[prev in list] [next in list] [prev in thread] [next in thread]
List: secure-shell
Subject: Re: 3.7.1p2 client ignores rsa2 public key authentication on HPUX
From: Darren Tucker <dtucker () zip ! com ! au>
Date: 2004-02-27 1:00:13
Message-ID: 403E969D.6040900 () zip ! com ! au
[Download RAW message or body]
uxadm (pk) wrote:
> Darren Tucker wrote:
>
>>> Thanks for your answer but unfortunately it did not solve the problem.
>>> I still can only get publickey authentication using an rsa1 key pair
>>> whereas rsa2 or dsa key pairs are simply ignored.
>>> It seems 3.7 is not recognizing rsa2 features properly. I have heard
>>> from some HP guys that they turned back to 3.6
>>>
>>> > debug1: identity file /home/peterk/.ssh/id_rsa type -1
>>> ^^^^^^^
>>> Where can I find information what the type meanings are?
>>
>> Read the source :-)
>>
>> In this case, type = -1 means that the file was not recognised as a
>> public key. What were the debug lines preceding that one? They'll be
>> from key_load_public and friends.
>
> In fact I did look into the source but I could not find a detailed
> description of the type meanings.
They're defined in key.h:
enum types {
KEY_RSA1,
KEY_RSA,
KEY_DSA,
KEY_UNSPEC
};
debug1: identity file /home/peterk/.ssh/id_rsa type -1
[...]
debug1: identity file /home/peterk/.ssh/id_dsa type -1
Are those valid public keys? Try reading them with the openssl command, eg:
$ openssl rsa -in $HOME/.ssh/id_rsa -noout
$ openssl dsa -in $HOME/.ssh/id_dsa -noout
Note: if you omit the -noout, *DO NOT* post the output.
> When I use the same key pair from Linux I do also get a type -1 output
> but the key authenticates without problems, so the meaning must be
> somewhat different. See below for a more detailed debug output
[...]
> And here's what it says on Linux
> debug1: Connection established.
> debug1: identity file /home/peterk/.ssh/identity type -1
> debug1: identity file /home/peterk/.ssh/id_rsa type -1
> debug1: identity file /home/peterk/.ssh/id_dsa type -1
And the authentication succeeds? That's odd. Here's what I get on
Linux (RH9, OpenSSH 3.8p1):
debug1: identity file /home/dtucker/.ssh/identity type 0
debug1: identity file /home/dtucker/.ssh/id_rsa type 1
debug1: identity file /home/dtucker/.ssh/id_dsa type 2
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic