PasswordAuthentication no and protocol V2

Gordon Rowell gordonr at e-smith.com
Mon May 21 22:29:13 EST 2001


PasswordAuthentication seems to be accepted regardless when DSA 
authentication is not available. Client and server are Linux - 
openssh-2.5.2p2-1.7.2

Server config is:
  Port 22
  ListenAddress 0.0.0.0
  HostKey /etc/ssh/ssh_host_key
  HostKey /etc/ssh/ssh_host_dsa_key
  KeyRegenerationInterval 3600
  LoginGraceTime 600
  ServerKeyBits 768
  IgnoreRhosts yes
  PasswordAuthentication no
  PermitEmptyPasswords no
  PermitRootLogin yes
  RSAAuthentication yes
  RhostsAuthentication no
  RhostsRSAAuthentication no
  StrictModes yes
  X11DisplayOffset 10
  X11Forwarding no
  CheckMail no
  KeepAlive yes
  PrintMotd yes
  SyslogFacility AUTH
  LogLevel INFO

User has an RSA key, but no DSA key.

  [gordonr at icedvovo]$ ssh timtam
  Enter passphrase for RSA key 'gordonr at xxxxx':

That's fine - RSA key accepted.

  [gordonr at icedvovo]$ ssh -2 timtam
  Password: 

Sorry? PasswordAuthentication is set to "no". I can log in using a 
password, and the server logs:

      May 21 08:21:12 timtam sshd[12079]: Accepted keyboard-interactive 
	for gordonr from 192.168.116.20 port 1832 ssh2

Is this is a Linux port problem or config problem? Is it reproducible in 
other versions?

[...]
debug1: Found key in /home/gordonr/.ssh/known_hosts2:3
debug1: bits set: 1024/2049
debug1: len 55 datafellows 0
debug1: ssh_dss_verify: signature correct
debug1: Wait SSH2_MSG_NEWKEYS.
debug1: GOT SSH2_MSG_NEWKEYS.
debug1: send SSH2_MSG_NEWKEYS.
debug1: done: send SSH2_MSG_NEWKEYS.
debug1: done: KEX2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /home/gordonr/.ssh/id_rsa
debug1: try privkey: /home/gordonr/.ssh/id_dsa
debug1: next auth method to try is keyboard-interactive
Password:

Gordon
--
  Gordon Rowell                         gordonr at e-smith.com
  http://www.e-smith.org (development)  http://www.e-smith.com (corporate)
  e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada




More information about the openssh-unix-dev mailing list