Changed public/private key, but can still login - SSH

This is a discussion on Changed public/private key, but can still login - SSH ; Hello, I have two debian Linux computers, server Nimrod and Marcus. I want to be abe to login from Marcus to Nimrod using ssh with publickey authentification. This works fine, I created an key-pair with ssh-keygen, and stored the public ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Changed public/private key, but can still login

  1. Changed public/private key, but can still login

    Hello,

    I have two debian Linux computers, server Nimrod and Marcus.

    I want to be abe to login from Marcus to Nimrod using ssh with
    publickey authentification.
    This works fine, I created an key-pair with ssh-keygen, and stored the
    public key in $HOME/.ssh/authorized_keys on Nimrod.

    With ssh I was able to login from Marcus to Nimrod without giving an
    password. As a test, I deleted the key-files in $HOME/.ssh on Marucs.
    The expected behaviour is that Nimrod then refuse the login, because
    Marcus cannot decrypt the challenge with a correct private key. The
    behaviour I got is that I still can login on Nimrod. Also when I
    generate a new key-pair, and not update the public key on Nimrod, I
    still can login.

    The output of ssh on Marcus is below:

    OpenSSH_3.8.1p1 Debian-8.sarge.4, OpenSSL 0.9.7e 25 Oct 2004
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Connecting to 192.168.0.32 [192.168.0.32] port 22.
    debug1: Connection established.
    debug1: identity file /home/rene/.ssh/identity type -1
    debug1: identity file /home/rene/.ssh/id_rsa type -1
    debug1: identity file /home/rene/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version
    OpenSSH_3.8.1p1 Debian-8.sarge.4
    debug1: match: OpenSSH_3.8.1p1 Debian-8.sarge.4 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.4
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host '192.168.0.32' is known and matches the RSA host key.
    debug1: Found key in /home/rene/.ssh/known_hosts:1
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue:
    publickey,keyboard-interactive
    debug1: Next authentication method: publickey
    debug1: Offering public key:
    debug1: Server accepts key: pkalg ssh-dss blen 434
    debug1: Authentication succeeded (publickey).
    debug1: channel 0: new [client-session]
    debug1: Entering interactive session.
    Linux NIMROD 2.4.27-2-386 #1 Wed Aug 17 09:33:35 UTC 2005 i686
    GNU/Linux


    The strange thing I see is this:
    debug1: Offering public key:

    Why is this line empty?


  2. Re: Changed public/private key, but can still login


    > With ssh I was able to login from Marcus to Nimrod without giving an
    > password. As a test, I deleted the key-files in $HOME/.ssh on Marucs.
    > The expected behaviour is that Nimrod then refuse the login, because
    > Marcus cannot decrypt the challenge with a correct private key. The
    > behaviour I got is that I still can login on Nimrod. Also when I
    > generate a new key-pair, and not update the public key on Nimrod, I
    > still can login.


    Do you perhaps have an agent running in which you've already loaded the
    private key? Try: (unset SSH_AUTH_SOCK; ssh -v nimrod).

  3. Re: Changed public/private key, but can still login


    Richard E. Silverman schreef:

    > > With ssh I was able to login from Marcus to Nimrod without giving an
    > > password. As a test, I deleted the key-files in $HOME/.ssh on Marucs.
    > > The expected behaviour is that Nimrod then refuse the login, because
    > > Marcus cannot decrypt the challenge with a correct private key. The
    > > behaviour I got is that I still can login on Nimrod. Also when I
    > > generate a new key-pair, and not update the public key on Nimrod, I
    > > still can login.

    >
    > Do you perhaps have an agent running in which you've already loaded the
    > private key? Try: (unset SSH_AUTH_SOCK; ssh -v nimrod).


    Thanks for pointing me too the correct direction. I had indeed an
    ssh-agent running on my behalf. He was doing his job very well. :-)

    Thnx


+ Reply to Thread