They were not set this way. They were $ ls -al total 24 drwxr-xr-x 2 myuserid users 4096 Sep 25 17:31 . drwx------ 11 myuserid users 4096 Sep 25 15:33 .. -rw-r----- 1 myuserid users 2305 Sep 25 17:41 authorized_keys -rw-r----- 1 myuserid users 1703 May 22 17:27 authorized_keys.bak -rw-r----- 1 myuserid users 602 Sep 25 16:05 id_dsa2.pub -rw-r--r-- 1 myuserid users 228 Jun 17 10:09 known_hosts I changed them: $ ls -al total 24 drwx------ 2 myuserid users 4096 Sep 25 17:31 . drwx------ 11 myuserid users 4096 Sep 25 15:33 .. -rw------- 1 myuserid users 2305 Sep 25 17:41 authorized_keys -rw------- 1 myuserid users 1703 May 22 17:27 authorized_keys.bak -rw-r----- 1 myuserid users 602 Sep 25 16:05 id_dsa2.pub -rw-r--r-- 1 myuserid users 228 Jun 17 10:09 known_hosts I made the same changes on both machines. but it didn't help. $ ssh -i id_dsa2 -vvv ip2 OpenSSH_5.0p1, OpenSSL 0.9.8g 19 Oct 2007 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to ip2 [xxx.xxx.xxx.xxx] port 22. debug1: Connection established. debug3: Not a RSA1 key file id_dsa2. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'Proc-Type:' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'DEK-Info:' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file id_dsa2 type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9p1 debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.0 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfourr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfourr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd166 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd166 debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gr1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfourr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfourr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@ope6 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@ope6 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 119/256 debug2: bits set: 510/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/myuserid/.ssh/known_hosts debug3: check_host_in_hostfile: match line 3 debug3: check_host_in_hostfile: filename /home/myuserid/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug1: Host 'ip2' is known and matches the RSA host key. debug1: Found key in /home/myuserid/.ssh/known_hosts:3 debug2: bits set: 521/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: id_dsa2 (81570f8) debug1: Authentications that can continue: publickey debug3: start over, passed a different list publickey debug3: preferred publickey,password debug3: authmethod_lookup publickey debug3: remaining preferred: password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: id_dsa2 debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-dss blen 433 debug2: input_userauth_pk_ok: fp 26:15:f3:32:49:75:16:eb:29:39:49:ea:27:db:a3:30 debug3: sign_and_send_pubkey debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> Enter passphrase for key 'id_dsa2': debug2: no passphrase given, try next key debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey). $ It still insists I send a passphrase. WHY did PEM_read_PrivateKey fail? Steve Cohen Technical Architect AT&T Relay Services PROPRIETARY INFORMATION: Not for use or disclosure outside the AT&T family of companies except under written agreement -----Original Message----- From: Barry Brimer [mailto:barry.brimer@xxxxxxxxxxx] Sent: Thursday, September 25, 2008 4:47 PM To: COHEN, STEVEN M (ATTSI) Subject: Re: keys not recognized in Unixware --> RedHat Connection Quoting "COHEN, STEVEN M (ATTSI)" <myuserid@xxxxxxx>: > I am trying to connect via ssh from a box running UnixWare 5 7.1.3 > which has OpenSSH installed at version OpenSSH_5.0p1, OpenSSL 0.9.8g > 19 Oct 2007 to a box running Linux 2.6.9-78.0.1.EL #1 Tue Jul 22 > 17:50:01 EDT 2008 which has OpenSSH installed at version > OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003. > > I find that the keys generated on the Unixware box are not accepted on > the Linux box. This authentication always fails and I am forced to > type the passphrase in every time. > > I did the following (using non-standard key name since I did not want > to mess up existing connectivity): > > $ ssh-keygen -t dsa -f id_dsa2 > Generating public/private dsa key pair. > Enter passphrase (empty for no passphrase): > Enter same passphrase again: > Your identification has been saved in id_dsa2. > Your public key has been saved in id_dsa2.pub. > The key fingerprint is: ... > > Then, I copied id_dsa2.pub to the Linux box. > > and did the following on that box > > $ mv authorized_keys authorized_keys.bak $ cp id_dsa2.pub > authorized_keys The $HOME/.ssh directory should be user-owned 0700 and the $HOME/.ssh/authorized_keys should be user-owned 0600. What do your perms look like for these files?
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
