1 |
On Thursday 31 May 2007 07:42, Mick wrote: |
2 |
> On Wednesday 30 May 2007 21:42, Mauro Faccenda wrote: |
3 |
> > On Wednesday 30 May 2007 16:57, Mick wrote: |
4 |
> > > I find it confusing. First of all I do not have a id_rsa. |
5 |
> > |
6 |
> > it tries the default keys (id_rsa or id_dsa), if exists. |
7 |
> |
8 |
> id_rsa does not exist in my local /home/michael/.ssh/ only id_dsa is there |
9 |
> and the public key that I have saved in /home/mic/.ssh/authorized_keys on |
10 |
> the server is my corresponding id_dsa.pub. |
11 |
> |
12 |
> > if you don't want |
13 |
> > it to try it, you can use the -i parameter to ssh pointing to your |
14 |
> > private key (ssh -i ~/.ssh/id_dsa <user>@<server>), |
15 |
> |
16 |
> Trying with the -i option also fails: |
17 |
> ====================================== |
18 |
> $ ssh -v -p 22 -i /home/michael/.ssh/id_dsa mick@<blah-blah> |
19 |
> [snip] |
20 |
> debug1: Found key in /home/michael/.ssh/known_hosts:18 |
21 |
> debug1: ssh_rsa_verify: signature correct |
22 |
> debug1: Enabling compression at level 6. |
23 |
> debug1: SSH2_MSG_NEWKEYS sent |
24 |
> debug1: expecting SSH2_MSG_NEWKEYS |
25 |
> debug1: SSH2_MSG_NEWKEYS received |
26 |
> debug1: SSH2_MSG_SERVICE_REQUEST sent |
27 |
> debug1: SSH2_MSG_SERVICE_ACCEPT received |
28 |
> debug1: Authentications that can continue: |
29 |
> publickey,gssapi-with-mic,password debug1: Next authentication method: |
30 |
> publickey |
31 |
> debug1: Offering public key: /home/michael/.ssh/id_dsa |
32 |
> debug1: Authentications that can continue: |
33 |
> publickey,gssapi-with-mic,password debug1: Next authentication method: |
34 |
> password |
35 |
> ====================================== |
36 |
|
37 |
that's strange. |
38 |
|
39 |
which version of openssh do you use in the server and the client? |
40 |
mine: |
41 |
client: OpenSSH_4.5p1 |
42 |
server: OpenSSH_4.4p1 |
43 |
|
44 |
here mine output doing ssh to a server with only key authentication enabled: |
45 |
|
46 |
i don't have the id_dsa.pub in my local machine too. |
47 |
|
48 |
======================================= |
49 |
debug1: Found key in /home/faccenda/.ssh/known_hosts:8 |
50 |
debug1: ssh_rsa_verify: signature correct |
51 |
debug1: SSH2_MSG_NEWKEYS sent |
52 |
debug1: expecting SSH2_MSG_NEWKEYS |
53 |
debug1: SSH2_MSG_NEWKEYS received |
54 |
debug1: SSH2_MSG_SERVICE_REQUEST sent |
55 |
debug1: SSH2_MSG_SERVICE_ACCEPT received |
56 |
debug1: Authentications that can continue: publickey |
57 |
debug1: Next authentication method: publickey |
58 |
debug1: Trying private key: id_dsa |
59 |
debug1: PEM_read_PrivateKey failed |
60 |
debug1: read PEM private key done: type <unknown> |
61 |
Enter passphrase for key 'id_dsa': |
62 |
======================================= |
63 |
|
64 |
the failed part was because my key is password protected, so it asks me. |
65 |
|
66 |
> That's right, so why does it: |
67 |
> ====================================== |
68 |
> debug1: Trying private key: /home/michael/.ssh/id_rsa <--this doesn't exist |
69 |
> debug1: Offering public key: /home/michael/.ssh/id_dsa <--this is my |
70 |
> private key |
71 |
> ====================================== |
72 |
|
73 |
i didn't noticed this line... really strange. |
74 |
|
75 |
how your id_dsa was created? is it corrupted or does it has a public key on it |
76 |
instead? |
77 |
|
78 |
you should try creating your key pair again with: |
79 |
|
80 |
$ ssh-keygen -t dsa |
81 |
|
82 |
i would like to see the content of this file (or, at least the "headers"), but |
83 |
its a PRIVATE key. ;) |
84 |
|
85 |
the "headers" of mine: |
86 |
|
87 |
-----BEGIN DSA PRIVATE KEY----- |
88 |
Proc-Type: 4,ENCRYPTED |
89 |
DEK-Info: DES-EDE3-CBC,933FEB2C1C691496 |
90 |
|
91 |
|
92 |
> > > PS. Not sure if this is relevant but although my user name on the |
93 |
> > > server is mick, for reasons better known to him the sysadmin has |
94 |
> > > created my home directory as /home/mic - could it be that sshd is |
95 |
> > > looking for /home/mick? |
96 |
> > |
97 |
> > that messages isn't from the server, is from client running locally. but |
98 |
> > it doesnt matter for what you want. |
99 |
> |
100 |
> It matters if the server is trying to find id_dsa.pub in a non-existing |
101 |
> directory. |
102 |
|
103 |
but as i said, that message isn't from the server. being a redhat, i suppose |
104 |
that it uses redhat with more less the default configuration, that tries to |
105 |
read your public key on your user home in the server (~/.ssh/authorized_users |
106 |
or ~/.ssh/authorized_users2). and openssh knows where to look at. even when |
107 |
the home of the user isn't the default which is your case, right? |
108 |
|
109 |
hope it helps, |
110 |
.m |
111 |
-- |
112 |
gentoo-user@g.o mailing list |