: RSA authentication refused.
> debug: Doing password authentication.
> blah at linuxbox's password: 
> 
> 
> I didn't have this problem before upgrading from 2.3.0p1 on both.
> 
> running truss on the solaris box shows this :
> 
> debug: Found key in //.ssh/known_hosts:12
> debug: Seeding random number generator
> debug: Encryption type: 3des
> debug: Sent encrypted session key.
> debug: Installing crc compensation attack detector.
> debug: Received encrypted confirmation.
> 19087:  open("//.ssh/identity", O_RDONLY)               = 4
> debug: Trying RSA authentication with key 'root at solarisbox'
> debug: Received RSA challenge from server.
> 19087:  open("//.ssh/identity", O_RDONLY)               = 4
> debug: Sending response to host key RSA challenge.
> debug: Remote: RSA authentication accepted.
> debug: RSA authentication refused.
> debug: Doing password authentication.
> 19087:  open("/dev/tty", O_RDWR)                        = 4
> blah at linuxbox's password: 
> 
> I can get a passwordless logon if I come from the same username.
> 
> I'm going to back out back to 2.3.0p1, and see if that fixes it,
> but does anyone have any suggestions?  Maybe I broke a config file?
> 
> This is my sshd_config on the linuxbox :
> 
> #       $OpenBSD: sshd_config,v 1.32 2001/02/06 22:07:50 deraadt Exp $
> 
> # This is the sshd server system-wide configuration file.  See sshd(8)
> # for more information.
> 
> Port 22
> #Protocol 2,1
> #ListenAddress 0.0.0.0
> #ListenAddress ::
> HostKey /etc/ssh/ssh_host_key
> HostKey /etc/ssh/ssh_host_dsa_key
> #HostKey /etc/ssh/ssh_host_rsa_key
> ServerKeyBits 768
> LoginGraceTime 600
> KeyRegenerationInterval 3600
> PermitRootLogin yes
> #
> # Don't read ~/.rhosts and ~/.shosts files
> IgnoreRhosts yes
> # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
> #IgnoreUserKnownHosts yes
> StrictModes yes
> X11Forwarding no
> X11DisplayOffset 10
> PrintMotd yes
> KeepAlive yes
> 
> # Logging
> SyslogFacility AUTH
> LogLevel INFO
> #obsoletes QuietMode and FascistLogging
> 
> RhostsAuthentication no
> #
> # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
> RhostsRSAAuthentication no
> #
> RSAAuthentication yes
> 
> # To disable tunneled clear text passwords, change to no here!
> PasswordAuthentication yes
> PermitEmptyPasswords no
> 
> # Uncomment to disable s/key passwords 
> #ChallengeResponseAuthentication no
> 
> # To change Kerberos options
> #KerberosAuthentication no
> #KerberosOrLocalPasswd yes
> #AFSTokenPassing no
> #KerberosTicketCleanup no
> 
> # Kerberos TGT Passing does only work with the AFS kaserver
> #KerberosTgtPassing yes
> 
> #CheckMail yes
> #UseLogin no
> 
> #MaxStartups 10:30:60
> #Banner /etc/issue.net
> #ReverseMappingCheck yes
> 
> Subsystem       sftp    /usr/libexec/openssh/sftp-server
> 
> Carl
> 
> 






More information about the openssh-unix-dev mailing list