- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- SSH trusted relationship
Operating System - HP-UX
1752798
Members
5711
Online
108789
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-17-2004 05:42 AM
тАО11-17-2004 05:42 AM
SSH trusted relationship
I have one server Sun Solaris 2.6 with SSH Server SSH-1.99-OpenSSH_3.1p1, and one server HPUX 11 with ssh client OpenSSH_3.8 , OpenSSL 0.9.7d 17 Mar 2004.
Im trying to establish a trusted relationship between them, but occurs always the same problem.
The used steps to reliable relation;
1) ssh-keygen -t dsa -N ""
1.1) Generated public and private keys in path /root/.ssh
2) scp id_dsa.pub root@host2:id_dsa.pub
2.1) cat /root/id_dsa.pub >> ~itochecker/.ssh/authorized_keys
3) ssh -i /root/id_dsa.pub itochecker@host2
4) chmod 600 id_dsa.pub
5) chmod 600 id_dsa
host1:/.ssh# ssh -vvvv -i id_dsa.pub itochecker@host2
OpenSSH_3.8 , OpenSSL 0.9.7d 17 Mar 2004
HP-UX_Secure_Shell-A.03.81.002, HP_UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug3: Seeding PRNG from /opt/ssh/libexec/ssh-rand-helper
debug2: ssh_connect: needpriv 0
debug1: Connecting to host2 [host2] port 22.
debug1: Connection established.
debug3: Not a RSA1 key file id_dsa.pub.
debug1: identity file id_dsa.pub type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 122/256
debug2: bits set: 494/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /.ssh/known_hosts
debug2: key_type_from_name: unknown key type '1024'
debug3: key_read: missing keytype
debug3: check_host_in_hostfile: match line 126
debug1: Host 'host2' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:126
debug2: bits set: 528/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: id_dsa.pub (4002ea18)
debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased
debug3: start over, passed a different list publickey,password,keyboard-interactive,hostbased
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: id_dsa.pub
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-dss blen 433
debug2: input_userauth_pk_ok: fp d7:55:36:ef:bf:91:a1:42:d1:8d:41:ed:61:e4:f4:06
debug3: sign_and_send_pubkey
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type
Enter passphrase for key 'id_dsa.pub':
_____________________________________________
From: Jose Giudice
Sent: Wednesday, November 17, 2004 4:22 PM
To: Rodrigo Ansai
Subject: Texto !
Rodrigo,
O caso ├й o seguinte, tenho que postar esta pergunta em um forum, por favor traduza para mim :
Srs,
Tenho um servidor Sun Solaris 2.6 com SSH Server SSH-1.99-OpenSSH_3.1p1, e um servidor HPUX 11 com ssh client OpenSSH_3.8 , OpenSSL 0.9.7d 17 Mar 2004. Estou tentando estabelecer uma rela├з├гo de confian├зa entre eles, por├йm caio sempre no mesmo problema.
Passos seguidos para a rela├з├гo de confian├зa :
1) ssh-keygen -t dsa -N ""
1.1) Gerado as chaves p├║blica e privada no diret├│rio /root/.ssh
2) scp id_dsa.pub root@host2:id_dsa.pub
2.1) cat /root/id_dsa.pub >> ~itochecker/.ssh/authorized_keys
3) ssh -i /root/id_dsa.pub itochecker@host2
4) chmod 600 id_dsa.pub
5) chmod 600 id_dsa
Problema:
host1:/.ssh# ssh -vvvv -i id_dsa.pub itochecker@host2
OpenSSH_3.8 , OpenSSL 0.9.7d 17 Mar 2004
HP-UX_Secure_Shell-A.03.81.002, HP_UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug3: Seeding PRNG from /opt/ssh/libexec/ssh-rand-helper
debug2: ssh_connect: needpriv 0
debug1: Connecting to host2 [host2] port 22.
debug1: Connection established.
debug3: Not a RSA1 key file id_dsa.pub.
