passphrase for non existent key?

Peter Seuffert seuffert at gmd.de
Sat Mar 17 00:48:00 EST 2001


BUG: SSH asks for a passphrase for non existent key.

Version:  OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f


If I "ssh -2" to a remote host and there is no "authorized_keys2" at the
remote site
ssh asks for a passphrase for non existent key instead of falling back
to asking for a rlogin-password.

Same situation if you specify a non-existant userid:
   ssh -2 xyz at localhost
   ssh asks for secret passphrase of user "hops". Should ask for
password of "xyz"

"ssh -1" handles all this correctly.

- Peter



tarifa ~> ssh -2 -v xyz at localhost

OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug: Reading configuration data /home/hops/.ssh/config
debug: Applying options for *
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for *
debug: Rhosts Authentication disabled, originating port will not be
trusted.
debug: ssh_connect: getuid 129 geteuid 129 anon 1
debug: Connecting to localhost [127.0.0.1] port 22.
debug: Connection established.
debug: identity file /home/hops/.ssh/identity type 0
debug: identity file /home/hops/.ssh/id_rsa1 type 3
debug: identity file /home/hops/.ssh/id_dsa type 3
debug: Remote protocol version 1.99, remote software version
OpenSSH_2.5.1p1
debug: match: OpenSSH_2.5.1p1 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug: Local version string SSH-2.0-OpenSSH_2.5.1p1
debug: Seeded RNG with 57 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: send KEXINIT
debug: done
debug: wait KEXINIT
debug: got kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug: got kexinit: ssh-dss
debug: got kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug: got kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug: got kexinit:
hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug: got kexinit:
hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug: got kexinit: none,zlib
debug: got kexinit: none,zdebug: got kexinit: 
debug: got kexinit: 
debug: first kex follow: 0 
debug: reserved: 0 
debug: done
debug: kex: server->client 3des-cbc hmac-sha1 none
debug: kex: client->server 3des-cbc hmac-sha1 none
debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST.
debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP.
debug: Got SSH2_MSG_KEX_DH_GEX_GROUP.
debug: bits set: 535/1024
debug: Sending SSH2_MSG_KEX_DH_GEX_INIT.
debug: Wait SSH2_MSG_KEX_DH_GEX_REPLY.
debug: Got SSH2_MSG_KEXDH_REPLY.
debug: Forcing accepting of host key for loopback/localhost.
debug: bits set: 521/1024
debug: len 55 datafellows 0
debug: ssh_dss_verify: signature correct
debug: Wait SSH2_MSG_NEWKEYS.
debug: GOT SSH2_MSG_NEWKEYS.
debug: send SSH2_MSG_NEWKEYS.
debug: done: send SSH2_MSG_NEWKEYS.
debug: done: KEX2.
debug: send SSH2_MSG_SERVICE_REQUEST
debug: service_accept: ssh-userauth
debug: got SSH2_MSG_SERVICE_ACCEPT
debug: authentications that can continue:
publickey,password,keyboard-interactive
debug: next auth method to try is publickey
debug: userauth_pubkey_agent: trying agent key .ssh/id_dsa
debug: authentications that can continue:
publickey,password,keyboard-interactive
debug: next auth method to try is publickey
debug: key does not exist: /home/hops/.ssh/id_rsa1
debug: try pubkey: /home/hops/.ssh/id_dsa
debug: PEM_read_PrivateKey failed
debug: read SSH2 private key done: name <no key> success 0
Enter passphrase for key '/home/hops/.ssh/id_dsa':


tarifa ~> ssh -1 -v xyz at localhost

OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug: Reading configuration data /home/hops/.ssh/config
debug: Applying options for *
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for *
debug: Rhosts Authentication disabled, originating port will not be
trusted.
debug: ssh_connect: getuid 129 geteuid 129 anon 1
debug: Connecting to localhost [127.0.0.1] port 22.
debug: Connection established.
debug: identity file /home/hops/.ssh/identity type 0
debug: identity file /home/hops/.ssh/id_rsa1 type 3
debug: identity file /home/hops/.ssh/id_dsa type 3
debug: Remote protocol version 1.99, remote software version
OpenSSH_2.5.1p1
debug: match: OpenSSH_2.5.1p1 pat ^OpenSSH
debug: Local version string SSH-1.5-OpenSSH_2.5.1p1
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Forcing accepting of host key for loopback/localhost.
debug: Seeded RNG with 57 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Encryption type: blowfish
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Trying RSA authentication via agent with 'hops at tarifa'
debug: Server refused our key.
debug: RSA authentication using agent refused.
debug: Trying RSA authentication with key 'hops at tarifa'
debug: Server refused our key.
debug: Doing password authentication.
xyz at localhost's password: 



-- 
     __o     Peter Seuffert
   _`\<,_    German National Research Center for Information Technology
(GMD)
  (_)/ (_)   Institute for Applied Information Technology (FIT.CSCW)
 ~~~~~~~~~~~ Schloss Birlinghoven, D-53754 St.Augustin, Germany
	     EMAIL: Seuffert at gmd.de PHONE: +49-2241-142868 FAX: +49-2241-142084





More information about the openssh-unix-dev mailing list