Re: Patch for OpenSSH for Windows to allow authentication through certificates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Adriana Rodean wrote:
Hi Roumen,

I fixed the certificate validation, so it return 1(trusted) now, but I
still can’t go on. After everything seem to be OK, certificate
validated,
Client tries to authenticate with keyboard.interactive. This of course
doesn’t work and connection is closed.

Here is output  from server (started with option -d):
debug1: ssh_set_validator: ignore responder url
debug1: sshd version OpenSSH_5.1p1
debug1: read PEM private key begin
debug1: read X509 certificate done: type RSA+cert
debug1: read PEM private key done: type RSA+cert
debug1: private host key: #0 type 3 RSA+cert
[SNIP]
method keyboard-interactive
[SNIP]

and ouput from client (started with option -v):
OpenSSH_5.1p1, OpenSSL 0.9.8j 07 Jan 2009
debug1: Reading configuration data c:\\openssh\\bin\\ssh_config
debug1: ssh_set_validator: ignore responder url
debug1: Connecting to 10.3.3.12 [10.3.3.12] port 22.
debug1: Connection established.
debug1: identity file C:/OpenSSH/Certs/id_rsa type 3
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1
debug1: match: OpenSSH_5.1 pat OpenSSH*
[SNIP]
debug1: Host '10.3.3.12' is known and matches the RSA+cert host key.
debug1: Found key in /home/Administrator.JOGE/.ssh/known_hosts:1
[SNIP]
debug1: Authentications that can continue: keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: keyboard-interactive
[SNIP]
> What did I miss?

Check the client option PreferredAuthentications. In you case may be is only keyboard-interactive. The default is "hostbased, publickey, keyboard-interactive, password". For certificates it has to contain publickey or hostbased. Lets start with publickey.
Also check client options PubkeyAuthentication and PubkeyAlgorithms.

On the server check server options PubkeyAuthentication and PubkeyAlgorithms.

Initially you may left PubkeyAlgorithms as default.

[SNIP]

Roumen

[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux