[prev in list] [next in list] [prev in thread] [next in thread] 

List:       secure-shell
Subject:    Re: 3.7.1p2 client ignores rsa2 public key authentication on HPUX
From:       Darren Tucker <dtucker () zip ! com ! au>
Date:       2004-02-27 1:00:13
Message-ID: 403E969D.6040900 () zip ! com ! au
[Download RAW message or body]

uxadm (pk) wrote:
> Darren Tucker wrote:
> 
>>> Thanks for your answer but unfortunately it did not solve the problem.
>>> I still can only get publickey authentication using an rsa1 key pair 
>>> whereas rsa2 or dsa key pairs are simply ignored.
>>> It seems 3.7 is not recognizing rsa2 features properly. I have heard 
>>> from some HP guys that they turned back to 3.6
>>>
>>>  > debug1: identity file /home/peterk/.ssh/id_rsa type -1 
>>>                                                 ^^^^^^^
>>>      Where can I find information what the type meanings are?
 >>
>> Read the source :-)
>>
>> In this case, type = -1 means that the file was not recognised as a 
>> public key.  What were the debug lines preceding that one?  They'll be 
>> from key_load_public and friends.
> 
> In fact I did look into the source but I could not find a detailed 
> description of the type meanings.

They're defined in key.h:

enum types {
         KEY_RSA1,
         KEY_RSA,
         KEY_DSA,
         KEY_UNSPEC
};

debug1: identity file /home/peterk/.ssh/id_rsa type -1
[...]
debug1: identity file /home/peterk/.ssh/id_dsa type -1

Are those valid public keys?  Try reading them with the openssl command, eg:
$ openssl rsa -in $HOME/.ssh/id_rsa -noout
$ openssl dsa -in $HOME/.ssh/id_dsa -noout

Note: if you omit the -noout, *DO NOT* post the output.

> When I use the same key pair from Linux I do also get a type -1 output 
> but the key authenticates without problems, so the meaning must be 
> somewhat different. See below for a more detailed debug output
[...]

> And here's what it says on Linux
> debug1: Connection established.
> debug1: identity file /home/peterk/.ssh/identity type -1
> debug1: identity file /home/peterk/.ssh/id_rsa type -1
> debug1: identity file /home/peterk/.ssh/id_dsa type -1

And the authentication succeeds?  That's odd.  Here's what I get on 
Linux (RH9, OpenSSH 3.8p1):
debug1: identity file /home/dtucker/.ssh/identity type 0
debug1: identity file /home/dtucker/.ssh/id_rsa type 1
debug1: identity file /home/dtucker/.ssh/id_dsa type 2

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
[prev in list] [next in list] [prev in thread] [next in thread]