Converting SSH2 keys for use in OpenSSH
Olsen, Alan R
alan.r.olsen at intel.com
Thu Dec 8 11:54:45 EST 2011
I have a couple of keys generated using the F-Secure SSH2 client. I have converted those keys using "ssh-keygen -i -f samplekey.txt >> ~/.ssh/authorized_keys". When I try and log into the OpenSSH server using those keys, OpenSSH rejects using those keys.
I am under the assumption that this is supposed to work. If I connect using a password, there is no problem. It just does not want to use SSH2 keys.
Is this fixed in a later version? I am seeing this problem on multiple Linux servers and commercial versions of SSH2.
The OpenSSH version is OpenSSH_5.5p1, OpenSSL 1.0.0e-fips 6 Sep 2011
Here is the log information from the session.
C:\Users\arolsen> "\Program Files (x86)\F-Secure\Ssh\ssh2.exe" -d 4 -a -l alan myserver.intel.com
debug: Ssh2: User config file not found, using defaults. (Looked for 'C:/Users/a
rolsen/AppData/Roaming/F-Secure SSH/ssh2_config')
debug: Ssh2: remote host = "myserver.intel.com"
debug: SshCertEdb: EDB: Adding database: ssh.http
debug: SshCertEdb: EDB: Removing database: ssh.ldap
debug: SshCertEdb: EDB: Adding database: ssh.ldap
debug: Connecting to myserver.intel.com, port 22... (SOCKS not used)
debug: Ssh2: Entering event loop.
debug: Ssh2Client: Creating transport protocol.
debug: Ssh2Transport: Setting new keys and algorithms
debug: Ssh2Transport: Allocating cipher: name: none, key_len: 16.
debug: Ssh2Transport: Setting new keys and algorithms
debug: Ssh2Transport: Allocating cipher: name: none, key_len: 16.
debug: SshAuthMethodClient: Added "keyboard-interactive" to usable methods.
debug: SshAuthMethodClient: Added "publickey" to usable methods.
debug: SshAuthMethodClient: Added "password" to usable methods.
debug: Ssh2Client: Creating userauth protocol.
debug: client supports 3 auth methods: 'keyboard-interactive,publickey,password'
debug: Ssh2Common: local ip = 10.xx.xx.93, local port = 55264
debug: Ssh2Common: remote ip = 10.xx.xx.86, remote port = 22
debug: Ssh2Common: Creating connection protocol.
debug: SshConnection: Wrapping...
debug: SshTcp: Destroying ConnectContext...
debug: Remote version: SSH-2.0-OpenSSH_5.5
debug: OpenSSH: Major: 5 Minor: 5 Revision: 0
debug: Ssh2Transport: All versions of OpenSSH handle kex guesses incorrectly.
debug: Ssh2Transport: My version: SSH-1.99-3.2.3 F-Secure SSH Windows Client
debug: Ssh2Transport: local kexinit: first_packet_follows = FALSE
debug: Ssh2Transport: Processing received SSH_MSG_KEXINIT.
debug: Ssh2Transport: Computing algorithms from key exchange.
debug: Ssh2Transport: client: kex = diffie-hellman-group1-sha1, hk_alg = ssh-dss
,ssh-rsa,x509v3-sign-dss,x509v3-sign-rsa
debug: Ssh2Transport: server: kex = diffie-hellman-group-exchange-sha256,diffie-
hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sh
a1, hk_alg = ssh-rsa,ssh-dss
debug: Ssh2Transport: lang s to c: `', lang c to s: `'
debug: Ssh2Transport: first_kex_packet_follows: FALSE
debug: Ssh2Transport: c_to_s: cipher 3des-cbc, mac hmac-sha1, compression none
debug: Ssh2Transport: s_to_c: cipher 3des-cbc, mac hmac-sha1, compression none
debug: Ssh2Transport: Chosen host key algorithm: ssh-dss, Chosen kex algorithm:
diffie-hellman-group1-sha1, Guessed wrong
debug: Ssh2Transport: Guessed host key algorithm: ssh-dss, Guessed kex algorithm
: diffie-hellman-group1-sha1
debug: Ssh2Transport: Constructing the first key exchange packet.
debug: SshProtoTrKex: Making first key exchange packet.
debug: Ssh2Client: Got key of type ssh-dss
debug: Remote host key found from database.
debug: Ssh2Transport: Setting new keys and algorithms
debug: Ssh2Transport: Allocating cipher: name: 3des-cbc, key_len: 24.
debug: Ssh2Transport: Sending service request for "ssh-userauth".
debug: Ssh2Transport: Receiving SSH_MSG_NEWKEYS.
debug: Ssh2Transport: Setting new keys and algorithms
debug: Ssh2Transport: Allocating cipher: name: 3des-cbc, key_len: 24.
debug: Ssh2Transport: Waiting for a service accept packet.
debug: Ssh2Transport: Waiting for a service accept packet.
debug: Ssh2Transport: Received SSH_MSG_SERVICE_ACCEPT with service name "ssh-use
rauth".
debug: Ssh2Transport: Sending startup packet to application layer.
debug: Ssh2Transport: Sending algorithms to application layer.
debug: Ssh2Common: Received SSH_CROSS_STARTUP packet from connection protocol.
debug: Ssh2Common: Received SSH_CROSS_ALGORITHMS packet from connection protocol
.
debug: server offers auth methods 'publickey,gssapi-keyex,gssapi-with-mic,passwo
rd'.
debug: Ssh2AuthPubKeyClient: Starting pubkey auth...
debug: Ssh2AuthPubKeyClient: ssh_client_auth_pubkey_agent_open_complete agent=0x
0
debug: Ssh2AuthPubKeyClient: Agent is not running.
debug: Ssh2AuthPubKeyClient: Got 0 keys from the agent.
debug: Ssh2AuthPubKeyClient: Waiting for external keys. 0 seconds gone.
debug: Ssh2AuthPubKeyClient: Waiting for external keys. 0 seconds gone.
debug: SshUnixUserFiles: Found 2 keys from C:\Users\arolsen\AppData\Roaming\F-Se
cure SSH\userkeys
debug: SshUnixUserFiles: Found 0 certificates from C:\Users\arolsen\AppData\Roam
ing\F-Secure SSH\UserCertificates
debug: Ssh2AuthPubKeyClient: adding keyfile "C:\Users\arolsen\AppData\Roaming\F-
Secure SSH\userkeys\TestKey2dsa3k" to candidates
debug: Ssh2AuthPubKeyClient: adding keyfile "C:\Users\arolsen\AppData\Roaming\F-
Secure SSH\userkeys\TestKeyRSA2k" to candidates
debug: Ssh2AuthPubKeyClient: Trying 2 key candidates.
debug: server offers auth methods 'publickey,gssapi-keyex,gssapi-with-mic,passwo
rd'.
debug: server offers auth methods 'publickey,gssapi-keyex,gssapi-with-mic,passwo
rd'.
debug: Ssh2AuthPubKeyClient: All keys declined by server, disabling method.
debug: Ssh2AuthClient: Method 'publickey' disabled.
debug: server offers auth methods 'publickey,gssapi-keyex,gssapi-with-mic,passwo
rd'.
debug: Ssh2AuthPasswdClient: Starting password auth...
alan's password: ^C
C:\Users\arolsen>
More information about the openssh-unix-dev
mailing list