debug1: identity file id_dsa.pub type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 122/256
debug2: bits set: 494/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /.ssh/known_hosts
debug2: key_type_from_name: unknown key type '1024'
debug3: key_read: missing keytype
debug3: check_host_in_hostfile: match line 126
debug1: Host 'host2' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:126
debug2: bits set: 528/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: id_dsa.pub (4002ea18)
debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased
debug3: start over, passed a different list publickey,password,keyboard-interactive,hostbased
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: id_dsa.pub
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-dss blen 433
debug2: input_userauth_pk_ok: fp d7:55:36:ef:bf:91:a1:42:d1:8d:41:ed:61:e4:f4:06
debug3: sign_and_send_pubkey
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type
Enter passphrase for key 'id_dsa.pub':
Tanks for all answers
Im trying to establish a trusted relationship between them, but occurs always the same problem.
The used steps to reliable relation;
1) ssh-keygen -t dsa -N ""
1.1) Generated public and private keys in path /root/.ssh
2) scp id_dsa.pub root@host2:id_dsa.pub
2.1) cat /root/id_dsa.pub >> ~itochecker/.ssh/authorized_keys
3) ssh -i /root/id_dsa.pub itochecker@host2
4) chmod 600 id_dsa.pub
5) chmod 600 id_dsa
host1:/.ssh# ssh -vvvv -i id_dsa.pub itochecker@host2
OpenSSH_3.8 , OpenSSL 0.9.7d 17 Mar 2004
HP-UX_Secure_Shell-A.03.81.002, HP_UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug3: Seeding PRNG from /opt/ssh/libexec/ssh-rand-helper
debug2: ssh_connect: needpriv 0
debug1: Connecting to host2 [host2] port 22.
debug1: Connection established.
debug3: Not a RSA1 key file id_dsa.pub.
debug1: identity file id_dsa.pub type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 122/256
debug2: bits set: 494/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /.ssh/known_hosts
debug2: key_type_from_name: unknown key type '1024'
debug3: key_read: missing keytype
debug3: check_host_in_hostfile: match line 126
debug1: Host 'host2' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:126
debug2: bits set: 528/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: id_dsa.pub (4002ea18)
debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased
debug3: start over, passed a different list publickey,password,keyboard-interactive,hostbased
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: id_dsa.pub
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-dss blen 433
debug2: input_userauth_pk_ok: fp d7:55:36:ef:bf:91:a1:42:d1:8d:41:ed:61:e4:f4:06
debug3: sign_and_send_pubkey
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type
Enter passphrase for key 'id_dsa.pub':
_____________________________________________
From: Jose Giudice
Sent: Wednesday, November 17, 2004 4:22 PM
To: Rodrigo Ansai
Subject: Texto !
Rodrigo,
O caso ├й o seguinte, tenho que postar esta pergunta em um forum, por favor traduza para mim :
Srs,
Tenho um servidor Sun Solaris 2.6 com SSH Server SSH-1.99-OpenSSH_3.1p1, e um servidor HPUX 11 com ssh client OpenSSH_3.8 , OpenSSL 0.9.7d 17 Mar 2004. Estou tentando estabelecer uma rela├з├гo de confian├зa entre eles, por├йm caio sempre no mesmo problema.
Passos seguidos para a rela├з├гo de confian├зa :
1) ssh-keygen -t dsa -N ""
1.1) Gerado as chaves p├║blica e privada no diret├│rio /root/.ssh
2) scp id_dsa.pub root@host2:id_dsa.pub
2.1) cat /root/id_dsa.pub >> ~itochecker/.ssh/authorized_keys
3) ssh -i /root/id_dsa.pub itochecker@host2
4) chmod 600 id_dsa.pub
5) chmod 600 id_dsa
Problema:
host1:/.ssh# ssh -vvvv -i id_dsa.pub itochecker@host2
OpenSSH_3.8 , OpenSSL 0.9.7d 17 Mar 2004
HP-UX_Secure_Shell-A.03.81.002, HP_UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug3: Seeding PRNG from /opt/ssh/libexec/ssh-rand-helper
debug2: ssh_connect: needpriv 0
debug1: Connecting to host2 [host2] port 22.
