Failure connecting to OpenSSH server from SSH2 (ssh.com) client using public/private keys - SSH

This is a discussion on Failure connecting to OpenSSH server from SSH2 (ssh.com) client using public/private keys - SSH ; Hi All- I'm attempting to connect to a server running OpenSSH using public/ private keys from a client running SSH2. This is how I set up my keys. On Client machine: > executed ssh-keygen2 which generated d_dsa_2048_a and d_dsa_2048_a.pub with ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Failure connecting to OpenSSH server from SSH2 (ssh.com) client using public/private keys

  1. Failure connecting to OpenSSH server from SSH2 (ssh.com) client using public/private keys

    Hi All-

    I'm attempting to connect to a server running OpenSSH using public/
    private keys from a client running SSH2.

    This is how I set up my keys.

    On Client machine:
    > executed ssh-keygen2 which generated d_dsa_2048_a and d_dsa_2048_a.pub with permissions 0644
    > created ~/.ssh2/identification file with permissions 0600
    > Inserted 'IdKey id_dsa_2048_a' into identification file
    > scp'ed d_dsa_2048_a.pub to ~/.ssh directory on server machine


    On OpenSSH server machine:
    > need to convert to openssh compatible key - executed ssh-keygen -f d_dsa_2048_a.pub -i > imported_pub_key
    > appended converted key to authorized_keys file - cat imported_pub_key >> authorized_keys


    When I attempt to ssh from client to server in verbose mode, I get the
    following :
    -----------------------------
    debug: SshConfig/sshconfig.c:3130/ssh_config_read_file_ext: Read 0
    params from config file.
    debug: Ssh2/ssh2.c:1707/main: User config file not found, using
    defaults. (Looked for '/ublocal/home/ccampise/.ssh2/ssh2_config')
    debug: Connecting to 141.254.1.60, port 22... (SOCKS not used)
    debug: Ssh2Transport/trcommon.c:3676/ssh_tr_create: My version:
    SSH-1.99-3.2.9.1 SSH Secure Shell (non-commercial)
    debug: client supports 3 auth methods: 'publickey,keyboard-
    interactive,password'
    debug: Ssh2Common/sshcommon.c:537/ssh_common_wrap: local ip =
    128.205.5.17, local port = 45315
    debug: Ssh2Common/sshcommon.c:539/ssh_common_wrap: remote ip =
    141.254.1.60, remote port = 22
    debug: SshConnection/sshconn.c:1945/ssh_conn_wrap: Wrapping...
    debug: SshReadLine/sshreadline.c:2427/ssh_readline_eloop_initialize:
    Initializing ReadLine...
    debug: Remote version: SSH-1.99-OpenSSH_3.1p1
    debug: OpenSSH: Major: 3 Minor: 1 Revision: 0
    debug: Ssh2Transport/trcommon.c:973/ssh_tr_input_version: All versions
    of OpenSSH handle kex guesses incorrectly.
    debug: Ssh2Transport/trcommon.c:1367/ssh_tr_negotiate: lang s to c:
    `', lang c to s: `'
    debug: Ssh2Transport/trcommon.c:1433/ssh_tr_negotiate: c_to_s: cipher
    aes128-cbc, mac hmac-sha1, compression none
    debug: Ssh2Transport/trcommon.c:1436/ssh_tr_negotiate: s_to_c: cipher
    aes128-cbc, mac hmac-sha1, compression none
    debug: Remote host key found from database.
    debug: Ssh2Common/sshcommon.c:332/ssh_common_special: Received
    SSH_CROSS_STARTUP packet from connection protocol.
    debug: Ssh2Common/sshcommon.c:382/ssh_common_special: Received
    SSH_CROSS_ALGORITHMS packet from connection protocol.
    debug: server offers auth methods 'publickey,password,keyboard-
    interactive'.
    debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1800/
    ssh_client_auth_pubkey: Starting pubkey auth...
    debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1757/
    ssh_client_auth_pubkey_agent_open_complete: Agent is not running.
    debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1555/
    ssh_client_auth_pubkey_agent_list_complete: Got 0 keys from the agent.
    debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1672/
    ssh_client_auth_pubkey_add_file_keys: adding keyfile "/ublocal/home/
    ccampise/.ssh2/id_dsa_2048_a" to candidates
    debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1535/
    ssh_client_auth_pubkey_add_candidates: Trying 1 key candidates.
    debug: server offers auth methods 'publickey,password,keyboard-
    interactive'.
    debug: Ssh2AuthPubKeyClient/authc-pubkey.c:989/
    ssh_client_auth_pubkey_try_this_candidate: All keys declined by
    server, disabling method.
    debug: Ssh2AuthClient/sshauthc.c:319/ssh_authc_completion_proc: Method
    'publickey' disabled.
    debug: server offers auth methods 'publickey,password,keyboard-
    interactive'.
    debug: Ssh2AuthKbdInteractiveClient/authc-kbd-interactive.c:342/
    ssh_client_auth_kbd_interact: Starting kbd-int auth...
    debug: server offers auth methods 'publickey,password,keyboard-
    interactive'.
    debug: Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd:
    Starting password auth...
    --------------

    I was questioning whether the server was running OpenSSH protocol 1 or
    2 So, I telneted to the server and it spit out :

    Escape character is '^]'.
    SSH-1.99-OpenSSH_3.1p1
    ^]

    Which leads me to believe they're running protocol 1.

    So, I regenerated my keys on the client using ssh-keygen instead of
    previously used ssh-keygen2 and repeated the above steps and re-
    attempted to login to the server. I got the EXACT same verbose output
    as before. Unfortunately the sysadmin I'm dealing with on this system
    doesn't seem to know much about what I'm seeing here.

    Is the server setup correctly, or is there something amiss with the
    ssh-agent judging by the message being spit out? Or is it something
    of my doing on the key-generation end?

    Any help or suggestions would be greatly appreciated.

    Thanks in advance!

    -Chris


  2. Re: Failure connecting to OpenSSH server from SSH2 (ssh.com) client using public/private keys


    > Hi All-
    > I'm attempting to connect to a server running OpenSSH using public/
    > private keys from a client running SSH2.
    >
    > This is how I set up my keys.
    >
    > On Client machine:
    > > executed ssh-keygen2 which generated d_dsa_2048_a and d_dsa_2048_a.pub with permissions 0644
    > > created ~/.ssh2/identification file with permissions 0600
    > > Inserted 'IdKey id_dsa_2048_a' into identification file
    > > scp'ed d_dsa_2048_a.pub to ~/.ssh directory on server machine

    >
    > On OpenSSH server machine:
    > > need to convert to openssh compatible key - executed ssh-keygen -f d_dsa_2048_a.pub -i > imported_pub_key
    > > appended converted key to authorized_keys file - cat imported_pub_key >> authorized_keys


    This all looks right.

    > When I attempt to ssh from client to server in verbose mode, I get the
    > following :
    > -----------------------------
    > debug: SshConfig/sshconfig.c:3130/ssh_config_read_file_ext: Read 0
    > params from config file.
    > debug: Ssh2/ssh2.c:1707/main: User config file not found, using
    > defaults. (Looked for '/ublocal/home/ccampise/.ssh2/ssh2_config')
    > debug: Connecting to 141.254.1.60, port 22... (SOCKS not used)
    > debug: Ssh2Transport/trcommon.c:3676/ssh_tr_create: My version:
    > SSH-1.99-3.2.9.1 SSH Secure Shell (non-commercial)
    > debug: client supports 3 auth methods: 'publickey,keyboard-
    > interactive,password'
    > debug: Ssh2Common/sshcommon.c:537/ssh_common_wrap: local ip =
    > 128.205.5.17, local port = 45315
    > debug: Ssh2Common/sshcommon.c:539/ssh_common_wrap: remote ip =
    > 141.254.1.60, remote port = 22
    > debug: SshConnection/sshconn.c:1945/ssh_conn_wrap: Wrapping...
    > debug: SshReadLine/sshreadline.c:2427/ssh_readline_eloop_initialize:
    > Initializing ReadLine...
    > debug: Remote version: SSH-1.99-OpenSSH_3.1p1
    > debug: OpenSSH: Major: 3 Minor: 1 Revision: 0
    > debug: Ssh2Transport/trcommon.c:973/ssh_tr_input_version: All versions
    > of OpenSSH handle kex guesses incorrectly.
    > debug: Ssh2Transport/trcommon.c:1367/ssh_tr_negotiate: lang s to c:
    > `', lang c to s: `'
    > debug: Ssh2Transport/trcommon.c:1433/ssh_tr_negotiate: c_to_s: cipher
    > aes128-cbc, mac hmac-sha1, compression none
    > debug: Ssh2Transport/trcommon.c:1436/ssh_tr_negotiate: s_to_c: cipher
    > aes128-cbc, mac hmac-sha1, compression none
    > debug: Remote host key found from database.
    > debug: Ssh2Common/sshcommon.c:332/ssh_common_special: Received
    > SSH_CROSS_STARTUP packet from connection protocol.
    > debug: Ssh2Common/sshcommon.c:382/ssh_common_special: Received
    > SSH_CROSS_ALGORITHMS packet from connection protocol.
    > debug: server offers auth methods 'publickey,password,keyboard-
    > interactive'.
    > debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1800/
    > ssh_client_auth_pubkey: Starting pubkey auth...
    > debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1757/
    > ssh_client_auth_pubkey_agent_open_complete: Agent is not running.
    > debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1555/
    > ssh_client_auth_pubkey_agent_list_complete: Got 0 keys from the agent.
    > debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1672/
    > ssh_client_auth_pubkey_add_file_keys: adding keyfile "/ublocal/home/
    > ccampise/.ssh2/id_dsa_2048_a" to candidates
    > debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1535/
    > ssh_client_auth_pubkey_add_candidates: Trying 1 key candidates.
    > debug: server offers auth methods 'publickey,password,keyboard-
    > interactive'.
    > debug: Ssh2AuthPubKeyClient/authc-pubkey.c:989/
    > ssh_client_auth_pubkey_try_this_candidate: All keys declined by
    > server, disabling method.


    This shows that they engaged in publickey authentication; the server
    simply didn't accept any of the keys you offered.

    > debug: Ssh2AuthClient/sshauthc.c:319/ssh_authc_completion_proc: Method
    > 'publickey' disabled.
    > debug: server offers auth methods 'publickey,password,keyboard-
    > interactive'.
    > debug: Ssh2AuthKbdInteractiveClient/authc-kbd-interactive.c:342/
    > ssh_client_auth_kbd_interact: Starting kbd-int auth...
    > debug: server offers auth methods 'publickey,password,keyboard-
    > interactive'.
    > debug: Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd:
    > Starting password auth...
    > --------------
    >
    > I was questioning whether the server was running OpenSSH protocol 1 or
    > 2 So, I telneted to the server and it spit out :
    >
    > Escape character is '^]'.
    > SSH-1.99-OpenSSH_3.1p1
    > ^]
    >
    > Which leads me to believe they're running protocol 1.


    No; the trace above shows you're using protocol 2. "1.99" means that it
    supports both.

    > So, I regenerated my keys on the client using ssh-keygen instead of
    > previously used ssh-keygen2


    The last time I checked, the Tectia installation symlinks "ssh-keygen" to
    "ssh-keygen2", so this was no-op.

    > and repeated the above steps and re-
    > attempted to login to the server. I got the EXACT same verbose output
    > as before. Unfortunately the sysadmin I'm dealing with on this system
    > doesn't seem to know much about what I'm seeing here.
    >
    > Is the server setup correctly, or is there something amiss with the
    > ssh-agent judging by the message being spit out? Or is it something
    > of my doing on the key-generation end?


    It's not the agent; the server isn't happy with the key for some reason.
    First, take a look through here and see if anything helps:

    http://www.snailbook.com/faq/publick...auth.auto.html

    --
    Richard Silverman
    res@qoxp.net


+ Reply to Thread