> debug1: identity file /roothome/.ssh/id_rsa type -1
> debug1: identity file /roothome/.ssh/id_dsa type -1
>
> Your connection is established, it clearlys
> states connection established, but then it
> fails on your rsa key, which is your public
> key, and your private key, or id_dsa key.
> Here, the authentication fails.
Not really. The SSH client did not find two
potential expected key files, but that's long
before it attempted to do any user
authentication. These messages are entirely
harmless, and are unrelated to the actual problem.
Consider, for example, the following
transcript of a successful session
establishment:
dy # uname -a
HP-UX dy B.11.11 U 9000/785 2012616114 unlimited-user license
dy # ssh -V
OpenSSH_5.3p1+sftpfilecontrol-v1.3-hpn13v5, OpenSSL 0.9.8l 5 Nov 2009
HP-UX Secure Shell-A.05.30.007, HP-UX Secure Shell version
dy # ssh -v -l sms alp-l
OpenSSH_5.3p1+sftpfilecontrol-v1.3-hpn13v5, OpenSSL 0.9.8l 5 Nov 2009
HP-UX Secure Shell-A.05.30.007, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to alp-l [10.0.0.9] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/3
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
[This newer SSH version looks for three key
files, none of which exists here. Then it
continues, beginning the conversation with
the remote system. Note that in a working
configuration, these messages are harmless,
not fatal. What's not working in the problem
case is the stuff below, the handshaking
between the two systems.]
debug1: Remote protocol version 2.0, remote software version 3.2.0 SSH OpenVMS V
5.5 VMS_sftp_version 3
debug1: no match: 3.2.0 SSH OpenVMS V5.5 VMS_sftp_version 3
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1+sftpfilecontrol-v1.3-hpn13v5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug1: REQUESTED ENC.NAME is 'aes128-cbc'
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: REQUESTED ENC.NAME is 'aes128-cbc'
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'alp-l' is known and matches the DSA host key.
debug1: Found key in /root/.ssh/known_hosts:10
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
@ SYS$MANAGER:ANNOUNCE.TXT
[That's the (defective) greeting from the
remote system. Basic handshaking is now
complete. _Now_ user authentication begins.]
debug1: Authentications that can continue: hostbased,publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
[Again, the expected key files are not found,
so publickey authentication fails, so we move
along to the next authentication method,
password...]
debug1: Next authentication method: password
sms@alp-l's password:
debug1: Authentication succeeded (password).
[I provided the correct password, so password
authentication succeeded, and so the
interactive session begins...]
debug1: Final hpn_buffer_size = 131072
debug1: HPN Disabled: 1, HPN Buffer Size: 131072
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
Welcome to VMS (Alpha) V8.3 on ALP.
[...]
> ssh_exchange_identification: Connection closed by remote host
While this does not show a user
authentication problem, it does suggest some
configuration problem, possibly involving the
old host keys, as previously suggested.
