[Bug 806] openssh after 3.6.1p1 can not authenticate via public rsa2 key

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Mar 4 02:25:52 EST 2004 

http://bugzilla.mindrot.org/show_bug.cgi?id=806

           Summary: openssh after 3.6.1p1 can not authenticate via public
                    rsa2 key
           Product: Portable OpenSSH
           Version: 3.8p1
          Platform: HPPA
        OS/Version: HP-UX
            Status: NEW
          Severity: major
          Priority: P2
         Component: ssh
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: peter.kielbasiewicz at philips.com


My compilation of openssh 3.7.1p2 and 3.8p1 can not authenticate from HPUX 10.20
via rsa2 or dsa public key.
The sshd daemon side works OK. I can use public key authentication from Linux or
Windows TO HPUX without problems.
I am using rsa2 keys and the keys as well as the access rights of my directory
structure are ok. I can connect to the sshd on HPUX from other platforms with my
key pair using public key authentication without problems.
When I try ssh  FROM  HPUX  to other hosts or even to myself sshd always asks
for a password.
It seems that the ssh client skips the public key authentication step as can be
seen from the debug output below.
The openssh version 3.6.1p1 does not show the described effect, i.e. I can
connect from HP-UX using my rsa2 public key authentication without problems.

As HP-UX does not support PAM I did not use the with-pam flag for compilation.
The compile flags were the same for all revisions and as follows:
              CFLAGS="+O3 +ESlit +Optrs_strongly_typed
-I$SRC/tcp_wrappers/$TCP_WRAPver" \
              LDFLAGS="-L$SRC/tcp_wrappers/$TCP_WRAPver" \
              ./configure --prefix=/opt/$VER \
                          --sysconfdir=/etc/opt/openssh \
                          --with-default-path="/usr/bin:/usr/sbin:/opt/$VER/bin" \
                          --with-ssl-dir=$SRC/openssl/$OPENSSLver \
                          --with-zlib=$SRC/zlib/$ZLIBver \
                          --with-prngd-socket=/var/run/egd-pool \
                          --with-tcp-wrappers \
                          --without-shadow \
                          --disable-suid-ssh

I compiled against
    TCP_WRAPver=tcp_wrappers_7.6-ipv6.3
    OPENSSLver=openssl-0.9.7c
    ZLIBver=zlib-1.2.1
    PRNGDver=prngd-0.9.27

Parts from debug output:
    debug1: identity file /home/peterk/.ssh/identity type -1
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug2: key_type_from_name: unknown key type '-----END'
    debug1: identity file /home/peterk/.ssh/id_rsa type 1
    debug1: identity file /home/peterk/.ssh/id_dsa type -1
    debug1: Remote protocol version 1.99, remote software version OpenSSH_3.8p1
   ...
    debug1: Authentications that can continue:
publickey,password,keyboard-interactive
    debug1: Next authentication method: publickey
    debug2: we did not send a packet, disable method
    debug1: Next authentication method: keyboard-interactive
    debug2: userauth_kbdint
    debug2: we sent a keyboard-interactive packet, wait for reply
    debug1: Authentications that can continue:
publickey,password,keyboard-interactive
    debug2: we did not send a packet, disable method



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-bugs mailing list