On 23 Mar 2001, at 20:52, Krzys Majewski wrote: > What happens if you ssh -v -v -v to both the good machine and the bad > machine? The output below suggests that the bad machine is choking on > both your rsa key and your dsa key. The good machine only chokes on > the dsa key, so maybe it's using whatever rsa key you give it (and > perhaps this is a different rsa key than you supplied to the bad > machine). The verbose output from the ssh client would confirm > this. For example, I think the ssh2 protocol uses only dsa keys. > -chris The interesting thing is that the keys were generated by make host- key, so I don't know why it's rejecting one. The even MORE interesting thing is that by enabling PAM everything works - although I still get DSA key rejects from the server. However, here is the output of ssh -v -v -v from both machines:
--- from athena to hermes --- [EMAIL PROTECTED]:~$ ssh -v -v -v hermes OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f debug1: Seeding random number generator debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: getuid 1000 geteuid 0 anon 1 debug1: Connecting to hermes [10.0.0.66] port 22. debug1: Connection established. debug1: unknown identity file /home/lfabio/.ssh/identity debug1: identity file /home/lfabio/.ssh/identity type -1 debug1: unknown identity file /home/lfabio/.ssh/id_rsa debug1: identity file /home/lfabio/.ssh/id_rsa type -1 debug1: unknown identity file /home/lfabio/.ssh/id_dsa debug1: identity file /home/lfabio/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_2.5.2p2 debug1: match: OpenSSH_2.5.2p2 pat ^OpenSSH debug1: Local version string SSH-1.5-OpenSSH_2.5.2p2 debug1: Waiting for server public key. debug1: Received server public key (768 bits) and host key (1024 bits). The authenticity of host 'hermes (10.0.0.66)' can't be established. RSA1 key fingerprint is b0:79:4b:4b:6a:2c:3d:99:a3:d4:f9:f9:93:18:6d:c0. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'hermes,10.0.0.66' (RSA1) to the list of known hosts. debug1: Encryption type: 3des debug1: Sent encrypted session key. debug1: Installing crc compensation attack detector. debug1: Received encrypted confirmation. debug1: Doing password authentication. [EMAIL PROTECTED]'s password: debug1: Requesting pty. debug1: Requesting shell. debug1: Entering interactive session. --- end --- --- from hermes to athena ---- [EMAIL PROTECTED]:~$ ssh -v -v -v athena OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f debug1: Seeding random number generator debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: getuid 1000 geteuid 0 anon 1 debug1: Connecting to athena [10.0.0.65] port 22. debug1: Connection established. debug1: unknown identity file /home/lfabio/.ssh/identity debug1: identity file /home/lfabio/.ssh/identity type -1 debug1: unknown identity file /home/lfabio/.ssh/id_rsa debug1: identity file /home/lfabio/.ssh/id_rsa type -1 debug1: unknown identity file /home/lfabio/.ssh/id_dsa debug1: identity file /home/lfabio/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_2.5.2p2 debug1: match: OpenSSH_2.5.2p2 pat ^OpenSSH debug1: Local version string SSH-1.5-OpenSSH_2.5.2p2 debug1: Waiting for server public key. debug1: Received server public key (768 bits) and host key (1024 bits). The authenticity of host 'athena (10.0.0.65)' can't be established. RSA1 key fingerprint is 65:f6:cb:10:02:c0:41:32:22:61:b0:d3:ef:37:e0:c4. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'athena,10.0.0.65' (RSA1) to the list of known hosts. debug1: Encryption type: 3des debug1: Sent encrypted session key. debug1: Installing crc compensation attack detector. debug1: Received encrypted confirmation. debug1: Doing password authentication. [EMAIL PROTECTED]'s password: debug1: Requesting pty. debug1: Requesting shell. debug1: Entering interactive session. --- end --- The interesting part is that if i ssh -2 forcing the V2 protocol, which I prefer, I get a lot more debug stuff - but still no errors. Nonetheless, I'd really like to know why ssh wasn't running without PAM, especially since it's the only programme which gives me trouble. Everything else, from sendmail to apache to proftp to pop3d... works fine on the first try on both machines (and several others, I might add). Regards, Luigi Fabio - [EMAIL PROTECTED]
