I can use passworless ssh login just fine by copying the public key to the
~/.ssh/authorized_keys2 of the machine I want to ssh to, without any
modification to /etc/ssh/ssh_config, provided the public key was generated
with ssh-keygen -t dsa and the passphrase left empty. When I try exactly
the same procedure, but the key type rsa (begin the procedure with
ssh-keygen -t rsa instead of sh-keygen -t dsa), I am always promted for my
password.
Is this a bug, or is there some distinction between the two key systems
that causes this behavior? Here is the most verbose output of the two
approaches disscussed above:
The dsa version that works:
anorien$ ssh -v -v -v [EMAIL PROTECTED]
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 1000 geteuid 0 anon 1
debug1: Connecting to aurora.uaf.edu [137.229.18.100] port 22.
debug1: temporarily_use_uid: 1000/1000 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 1000/1000 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/bkerin/.ssh/identity type 0
debug1: identity file /home/bkerin/.ssh/id_rsa type -1
debug3: No RSA1 key file /home/bkerin/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: no key found
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: no key found
debug1: identity file /home/bkerin/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version
OpenSSH_2.3.0p1
debug1: match: OpenSSH_2.3.0p1 pat ^OpenSSH_2\.3\.0
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9p2
debug2: Original cipher proposal: blowfish-cbc
debug2: Compat cipher proposal: blowfish-cbc
debug2: Original cipher proposal: blowfish-cbc
debug2: Compat cipher proposal: blowfish-cbc
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: blowfish-cbc
debug2: kex_parse_kexinit: blowfish-cbc
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss
debug2: kex_parse_kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,[EMAIL
PROTECTED]
debug2: kex_parse_kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,[EMAIL
PROTECTED]
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5,[EMAIL PROTECTED]
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5,[EMAIL PROTECTED]
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client blowfish-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server blowfish-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 150/256
debug1: bits set: 499/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/bkerin/.ssh/known_hosts2
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename /home/bkerin/.ssh/known_hosts2
debug3: check_host_in_hostfile: match line 1
debug1: Host 'aurora.uaf.edu' is known and matches the DSA host key.
debug1: Found key in /home/bkerin/.ssh/known_hosts2:1
debug1: bits set: 515/1024
debug1: len 55 datafellows 53376
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,password,keyboard-interactive
debug3: authmethod_lookup publickey
debug3: remaining preferred: password,keyboard-interactive
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug2: userauth_pubkey_agent: no keys at all
debug2: userauth_pubkey_agent: no more keys
debug2: userauth_pubkey_agent: no message sent
debug1: try privkey: /home/bkerin/.ssh/id_rsa
debug3: no such identity: /home/bkerin/.ssh/id_rsa
debug1: try pubkey: /home/bkerin/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: input_userauth_pk_ok: pkalg ssh-dss blen 434 lastkey 0x8091508
hint 2
debug2: input_userauth_pk_ok: fp
71:8a:36:b0:cf:52:bb:64:87:ff:ca:20:d7:2b:7a:7fdebug3:
sign_and_send_pubkey
debug1: read PEM private key done: type DSA
debug1: sig size 20 20
debug1: ssh-userauth2 successful: method publickey
debug3: clear hostkey 0
debug3: clear hostkey 1
debug3: clear hostkey 2
debug1: channel 0: new [client-session]
debug1: channel_new: 0
debug1: send channel open 0
debug1: Entering interactive session.
debug2: callback start
debug1: client_init id 0 arg 0
debug2: tty_make_modes: ospeed 38400
debug2: tty_make_modes: ispeed 38400
debug2: tty_make_modes: 1 3
debug2: tty_make_modes: 2 28
debug2: tty_make_modes: 3 127
debug2: tty_make_modes: 4 21
debug2: tty_make_modes: 5 4
debug2: tty_make_modes: 6 255
debug2: tty_make_modes: 7 255
debug2: tty_make_modes: 8 17
debug2: tty_make_modes: 9 19
debug2: tty_make_modes: 10 26
debug2: tty_make_modes: 12 18
debug2: tty_make_modes: 13 23
debug2: tty_make_modes: 14 22
debug2: tty_make_modes: 18 15
debug2: tty_make_modes: 30 0
debug2: tty_make_modes: 31 0
debug2: tty_make_modes: 32 0
debug2: tty_make_modes: 33 0
debug2: tty_make_modes: 34 0
debug2: tty_make_modes: 35 0
debug2: tty_make_modes: 36 1
debug2: tty_make_modes: 37 0
debug2: tty_make_modes: 38 1
debug2: tty_make_modes: 39 1
debug2: tty_make_modes: 40 0
debug2: tty_make_modes: 41 1
debug2: tty_make_modes: 50 1
debug2: tty_make_modes: 51 1
debug2: tty_make_modes: 52 0
debug2: tty_make_modes: 53 1
debug2: tty_make_modes: 54 1
debug2: tty_make_modes: 55 1
debug2: tty_make_modes: 56 0
debug2: tty_make_modes: 57 0
debug2: tty_make_modes: 58 0
debug2: tty_make_modes: 59 1
debug2: tty_make_modes: 60 1
debug2: tty_make_modes: 61 1
debug2: tty_make_modes: 62 0
debug2: tty_make_modes: 70 1
debug2: tty_make_modes: 71 0
debug2: tty_make_modes: 72 1
debug2: tty_make_modes: 73 0
debug2: tty_make_modes: 74 0
debug2: tty_make_modes: 75 0
debug2: tty_make_modes: 90 1
debug2: tty_make_modes: 91 1
debug2: tty_make_modes: 92 0
debug2: tty_make_modes: 93 0
debug1: channel request 0: shell
debug2: callback done
debug1: channel 0: open confirm rwindow 0 rmax 16384
debug2: channel 0: rcvd adjust 32768
Last login: Thu Aug 2 12:03:28 2001 from anorien.asf.ala
Digital UNIX V4.0F (Rev. 1229); Sun Sep 5 11:58:40 AKDT 1999
*************************************************************************
Welcome to Aurora, a Compaq Alpha DS20 running Compaq Tru64 Unix.
Rasmuson Division of Computing & Communications
...
The rsa version that doesn't work:
anorien$ ssh -v -v -v [EMAIL PROTECTED]
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 1000 geteuid 0 anon 1
debug1: Connecting to aurora.uaf.edu [137.229.18.100] port 22.
debug1: temporarily_use_uid: 1000/1000 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 1000/1000 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/bkerin/.ssh/identity type 0
debug3: No RSA1 key file /home/bkerin/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: no key found
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: no key found
debug1: identity file /home/bkerin/.ssh/id_rsa type 1
debug1: identity file /home/bkerin/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_2.3.0p1
debug1: match: OpenSSH_2.3.0p1 pat ^OpenSSH_2\.3\.0
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9p2
debug2: Original cipher proposal: blowfish-cbc
debug2: Compat cipher proposal: blowfish-cbc
debug2: Original cipher proposal: blowfish-cbc
debug2: Compat cipher proposal: blowfish-cbc
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: blowfish-cbc
debug2: kex_parse_kexinit: blowfish-cbc
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss
debug2: kex_parse_kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,[EMAIL
PROTECTED]
debug2: kex_parse_kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,[EMAIL
PROTECTED]
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5,[EMAIL PROTECTED]
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5,[EMAIL PROTECTED]
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client blowfish-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server blowfish-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 131/256
debug1: bits set: 520/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/bkerin/.ssh/known_hosts2
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename /home/bkerin/.ssh/known_hosts2
debug3: check_host_in_hostfile: match line 1
debug1: Host 'aurora.uaf.edu' is known and matches the DSA host key.
debug1: Found key in /home/bkerin/.ssh/known_hosts2:1
debug1: bits set: 527/1024
debug1: len 55 datafellows 53376
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,password,keyboard-interactive
debug3: authmethod_lookup publickey
debug3: remaining preferred: password,keyboard-interactive
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug2: userauth_pubkey_agent: no keys at all
debug2: userauth_pubkey_agent: no more keys
debug2: userauth_pubkey_agent: no message sent
debug1: try pubkey: /home/bkerin/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password
debug2: userauth_pubkey_agent: no more keys
debug2: userauth_pubkey_agent: no message sent
debug1: try privkey: /home/bkerin/.ssh/id_dsa
debug3: no such identity: /home/bkerin/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: keyboard-interactive
debug3: authmethod_is_enabled password
debug1: next auth method to try is password
[EMAIL PROTECTED]'s password:
...
Britton Kerin
__
GNU GPL: "The Source will be with you... always."
