Re: [mdk-re] SSH-2.4.0 <-> OpenSSH_3.1p1

ALT Linux Community general discussions
 help / color / mirror / Atom feed

From: Yura Zotov <yznews@hotbox.ru>
To: ALT Linux Spring mailing list <mandrake-russian@altlinux.ru>
Cc: "Dmitry V. Levin" <ldv@alt-linux.org>
Subject: Re: [mdk-re] SSH-2.4.0 <-> OpenSSH_3.1p1
Date: Wed Apr  3 18:08:35 2002
Message-ID: <20020403141025.GA20065@home-pool4-112.com2com.ru> (raw)
In-Reply-To: <20020403110445.GA6893@ldv.office.alt-linux.org>

On Wed, Apr 03, 2002 at 03:04:45PM +0400, Dmitry V. Levin wrote:
> On Wed, Apr 03, 2002 at 01:28:17PM +0400, Yura Zotov wrote:
> > При соединении с SSH-2.4.0 на OpenSSH не проходит авторизация по
> > ключу. С OpenSSH на OpenSSH с этим же ключом, авторизация
> > срабатывает. Вот только OpenSSH не может расшифровать ключ по
> > паролю, сгенерированный на SSH-2.4.0.
> 
> На чем основано это утверждение?
> Что делает openssh-сервер при попытке авторизации по этому ключу?
> Находит ли он нужный ключ?
> 
> 

Точно сказать не могу, я в этом плоховато пока разбираюсь. Внизу
логи OpenSSH->OpenSSH с ключом от SSH-2.4.0. После трехкратного
введения пароля клиент отваливается, потому что думает, что
пароль неправильный. Опять же с SSH-2.4.0 на OpenSSH клиент даже
не спрашивает пароля.

Вот лог клиента:

$ ssh -v -i id_dsa_1024_a lena@vezyolka
OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f
debug1: Reading configuration data /home/yura/.ssh/config
debug1: Reading configuration data /etc/openssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not
be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 501 geteuid 501 anon 1
debug1: Connecting to vezyolka [192.168.165.3] port 22.
debug1: temporarily_use_uid: 501/501 (e=501)
debug1: restore_uid
debug1: temporarily_use_uid: 501/501 (e=501)
debug1: restore_uid
debug1: Connection established.
debug1: identity file id_dsa_1024_a type -1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client blowfish-cbc hmac-md5 none
debug1: kex: client->server blowfish-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 127/256
debug1: bits set: 1612/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'vezyolka' is known and matches the RSA host key.
debug1: Found key in /home/yura/.ssh/known_hosts2:10
debug1: bits set: 1626/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey
debug1: next auth method to try is publickey
debug1: try privkey: id_dsa_1024_a
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key 'id_dsa_1024_a':
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key 'id_dsa_1024_a':
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key 'id_dsa_1024_a':
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: no more auth methods to try
Permission denied (publickey).
debug1: Calling cleanup 0x80637c0(0x0)

Вот лог сервера.

# /usr/sbin/sshd -d
debug1: sshd version OpenSSH_3.1p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Server will not fork when running in debugging mode.
Connection from 192.168.165.3 port 41837
debug1: Client protocol version 2.0; client software version
OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.1p1
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server blowfish-cbc hmac-md5 none
debug1: kex: server->client blowfish-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 142/256
debug1: bits set: 1626/3191
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 1612/3191
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user lena service ssh-connection
method none
debug1: attempt 0 failures 0
debug1: Starting up PAM with username "lena"
debug1: PAM setting rhost to "vezyolka.home"
Failed none for lena from 192.168.165.3 port 41837 ssh2
Connection closed by 192.168.165.3
debug1: Calling cleanup 0x8052570(0x0)
debug1: Calling cleanup 0x8067c00(0x0)

--
Юрий А. Зотов

next prev parent reply	other threads:[~2002-04-03 18:08 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-04-03 13:33 Yura Zotov
2002-04-03 15:18 ` Dmitry V. Levin
2002-04-03 18:08   ` Yura Zotov [this message]
2002-04-03 18:41     ` Yura Zotov
2002-04-03 19:15     ` Dmitry V. Levin
2002-04-04  8:30       ` Yura Zotov
2002-04-04 12:04         ` Dmitry V. Levin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20020403141025.GA20065@home-pool4-112.com2com.ru \
    --to=yznews@hotbox.ru \
    --cc=ldv@alt-linux.org \
    --cc=mandrake-russian@altlinux.ru \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

ALT Linux Community general discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
		mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
	public-inbox-index community

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.community


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git