Solaris 8 x86 rsa pubkey auth problem

Mikhail Manuylov mikhail.manuilov at
Thu May 4 19:40:06 EST 2006

On 5/4/06, Darren Tucker <dtucker at> wrote:
> On Thu, May 04, 2006 at 09:48:57AM +0200, Peter Stuge wrote:
> > If ssh didn't read the public key in (2) the user would have to enter
> > the passphrase for any and all private keys available to ssh, not
> > just the one that would be used for actually authenticating the user.
> It's faster, too.
> Without it, you would also have to perform a sign (on the client) and
> verify (on the server) which is relatively expensive.  The "will you
> accept the key with this fingerprint?" operation is a lot cheaper than
> sign+verify (remember, the client might try a number of keys).

I look to diff of successfull and failed output of 'ssh -vvv' :
"-debug1: Offering public key: auditor_id_rsa
-debug3: send_pubkey_test
+debug1: Trying private key: auditor_id_rsa
+debug1: read PEM private key done: type RSA
+debug3: sign_and_send_pubkey"

Now with your comments I got it ( i just have no more time to dig sources).

Ok it's faster, but:

1) I can't find where in ssh(1) this feature is mentioned.
2) Is there method to check if particular public key is from one pair
with user (-i option) supplied private key.
Cause 100% guessing <private_key_filename>.pub for corresponding
pubkey file is somewhat naive.

> --
> Darren Tucker (dtucker at
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>     Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.

BTW, please CC me, cause I'm not subscribed to the list.

Truly yours, Mikhail Manuilov

More information about the openssh-unix-dev mailing list