Solaris 8 x86 rsa pubkey auth problem

Peter Stuge stuge-openssh-unix-dev at cdy.org
Sat Apr 22 01:13:20 EST 2006 

On Fri, Apr 21, 2006 at 02:35:28PM +0400, Mikhail Manuylov wrote:
> I got some weird problem with public key authentication using rsa
> key pair.
[..]

> I've generated rsa key pair via ssh-keygen, and placed public part of
> it into /home/root/.ssh/authorized_keys
> on both computers.

..double check this. See below:


> 2) module# /usr/pkg/sbin/sshd -D -d -d -d -e
[..]
> debug1: trying public key file /home/root/.ssh/authorized_keys
> debug3: secure_filename: checking '/usr/home/root/.ssh'
> debug3: secure_filename: checking '/usr/home/root'
> debug3: secure_filename: terminating check at '/usr/home/root'
> debug3: key_read: type mismatch
> debug2: user_key_allowed: check options: 'ssh-rsa
> AAAAB3NzaC1yc2EAAAABIwAAAQEA5SXtHW7fmMWxkvjUKkB3pEygK6MkzOUejT8DCucnLJ2NT/lDdsWUR1Bz+nFmzFrcHEnP1H0+zlTEEEr
> T1StBaiWmMO1mqD/AXh7XjVylsV+7E9qcQ6OHjfYaNjSffk1hAzLokrXti0qeBbZpz8yAy4LsscxNdX97aDtDB2S9AJYoWSNVsnJJKDGYlQpHL1sK+rfezYOHfeCyBh/Ui07sF2RbPz3k59QFok5VY1EUwvM0
> LMjXOAuTl0m7PyouuU3JSr7NRu52nsyNxPLwFvK1wvqX+5dJCIJ8Z9J1peWj4o51ERvKvx7rQSG7N/q10J41IU9koPsi/sr0usLmx3ROsw==
> root at kgc
> '
> debug2: key_type_from_name: unknown key type
> 'AAAAB3NzaC1yc2EAAAABIwAAAQEA5SXtHW7fmMWxkvjUKkB3pEygK6MkzOUejT8DCucnLJ2NT/lDdsWUR1Bz+nFmzFrcHEnP1H0+zlTEEErT1St
> BaiWmMO1mqD/AXh7XjVylsV+7E9qcQ6OHjfYaNjSffk1hAzLokrXti0qeBbZpz8yAy4LsscxNdX97aDtDB2S9AJYoWSNVsnJJKDGYlQpHL1sK+rfezYOHfeCyBh/Ui07sF2RbPz3k59QFok5VY1EUwvM0LMjX
> OAuTl0m7PyouuU3JSr7NRu52nsyNxPLwFvK1wvqX+5dJCIJ8Z9J1peWj4o51ERvKvx7rQSG7N/q10J41IU9koPsi/sr0usLmx3ROsw=='
> debug3: key_read: missing keytype
> debug2: user_key_allowed: advance:
> 'AAAAB3NzaC1yc2EAAAABIwAAAQEA5SXtHW7fmMWxkvjUKkB3pEygK6MkzOUejT8DCucnLJ2NT/lDdsWUR1Bz+nFmzFrcHEnP1H0+zlTEEErT1StBaiWmMO1mq
> D/AXh7XjVylsV+7E9qcQ6OHjfYaNjSffk1hAzLokrXti0qeBbZpz8yAy4LsscxNdX97aDtDB2S9AJYoWSNVsnJJKDGYlQpHL1sK+rfezYOHfeCyBh/Ui07sF2RbPz3k59QFok5VY1EUwvM0LMjXOAuTl0m7Py
> ouuU3JSr7NRu52nsyNxPLwFvK1wvqX+5dJCIJ8Z9J1peWj4o51ERvKvx7rQSG7N/q10J41IU9koPsi/sr0usLmx3ROsw==
> root at kgc
> '
> debug1: restore_uid: 0/1
> debug2: key not found
> debug1: temporarily_use_uid: 0/1 (e=0/1)
> debug1: trying public key file /home/root/.ssh/authorized_keys2
> debug1: restore_uid: 0/1
> debug3: mm_answer_keyallowed: key 80c04e8 is disallowed
> debug3: mm_request_send entering: type 21
> debug3: mm_request_receive entering
> debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss
> Failed publickey for root from 192.168.10.11 port 8759 ssh2

The above shows how sshd fails to parse the public key in
authorized_keys properly.


> 4) kdc# /usr/pkg/sbin/sshd -D -d -d -d -e
[..]
> debug1: trying public key file /home/root/.ssh/authorized_keys
> debug3: secure_filename: checking '/home/root/.ssh'
> debug3: secure_filename: checking '/home/root'
> debug3: secure_filename: terminating check at '/home/root'
> debug1: matching key found: file /home/root/.ssh/authorized_keys, line 1
> Found matching RSA key: 36:55:cf:41:48:e0:d5:71:f4:34:95:b9:da:72:65:a6
> debug1: restore_uid: 0/1
> debug3: mm_answer_keyallowed: key 80c0510 is allowed
> debug3: mm_request_send entering: type 21
> debug3: mm_key_verify entering
> debug3: mm_request_send entering: type 22
> debug3: mm_key_verify: waiting for MONITOR_ANS_KEYVERIFY
> debug3: mm_request_receive_expect entering: type 23
> debug3: mm_request_receive entering
> debug3: mm_request_receive entering
> debug3: monitor_read: checking request 22
> debug1: ssh_rsa_verify: signature correct
> debug3: mm_answer_keyverify: key 80c04b0 signature verified
> debug3: mm_request_send entering: type 23
> debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa
> Accepted publickey for root from 192.168.10.10 port 8302 ssh2

..whereas on this system the parsing works, and the client is
authenticated.


>From the above output, specifically this line:
> debug2: user_key_allowed: check options: 'ssh-rsa
> AAAAB3NzaC1yc2EAAAABIwAAAQEA5SXtHW7fmMWxkvjUKkB3pEygK6MkzOUejT8DCucnLJ2NT/lDdsWUR1Bz+nFmzFrcHEnP1H0+zlTEEEr
> T1StBaiWmMO1mqD/AXh7XjVylsV+7E9qcQ6OHjfYaNjSffk1hAzLokrXti0qeBbZpz8yAy4LsscxNdX97aDtDB2S9AJYoWSNVsnJJKDGYlQpHL1sK+rfezYOHfeCyBh/Ui07sF2RbPz3k59QFok5VY1EUwvM0
> LMjXOAuTl0m7PyouuU3JSr7NRu52nsyNxPLwFvK1wvqX+5dJCIJ8Z9J1peWj4o51ERvKvx7rQSG7N/q10J41IU9koPsi/sr0usLmx3ROsw==
> root at kgc
> '

I'm guessing that there's extra or malformed whitespace on the line,
which makes sshd believe that all of the key is actually options
(which are optional, but always appear first on each line, before any
whitespace)

Check sshd(8) under AUTHORIZED_KEYS FILE FORMAT and verify that your
file actually follows the format.

If it does have the proper format, there's certainly a bug somewhere.


//Peter

More information about the openssh-unix-dev mailing list