ssh-agent doesn't work for all hosts

Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE
Sun Oct 14 19:49:59 EST 2001


On Sat, Oct 13, 2001 at 10:06:10PM -0500, Orion Buckminster Montoya wrote:
> I've searched the FAQ and the list archives for the solution to this
> problem, and asked knowlegeable people, but to no avail.  Rather than
> spam the list with tons of ssh-v output, I've put it up at
> http://valla.uchicago.edu/ssh-v/, and referred to it below as
> appropriate.
> 
> I am running OpenSSH_2.9p2 on a Debian GNU/Linux (Sid) system, and I
> can't use ssh-agent to connect to some hosts, but for some I can.
> Some of these are running commerical SSH, but many are running
> OpenSSH.
[rest of information deleted]

If I analyze the output correctly, you only have an RSA1 key available
in your agent. Please understand, that there are 3 types of keys available:
* RSA1: only available for protocol 1 (ssh-1.2.x and OpenSSH running in
  compatibility mode). Check your output: if your logfile says
    Remote protocol version 1.5, remote software version ...
  and
    Host 'dsal.uchicago.edu' is known and matches the RSA1 host key
  you are using the old and deprecated protocol 1.
* DSA: only available for protocol 2 (ssh-2.xx and OpenSSH-2.x.x)
* RSA: only available for protocol 2 (OpenSSH-2.x.x, ssh-3(?)).

Solution: create a new set of public keys for DSA and RSA (protocol 2)
and also load them into the agent. If you use them with the same passphrase,
you can even add them with ssh-add all at once.
If you have all 3 keys available (RSA1, RSA, DSA) you will have all
options available.
Please also check out all of the ssh[d]_config files. You should enable
protocol 2 as the default protocol. This is not yet true in your case.

To the OpenSSH-maintainers: detecting this problem might have been easier,
if ssh -v (and/or sshd -d) would explicitly tell "choosing protocol x.x" :-)

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke at aet.TU-Cottbus.DE
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153



More information about the openssh-unix-dev mailing list