| 1 |
On Thursday 31 May 2007 07:42, Mick wrote: |
| 2 |
> On Wednesday 30 May 2007 21:42, Mauro Faccenda wrote: |
| 3 |
> > On Wednesday 30 May 2007 16:57, Mick wrote: |
| 4 |
> > > I find it confusing. First of all I do not have a id_rsa. |
| 5 |
> > |
| 6 |
> > it tries the default keys (id_rsa or id_dsa), if exists. |
| 7 |
> |
| 8 |
> id_rsa does not exist in my local /home/michael/.ssh/ only id_dsa is there |
| 9 |
> and the public key that I have saved in /home/mic/.ssh/authorized_keys on |
| 10 |
> the server is my corresponding id_dsa.pub. |
| 11 |
> |
| 12 |
> > if you don't want |
| 13 |
> > it to try it, you can use the -i parameter to ssh pointing to your |
| 14 |
> > private key (ssh -i ~/.ssh/id_dsa <user>@<server>), |
| 15 |
> |
| 16 |
> Trying with the -i option also fails: |
| 17 |
> ====================================== |
| 18 |
> $ ssh -v -p 22 -i /home/michael/.ssh/id_dsa mick@<blah-blah> |
| 19 |
> [snip] |
| 20 |
> debug1: Found key in /home/michael/.ssh/known_hosts:18 |
| 21 |
> debug1: ssh_rsa_verify: signature correct |
| 22 |
> debug1: Enabling compression at level 6. |
| 23 |
> debug1: SSH2_MSG_NEWKEYS sent |
| 24 |
> debug1: expecting SSH2_MSG_NEWKEYS |
| 25 |
> debug1: SSH2_MSG_NEWKEYS received |
| 26 |
> debug1: SSH2_MSG_SERVICE_REQUEST sent |
| 27 |
> debug1: SSH2_MSG_SERVICE_ACCEPT received |
| 28 |
> debug1: Authentications that can continue: |
| 29 |
> publickey,gssapi-with-mic,password debug1: Next authentication method: |
| 30 |
> publickey |
| 31 |
> debug1: Offering public key: /home/michael/.ssh/id_dsa |
| 32 |
> debug1: Authentications that can continue: |
| 33 |
> publickey,gssapi-with-mic,password debug1: Next authentication method: |
| 34 |
> password |
| 35 |
> ====================================== |
| 36 |
|
| 37 |
that's strange. |
| 38 |
|
| 39 |
which version of openssh do you use in the server and the client? |
| 40 |
mine: |
| 41 |
client: OpenSSH_4.5p1 |
| 42 |
server: OpenSSH_4.4p1 |
| 43 |
|
| 44 |
here mine output doing ssh to a server with only key authentication enabled: |
| 45 |
|
| 46 |
i don't have the id_dsa.pub in my local machine too. |
| 47 |
|
| 48 |
======================================= |
| 49 |
debug1: Found key in /home/faccenda/.ssh/known_hosts:8 |
| 50 |
debug1: ssh_rsa_verify: signature correct |
| 51 |
debug1: SSH2_MSG_NEWKEYS sent |
| 52 |
debug1: expecting SSH2_MSG_NEWKEYS |
| 53 |
debug1: SSH2_MSG_NEWKEYS received |
| 54 |
debug1: SSH2_MSG_SERVICE_REQUEST sent |
| 55 |
debug1: SSH2_MSG_SERVICE_ACCEPT received |
| 56 |
debug1: Authentications that can continue: publickey |
| 57 |
debug1: Next authentication method: publickey |
| 58 |
debug1: Trying private key: id_dsa |
| 59 |
debug1: PEM_read_PrivateKey failed |
| 60 |
debug1: read PEM private key done: type <unknown> |
| 61 |
Enter passphrase for key 'id_dsa': |
| 62 |
======================================= |
| 63 |
|
| 64 |
the failed part was because my key is password protected, so it asks me. |
| 65 |
|
| 66 |
> That's right, so why does it: |
| 67 |
> ====================================== |
| 68 |
> debug1: Trying private key: /home/michael/.ssh/id_rsa <--this doesn't exist |
| 69 |
> debug1: Offering public key: /home/michael/.ssh/id_dsa <--this is my |
| 70 |
> private key |
| 71 |
> ====================================== |
| 72 |
|
| 73 |
i didn't noticed this line... really strange. |
| 74 |
|
| 75 |
how your id_dsa was created? is it corrupted or does it has a public key on it |
| 76 |
instead? |
| 77 |
|
| 78 |
you should try creating your key pair again with: |
| 79 |
|
| 80 |
$ ssh-keygen -t dsa |
| 81 |
|
| 82 |
i would like to see the content of this file (or, at least the "headers"), but |
| 83 |
its a PRIVATE key. ;) |
| 84 |
|
| 85 |
the "headers" of mine: |
| 86 |
|
| 87 |
-----BEGIN DSA PRIVATE KEY----- |
| 88 |
Proc-Type: 4,ENCRYPTED |
| 89 |
DEK-Info: DES-EDE3-CBC,933FEB2C1C691496 |
| 90 |
|
| 91 |
|
| 92 |
> > > PS. Not sure if this is relevant but although my user name on the |
| 93 |
> > > server is mick, for reasons better known to him the sysadmin has |
| 94 |
> > > created my home directory as /home/mic - could it be that sshd is |
| 95 |
> > > looking for /home/mick? |
| 96 |
> > |
| 97 |
> > that messages isn't from the server, is from client running locally. but |
| 98 |
> > it doesnt matter for what you want. |
| 99 |
> |
| 100 |
> It matters if the server is trying to find id_dsa.pub in a non-existing |
| 101 |
> directory. |
| 102 |
|
| 103 |
but as i said, that message isn't from the server. being a redhat, i suppose |
| 104 |
that it uses redhat with more less the default configuration, that tries to |
| 105 |
read your public key on your user home in the server (~/.ssh/authorized_users |
| 106 |
or ~/.ssh/authorized_users2). and openssh knows where to look at. even when |
| 107 |
the home of the user isn't the default which is your case, right? |
| 108 |
|
| 109 |
hope it helps, |
| 110 |
.m |
| 111 |
-- |
| 112 |
gentoo-user@g.o mailing list |
Archives