From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: From: Yura Zotov To: ALT Linux Spring mailing list Cc: "Dmitry V. Levin" Subject: Re: [mdk-re] SSH-2.4.0 <-> OpenSSH_3.1p1 Message-ID: <20020403141025.GA20065@home-pool4-112.com2com.ru> Mail-Followup-To: ALT Linux Spring mailing list , "Dmitry V. Levin" References: <20020403092817.GA18349@home-pool4-66.com2com.ru> <20020403110445.GA6893@ldv.office.alt-linux.org> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20020403110445.GA6893@ldv.office.alt-linux.org> User-Agent: Mutt/1.3.28i Sender: mandrake-russian-admin@altlinux.ru Errors-To: mandrake-russian-admin@altlinux.ru X-BeenThere: mandrake-russian@altlinux.ru X-Mailman-Version: 2.0 Precedence: bulk Reply-To: mandrake-russian@altlinux.ru List-Help: List-Post: List-Subscribe: , List-Id: Linux-Mandrake RE / ALT Linux discussion list List-Unsubscribe: , List-Archive: Date: Wed Apr 3 18:08:35 2002 X-Original-Date: Wed, 3 Apr 2002 18:10:25 +0400 Archived-At: List-Archive: List-Post: On Wed, Apr 03, 2002 at 03:04:45PM +0400, Dmitry V. Levin wrote: > On Wed, Apr 03, 2002 at 01:28:17PM +0400, Yura Zotov wrote: > > При соединении с SSH-2.4.0 на OpenSSH не проходит авторизация по > > ключу. С OpenSSH на OpenSSH с этим же ключом, авторизация > > срабатывает. Вот только OpenSSH не может расшифровать ключ по > > паролю, сгенерированный на SSH-2.4.0. > > На чем основано это утверждение? > Что делает openssh-сервер при попытке авторизации по этому ключу? > Находит ли он нужный ключ? > > Точно сказать не могу, я в этом плоховато пока разбираюсь. Внизу логи OpenSSH->OpenSSH с ключом от SSH-2.4.0. После трехкратного введения пароля клиент отваливается, потому что думает, что пароль неправильный. Опять же с SSH-2.4.0 на OpenSSH клиент даже не спрашивает пароля. Вот лог клиента: $ ssh -v -i id_dsa_1024_a lena@vezyolka OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f debug1: Reading configuration data /home/yura/.ssh/config debug1: Reading configuration data /etc/openssh/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: restore_uid debug1: ssh_connect: getuid 501 geteuid 501 anon 1 debug1: Connecting to vezyolka [192.168.165.3] port 22. debug1: temporarily_use_uid: 501/501 (e=501) debug1: restore_uid debug1: temporarily_use_uid: 501/501 (e=501) debug1: restore_uid debug1: Connection established. debug1: identity file id_dsa_1024_a type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_3.1p1 debug1: match: OpenSSH_3.1p1 pat OpenSSH* Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.1p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client blowfish-cbc hmac-md5 none debug1: kex: client->server blowfish-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 127/256 debug1: bits set: 1612/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'vezyolka' is known and matches the RSA host key. debug1: Found key in /home/yura/.ssh/known_hosts2:10 debug1: bits set: 1626/3191 debug1: ssh_rsa_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey debug1: next auth method to try is publickey debug1: try privkey: id_dsa_1024_a debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type Enter passphrase for key 'id_dsa_1024_a': debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type Enter passphrase for key 'id_dsa_1024_a': debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type Enter passphrase for key 'id_dsa_1024_a': debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type debug1: no more auth methods to try Permission denied (publickey). debug1: Calling cleanup 0x80637c0(0x0) Вот лог сервера. # /usr/sbin/sshd -d debug1: sshd version OpenSSH_3.1p1 debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: Server will not fork when running in debugging mode. Connection from 192.168.165.3 port 41837 debug1: Client protocol version 2.0; client software version OpenSSH_3.1p1 debug1: match: OpenSSH_3.1p1 pat OpenSSH* Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.1p1 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: client->server blowfish-cbc hmac-md5 none debug1: kex: server->client blowfish-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: dh_gen_key: priv key bits set: 142/256 debug1: bits set: 1626/3191 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 1612/3191 debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user lena service ssh-connection method none debug1: attempt 0 failures 0 debug1: Starting up PAM with username "lena" debug1: PAM setting rhost to "vezyolka.home" Failed none for lena from 192.168.165.3 port 41837 ssh2 Connection closed by 192.168.165.3 debug1: Calling cleanup 0x8052570(0x0) debug1: Calling cleanup 0x8067c00(0x0) -- Юрий А. Зотов