This discussion is archived
0 Replies Latest reply: Feb 17, 2013 8:27 PM by 984266 RSS

key exchange in open ssh

984266 Newbie
Currently Being Moderated
Hi all,

Question 1:

it is a hard time for me for the SSH key exchange, I am using f-secure ssh rsit and tectia ssh before and I need to switch back to open ssh.

Requirement: user1@local ssh to user2@remote

please correct me if I am wrong:

In remote server
====================
(Lines required in /etc/sshd_config):

root@remote $ grep -i aut sshd_config |grep -v ^#
SyslogFacility auth
MaxAuthTries 6
MaxAuthTriesLog 3
PasswordAuthentication yes
PAMAuthenticationViaKBDInt yes
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
root@remote $


root@remote $ su - user2
user2@remote $ cd .ssh
user2@remote $ ls -lrt
total 4
-rw-r--r-- 1 user2 user 230 May 28 2012 known_hosts
-rwxr--r-- 1 user2 user 222 Feb 18 11:18 autorized_keys
user2@remote $ cat autorized_keys
ssh-rsa *******************
***********************
******************** user1@local
user2@remote $
(the above is the RSA key is from user1@lcoal)
======================

In Local server
======================
user1@loacl $ ls -lrt
total 14
-rw-r--r-- 1 user1 user 223 Feb 18 10:47 known_hosts
-rw------- 1 user1 user 887 Feb 18 11:09 id_rsa
-rw-r--r-- 1 user1 user 222 Feb 18 11:09 id_rsa.pub
-rw-r--r-- 1 user1 user 13 Feb 18 11:21 identification
-rw------- 1 user1 user 887 Feb 18 11:30 identity
user1@local $ cat identification
idKey id_rsa
user1@local $ cat identity
-----BEGIN RSA PRIVATE KEY-----
XXXX
XXXXX
XXXX
XXXX
-----END RSA PRIVATE KEY-----
user1@local $
======================


It can't ssh using public key:
user1@local $ ssh -v user2@192.168.2.142
Sun_SSH_1.1.4, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to 192.168.2.142 [192.168.2.142] port 22.
debug1: Connection established.
debug1: identity file /export/home/user1/.ssh/identity type -1
debug1: identity file /export/home/user1/.ssh/id_rsa type 1
debug1: identity file /export/home/user1/.ssh/id_dsa type -1
debug1: Logging to host: 192.168.2.142
debug1: Local user: user1 Remote user: user2
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.4
debug1: match: Sun_SSH_1.1.4 pat Sun_SSH_1.1.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1.4
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetr ic ciphers
debug1: pkcs11 engine initialization complete
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: Peer sent proposed langtags, ctos: af-ZA,ar-EG,ar-SA,bg-BG,bn-IN,ca-ES,cs-CZ,d a-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,en-CA,en-GB,en-IE,en-IN,en-MT,en-NZ, en-SG,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-PE ,es-PY,es-SV,es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,gu-IN,he-IL,hi-I N,hr-HR,hu-HU,id-ID,is-IS,it,it-IT,ja-JP,kk-KZ,kn-IN,ko,ko-KR,lt-LT,lv-LV,mk-MK,mr-IN, ms-MY,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-SK,sl -SI,sq-AL,sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,uk-UA,zh,zh-CN,zh-HK,zh-SG,zh-TW,ar,c a,cz,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,no-NY,nr,pt,sr-SP,sr-YU,th,tr,i-default
debug1: Peer sent proposed langtags, stoc: af-ZA,ar-EG,ar-SA,bg-BG,bn-IN,ca-ES,cs-CZ,d a-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,en-CA,en-GB,en-IE,en-IN,en-MT,en-NZ, en-SG,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-PE ,es-PY,es-SV,es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,gu-IN,he-IL,hi-I N,hr-HR,hu-HU,id-ID,is-IS,it,it-IT,ja-JP,kk-KZ,kn-IN,ko,ko-KR,lt-LT,lv-LV,mk-MK,mr-IN, ms-MY,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-SK,sl -SI,sq-AL,sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,uk-UA,zh,zh-CN,zh-HK,zh-SG,zh-TW,ar,c a,cz,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,no-NY,nr,pt,sr-SP,sr-YU,th,tr,i-default
debug1: We proposed langtags, ctos: i-default
debug1: We proposed langtags, stoc: i-default
debug1: Negotiated lang: i-default
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: C
debug1: Remote: Negotiated messages locale: C
debug1: dh_gen_key: priv key bits set: 126/256
debug1: bits set: 1562/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.2.142' is known and matches the RSA host key.
debug1: Found key in /export/home/user1/.ssh/known_hosts:1
debug1: bits set: 1598/3191
debug1: ssh_rsa_verify: signature correct
debug1: newkeys: mode 1
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: got SSH2_MSG_SERVICE_ACCEPT


<<MOTD>>
|-----------------------------------------------------------------|

debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: Next authentication method: gssapi-with-mic
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: Next authentication method: publickey
debug1: Trying private key: /export/home/user1/.ssh/identity
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Trying public key: /export/home/user1/.ssh/id_rsa
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Trying private key: /export/home/user1/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive
Password:
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive).
debug1: Calling cleanup 0x34d88(0x0)
user1@local $


please help!!!

Question 2:
=========
One more question, in f-secure ssh rsit and tectia ssh, we can make use of authrization file and identification file to have a mulitple key, since open ssh is not using these 2 files, how we manage?

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points