debug1: Connection established.
debug3: Not a RSA1 key file id_dsa.pub.
debug1: identity file id_dsa.pub type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 122/256
debug2: bits set: 494/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /.ssh/known_hosts
debug2: key_type_from_name: unknown key type '1024'
debug3: key_read: missing keytype
debug3: check_host_in_hostfile: match line 126
debug1: Host 'host2' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:126
debug2: bits set: 528/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: id_dsa.pub (4002ea18)
debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased
debug3: start over, passed a different list publickey,password,keyboard-interactive,hostbased
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: id_dsa.pub
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-dss blen 433
debug2: input_userauth_pk_ok: fp d7:55:36:ef:bf:91:a1:42:d1:8d:41:ed:61:e4:f4:06
debug3: sign_and_send_pubkey
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type
Enter passphrase for key 'id_dsa.pub':
Tanks for all answers
9 REPLIES 9
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-17-2004 05:48 AM
тАО11-17-2004 05:48 AM
Re: SSH trusted relationship
Jose,
if you just press, does it take it as a passphrase and yield you passwordless login?.
-Sri
if you just press
-Sri
You may be disappointed if you fail, but you are doomed if you don't try
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-17-2004 05:49 AM
тАО11-17-2004 05:49 AM
Re: SSH trusted relationship
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-17-2004 05:50 AM
тАО11-17-2004 05:50 AM
Re: SSH trusted relationship
Attaching a word doc.
Pay attention to directory permissions. You can use cat instead of X terminal to build the files.
SEP
Pay attention to directory permissions. You can use cat instead of X terminal to build the files.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-17-2004 05:54 AM
тАО11-17-2004 05:54 AM
Re: SSH trusted relationship
Hi Sridhar Bhaskarla
See above, I generated public and private keys with the command :
ssh-keygen -t dsa -N ""
-N "" = without pass-phrase
See above, I generated public and private keys with the command :
ssh-keygen -t dsa -N ""
-N "" = without pass-phrase
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-17-2004 06:04 AM
тАО11-17-2004 06:04 AM
Re: SSH trusted relationship
My directory permissions:
Server:
drwxr-xr-x 2 itocheckeritochecker 512 Nov 17 12:43 .ssh
-rw-r--r-- 1 itocheckeritochecker 929 Nov 17 15:07 authorized_keys
Client:
drwxr-xr-x 2 root sys 1024 Nov 17 13:21 .ssh
-rw------- 1 root sys 668 Nov 17 13:21 id_dsa
-rw------- 1 root sys 600 Nov 17 13:21 id_dsa.pub
My user is not a passwordless.
Thanks
Server:
drwxr-xr-x 2 itocheckeritochecker 512 Nov 17 12:43 .ssh
-rw-r--r-- 1 itocheckeritochecker 929 Nov 17 15:07 authorized_keys
Client:
drwxr-xr-x 2 root sys 1024 Nov 17 13:21 .ssh
-rw------- 1 root sys 668 Nov 17 13:21 id_dsa
-rw------- 1 root sys 600 Nov 17 13:21 id_dsa.pub
My user is not a passwordless.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-17-2004 06:05 AM
тАО11-17-2004 06:05 AM
Re: SSH trusted relationship
I know about -N.
I wanted to make sure if ssh is accepting as a passphrase or if it is rejecting it completely. Can you move id_dsa as id_dsa.old, generate the key again and try on the source system?
-Sri
I wanted to make sure if ssh is accepting
-Sri
You may be disappointed if you fail, but you are doomed if you don't try
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-17-2004 04:59 PM
тАО11-17-2004 04:59 PM
Re: SSH trusted relationship
Check itochecker's home directory permissions on host2. Make sure it's not group writable.
