RE: Cygwin sshd public key authentication failure

Hmm... just tried using the keys to try and ssh to itself and it didn't
work. I then generated new keys using ssh-user-config, ran ssh-add, and it
still didn't work.

Otherwise, I believe that sshd doesn't really care, and will use an
authorized_keys2 file as well as just an authorized_keys file with both RSA
and DSS keys. Currently there are both versions in the directory to cover
all the bases.

I have also checked the file format using "od -c" and both auth files are in
UNIX format with the single new-line entry at the end (i.e.- '\n').

Greg

-----Original Message-----
From: Ben Voigt [mailto:bvoigt@kas.com]
Sent: Monday, January 20, 2003 12:53 PM
To: ssh-l@erdelynet.com
Subject: RE: Cygwin sshd public key authentication failure

Do the keys work in loopback?

Make sure you generated the keys from cygwin, so that they are compatible
with the cygwin sshd. Then put them into authorized_keys, as if they were
for use with ssh version 1. cygwin sshd uses authorized_keys (with no 2),
for keys for both ssh versions 1 and 2.

****************************

Ben Voigt
University of Pennsylvania
Electrical Engineering PhD Student

voigt@seas.upenn.edu <mailto:voigt@seas.upenn.edu>
BVoigt@kas.com <mailto:BVoigt@kas.com>

Support a Constitutional Amendment to protect the Pledge of Allegiance and
National Motto.
Click here for more information. <http://www.wepledge.com/>

****************************

-----Original Message-----
From: ssh-l-admin@erdelynet.com [mailto:ssh-l-admin@erdelynet.com]On
Behalf Of Greg Paik
Sent: Monday, January 20, 2003 2:52 PM
To: 'ssh-l@erdelynet.com'
Cc: 'secureshell@securityfocus.com'
Subject: Cygwin sshd public key authentication failure

Wondering if anyone can help me with this problem. I am trying to setup
Cygwin DLL 1.3.18-1 release and OpenSSH 3.5p1 on a system running Windows
NT4 SP4 to accept public key authentication from a Redhat 7.1 box using
OpenSSH 3.4p1. I am able to setup the auth from the NT box to the Redhat
system just fine, but keep failing the other way.

I have tried both RSA and DSA key authentication with no success. I have
checked and double checked the permissions on the .ssh directory and the
authorized_keys file below (Note - I have replaced the account name with
"noname"), as well as tried them with 755 and 644 permissions:

drwx------+ 2 noname SYSTEM 4096 Jan 15 11:35 .ssh
-rw------- 1 noname SYSTEM 1451 Jan 15 11:39 authorized_keys2

Below you will find the debugging output from the attempted key exchange:

RSA Key Debug Output
--------------------
debug1: userauth-request for user noname service ssh-connection method
publickey
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method publickey
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 20
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 21
debug3: mm_request_receive entering
debug3: monitor_read: checking request 20
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x100f8700
debug1: temporarily_use_uid: 2217/544 (e=18/544)
debug1: trying public key file /home/noname/.ssh/authorized_keys
debug1: restore_uid: (unprivileged)
debug1: temporarily_use_uid: 2217/544 (e=18/544)
debug1: trying public key file /home/noname/.ssh/authorized_keys2
debug1: restore_uid: (unprivileged)
debug3: mm_answer_keyallowed: key 0x100f8700 is disallowed
debug3: mm_request_send entering: type 21
debug3: mm_request_receive entering
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
Failed publickey for noname from 10.0.666.20 port 39342 ssh2

DSA Key Debug Output
--------------------
debug1: userauth-request for user noname service ssh-connection method
publickey
debug1: attempt 2 failures 2
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 20
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 21
debug3: mm_request_receive entering
debug3: monitor_read: checking request 20
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x100f8550
debug1: temporarily_use_uid: 2217/544 (e=18/544)
debug1: trying public key file /home/noname/.ssh/authorized_keys
debug1: restore_uid: (unprivileged)
debug1: temporarily_use_uid: 2217/544 (e=18/544)
debug1: trying public key file /home/noname/.ssh/authorized_keys2
debug1: restore_uid: (unprivileged)
debug3: mm_answer_keyallowed: key 0x100f8550 is disallowed
debug3: mm_request_send entering: type 21
debug3: mm_request_receive entering
debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss
Failed publickey for noname from 10.0.666.20 port 39342 ssh2

I have looked through every possible link on the net and the newsgroups but
find no answer to my problem. I did find a reference on a webpage that
stated there was some issue with using public key authentication from a
RedHat box to an NT box, but no answer as to why or how to solve it.

Thanks in advance,

Greg

--
List Information: http://tech.erdelynet.com/mailman/listinfo/ssh-l/
List Archives:    http://erdelynet.com/archive/ssh-l/
To Unsubscribe: Go to http://tech.erdelynet.com/mailman/listinfo/ssh-l/ and
enter your email address at the bottom to "Edit Options". If you don't know
your password, have it emailed to you. Then unsubscribe.
---
{AVG => Incoming mail is certified Virus Free.}
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003
--
List Information: http://tech.erdelynet.com/mailman/listinfo/ssh-l/
List Archives:    http://erdelynet.com/archive/ssh-l/
To Unsubscribe: Go to http://tech.erdelynet.com/mailman/listinfo/ssh-l/ and
enter your email address at the bottom to "Edit Options". If you don't know
your password, have it emailed to you. Then unsubscribe.
--
List Information: http://tech.erdelynet.com/mailman/listinfo/ssh-l/
List Archives:    http://erdelynet.com/archive/ssh-l/
To Unsubscribe: Go to http://tech.erdelynet.com/mailman/listinfo/ssh-l/ and enter your email address at the bottom to "Edit Options". If you don't know your password, have it emailed to you. Then unsubscribe.