ssh-agent and id_dsa

Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE
Tue Feb 20 21:35:36 EST 2001 

On Tue, Feb 20, 2001 at 11:12:19AM +0100, Markus Friedl wrote:
> why don't you rename the key? :)

Because I use ssh-agent when I sit in front of my workstation (automatic
startup via CDE, really practical thing). When I log in from remote via
slogin, I don't always startup ssh-agent and then it is ok to be asked :-)

> does the protocol-1 implementation remember keys?

Hmm, you tend to ask difficult questions...

ws01 23: slogin -v -p 24 -l root ws01
OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug: Reading configuration data /home/aet/serv01/jaenicke/.ssh/config
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for *
debug: ssh_connect: getuid 11019 geteuid 0 anon 0
debug: Connecting to ws01 [141.43.132.151] port 24.
debug: Seeding random number generator
debug: Allocated local port 601.
debug: Connection established.
debug: identity file /home/aet/serv01/jaenicke/.ssh/identity type 0
debug: identity file /home/aet/serv01/jaenicke/.ssh/id_dsa type 3
debug: Remote protocol version 1.99, remote software version OpenSSH_2.5.1p1
debug: match: OpenSSH_2.5.1p1 pat ^OpenSSH
debug: Local version string SSH-1.5-OpenSSH_2.5.1p1
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host 'ws01' is known and matches the RSA1 host key.
debug: Found key in /etc/ssh/ssh_known_hosts:23
debug: Seeding random number generator
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Trying RSA authentication via agent with 'jaenicke at emserv1'
debug: Server refused our key.
debug: RSA authentication using agent refused.
debug: Trying RSA authentication with key 'jaenicke at emserv1'
debug: Server refused our key.
debug: Doing password authentication.
root at ws01's password:
...
On the server this looks like:
debug1: Bind to port 24 on 0.0.0.0.
Server listening on 0.0.0.0 port 24.
Generating 768 bit RSA key.
debug1: Seeding random number generator
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 141.43.132.151 port 601
debug1: Client protocol version 1.5; client software version OpenSSH_2.5.1p1
debug1: match: OpenSSH_2.5.1p1 pat ^OpenSSH
debug1: Local version string SSH-1.99-OpenSSH_2.5.1p1
debug1: Sent 768 bit server key and 1024 bit host key.
debug1: Encryption type: 3des
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug1: Attempting authentication for root.
Failed rsa for ROOT from 141.43.132.151 port 601
Failed rsa for ROOT from 141.43.132.151 port 601
...

So obviously, it remembers the key...
identity file /home/aet/serv01/jaenicke/.ssh/identity type 0
is the RSA1 key I am using. It is passphrase protected and loaded into
ssh-agent.
ws01 23: ssh-add -l
1024 30:a7:58:3e:f5:bc:a2:0e:f5:16:09:71:b6:56:1e:ec jaenicke at emserv1 (RSA1)
1024 de:f8:a8:98:4b:18:9f:5f:d0:6f:67:91:1d:f7:c4:6a /home/aet/serv01/jaenicke/.ssh/id_dsa (DSA)

If I try the same with protocol 2:
...
debug: authentications that can continue: publickey,password,keyboard-interactive
debug: next auth method to try is publickey
debug: userauth_pubkey_agent: trying agent key /home/aet/serv01/jaenicke/.ssh/id_dsa
debug: authentications that can continue: publickey,password,keyboard-interactive
debug: next auth method to try is publickey
debug: try pubkey: /home/aet/serv01/jaenicke/.ssh/id_dsa
debug: PEM_read_PrivateKey failed
debug: read SSH2 private key done: name <no key> success 0
Enter passphrase for key '/home/aet/serv01/jaenicke/.ssh/id_dsa': 
debug: read SSH2 private key done: name dsa w/o comment success 1
debug: sig size 20 20
debug: authentications that can continue: publickey,password,keyboard-interactive
debug: next auth method to try is publickey
debug: next auth method to try is password
root at ws01's password:
...

and on the server:
...
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 failures 0
Failed none for ROOT from 141.43.132.151 port 813 ssh2
debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 1 failures 1
Failed publickey for ROOT from 141.43.132.151 port 813 ssh2
debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 2 failures 2
Failed publickey for ROOT from 141.43.132.151 port 813 ssh2
...

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke at aet.TU-Cottbus.DE
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153

More information about the openssh-unix-dev mailing list