Otherwise, start server sshd with debug option (make sure port 22222 is not used on host2).
host2# sshd -d -p 22222
host1# ssh -vvv -p 22222 -i /root/.ssh/id_dsa.pub itochecker@host2
Examine output of sshd on host2 as it might give you additional clues.
Otherwise, start server sshd with debug option (make sure port 22222 is not used on host2).
host2# sshd -d -p 22222
host1# ssh -vvv -p 22222 -i /root/.ssh/id_dsa.pub itochecker@host2
Examine output of sshd on host2 as it might give you additional clues.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-17-2004 09:50 PM
тАО11-17-2004 09:50 PM
Re: SSH trusted relationship
Hi,
I started ssh with option -d on host2 and I try to access ssh -vvv -i id_dsa.pub from host1. Below I have the reply :
/opt/sbin/sshd -d
debug1: sshd version OpenSSH_3.1p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from host1 port 62073
debug1: Client protocol version 2.0; client software version OpenSSH_3.8
debug1: match: OpenSSH_3.8 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_3.1p1
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
WARNING: /usr/local/etc/moduli does not exist, using old modulus
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 136/256
debug1: bits set: 494/1024
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 530/1024
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user itochecker service ssh-connection method none
debug1: attempt 0 failures 0
debug1: Starting up PAM with username "itochecker"
debug1: PAM setting rhost to "host1"
Failed none for itochecker from host1 port 62073 ssh2
debug1: userauth-request for user itochecker service ssh-connection method publickey
debug1: attempt 1 failures 1
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 3003/3002 (e=0)
debug1: trying public key file /export/home/itochecker/.ssh/authorized_keys
debug1: matching key found: file /export/home/itochecker/.ssh/authorized_keys, line 2
Found matching DSA key: d7:55:36:ef:bf:91:a1:42:d1:8d:41:ed:61:e4:f4:06
debug1: restore_uid
Postponed publickey for itochecker from host1 port 62073 ssh2
I started ssh with option -d on host2 and I try to access ssh -vvv -i id_dsa.pub from host1. Below I have the reply :
/opt/sbin/sshd -d
debug1: sshd version OpenSSH_3.1p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from host1 port 62073
debug1: Client protocol version 2.0; client software version OpenSSH_3.8
debug1: match: OpenSSH_3.8 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_3.1p1
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
WARNING: /usr/local/etc/moduli does not exist, using old modulus
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 136/256
debug1: bits set: 494/1024
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 530/1024
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user itochecker service ssh-connection method none
debug1: attempt 0 failures 0
debug1: Starting up PAM with username "itochecker"
debug1: PAM setting rhost to "host1"
Failed none for itochecker from host1 port 62073 ssh2
debug1: userauth-request for user itochecker service ssh-connection method publickey
debug1: attempt 1 failures 1
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 3003/3002 (e=0)
debug1: trying public key file /export/home/itochecker/.ssh/authorized_keys
debug1: matching key found: file /export/home/itochecker/.ssh/authorized_keys, line 2
Found matching DSA key: d7:55:36:ef:bf:91:a1:42:d1:8d:41:ed:61:e4:f4:06
debug1: restore_uid
Postponed publickey for itochecker from host1 port 62073 ssh2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-21-2004 05:17 PM
тАО11-21-2004 05:17 PM
Re: SSH trusted relationship
I think the reason it didn't work was when you specify identity file on ssh command line (-i ) it should be private file (id_dsa) not public file (id_dsa.pub).
/* NOT OK */
# ssh -i /root/.ssh/id_dsa.pub itochecker@host2
/* OK */
# ssh -i /root/.ssh/id_dsa itochecker@host2
/* NOT OK */
# ssh -i /root/.ssh/id_dsa.pub itochecker@host2
/* OK */
# ssh -i /root/.ssh/id_dsa itochecker@host2
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP