RE: Cygwin sshd public key authentication failure

<sigh>. Yeah, that's actually what I did on my RedHat box to make the keys,
and my default file format on the Cygwin side is set to unix. I also
checked the file format with the 'od' command, and it checked out just fine.

What about the permissions on your dirs and file?

Greg

-----Original Message-----
From: David.A.Barr@Medstar.net [mailto:David.A.Barr@Medstar.net]
Sent: Thursday, January 23, 2003 1:19 PM
To: Greg Paik
Subject: RE: Cygwin sshd public key authentication failure

I used "ssh-keygen -t rsa" on a remote host and copied the remote
id_rsa.pub file to my authorized keys with Unix line terminators.

The line terminator character probably depends on what you selected when
you did your initial Cygwin install. When I run Cygwin setup.exe, my
"default text file type" is currently set to "unix".

bash-2.05b$ cd .ssh
bash-2.05b$ ls -al
total 25
drwx------+ 2 DABD DABD 4096 Jan 23 16:02 .
drwxrwxrwx+ 9 DABD DABD 8192 Jan 23 16:09 ..
-rw-r--r-- 1 DABD DABD 226 Jan 23 13:09 authorized_keys
-rw------- 1 DABD DABD 951 Jan 17 12:26 dabd
-rw-r--r-- 1 DABD DABD 223 Jan 17 12:26 dabd.pub
-rw------- 1 DABD DABD 736 Dec 23 10:32 id_dsa
-rw-r--r-- 1 DABD DABD 603 Dec 23 10:32 id_dsa.pub
----------+ 1 Administ DABD 951 Jan 17 12:21 id_rsa
----------+ 1 Administ DABD 873 Jan 17 12:22 id_rsa.PPK
-rw-r--r-- 1 DABD DABD 907 Jan 23 16:02 known_hosts
bash-2.05b$ ls -ld /home/dabd
drwxrwxrwx+ 9 DABD DABD 8192 Jan 23 16:09 /home/dabd

Greg Paik <gpaik%smithandhawken.com@internet.mhg.edu>
01/23/2003 04:02 PM

 
        To: "'David.A.Barr@Medstar.net'" <David.A.Barr@Medstar.net>,
Greg Paik
<gpaik%smithandhawken.com@internet.mhg.edu>
        cc: "'ssh-l@erdelynet.com'"
<ssh-l%erdelynet.com@internet.mhg.edu>,
"'secureshell@securityfocus.com'"
<secureshell%securityfocus.com@internet.mhg.edu>
        Subject: RE: Cygwin sshd public key authentication failure

Hmmm... comparing the two outputs, it looks like there is a problem with
sshd successfully finding the matching key in the authorized_keys file.
How
did you create the keys (e.g.- "ssh-user-config"), and place the pub key
in
the authorized_keys file (i.e.- "cat x.pub >> authorized_keys")? Also, is
the file in PC or UNIX format (i.e.- '\n' at the end of the line or
'\r\n')?
What is the permission you have on the following directories and file:
/home/dabd, /home/dabd/.ssh, and /home/dabd/.ssh/authorized_keys? And who
is the group owner of said directories and file - SYSTEM?

I used ssh-user-config, cat'd the output of the pub file into
authorized_keys, and created the file as a UNIX file format.

Thanks in advance!

Greg

-----Original Message-----
From: David.A.Barr@Medstar.net [mailto:David.A.Barr@Medstar.net]
Sent: Thursday, January 23, 2003 12:04 PM
To: Greg Paik
Subject: RE: Cygwin sshd public key authentication failure

Here's the output of my sshd when I do a successful login, if that is of
any help:

debug1: userauth-request for user dabd service ssh-connection method
publickey
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 20
debug3: monitor_read: checking request 20
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x101027f8
debug1: temporarily_use_uid: 33889/10513 (e=33889/10513)
debug1: trying public key file /home/dabd/.ssh/authorized_keys
debug1: matching key found: file /home/dabd/.ssh/authorized_keys, line 1
Found matching RSA key: ad:a4:de:a0:5b:01:b6:a2:e6:50:47:15:d2:f3:d4:19
debug1: restore_uid: (unprivileged)
debug3: mm_answer_keyallowed: key 0x101027f8 is allowed
debug3: mm_request_send entering: type 21
debug3: mm_request_receive entering
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 21
debug3: mm_request_receive entering
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
Postponed publickey for dabd from 198.50.69.14 port 51883 ssh2

Greg Paik <gpaik%smithandhawken.com@internet.mhg.edu>
01/23/2003 02:37 PM

 
        To: "'David.A.Barr@Medstar.net'" <David.A.Barr@Medstar.net>,
Greg Paik
<gpaik%smithandhawken.com@internet.mhg.edu>
        cc: "'ssh-l@erdelynet.com'"
<ssh-l%erdelynet.com@internet.mhg.edu>,
"'secureshell@securityfocus.com'"
<secureshell%securityfocus.com@internet.mhg.edu>
        Subject: RE: Cygwin sshd public key authentication failure

Actually, that is the server output with sshd and the "-ddd" options. I've
set the Cygwin mode to "ntsec tty", and the partition is NTFS.

Any other ideas?

Greg

-----Original Message-----
From: David.A.Barr@Medstar.net [mailto:David.A.Barr@Medstar.net]
Sent: Thursday, January 23, 2003 8:21 AM
To: Greg Paik
Subject: Re: Cygwin sshd public key authentication failure

It looks like you are showing the client debug output, but it would be
more useful to look at the server debug output. Try running sshd with the

"-d" argument. You can run it from the command line rather than with
cygrunsrv.

I assume you've checked your CYGWIN variable to make sure it contains
ntsec or ntea.

Greg Paik <gpaik%smithandhawken.com@internet.mhg.edu>
01/20/2003 02:51 PM

 
        To: "'ssh-l@erdelynet.com'"
<ssh-l%erdelynet.com@internet.mhg.edu>
        cc: "'secureshell@securityfocus.com'"
<secureshell%securityfocus.com@internet.mhg.edu>
        Subject: Cygwin sshd public key authentication failure

Wondering if anyone can help me with this problem. I am trying to setup
Cygwin DLL 1.3.18-1 release and OpenSSH 3.5p1 on a system running Windows
NT4 SP4 to accept public key authentication from a Redhat 7.1 box using
OpenSSH 3.4p1. I am able to setup the auth from the NT box to the Redhat
system just fine, but keep failing the other way.

I have tried both RSA and DSA key authentication with no success. I have
checked and double checked the permissions on the .ssh directory and the
authorized_keys file below (Note - I have replaced the account name with
"noname"), as well as tried them with 755 and 644 permissions:

drwx------+ 2 noname SYSTEM 4096 Jan 15 11:35 .ssh
-rw------- 1 noname SYSTEM 1451 Jan 15 11:39
authorized_keys2

Below you will find the debugging output from the attempted key exchange:

RSA Key Debug Output
--------------------
debug1: userauth-request for user noname service ssh-connection method
publickey
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method publickey
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 20
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 21
debug3: mm_request_receive entering
debug3: monitor_read: checking request 20
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x100f8700
debug1: temporarily_use_uid: 2217/544 (e=18/544)
debug1: trying public key file /home/noname/.ssh/authorized_keys
debug1: restore_uid: (unprivileged)
debug1: temporarily_use_uid: 2217/544 (e=18/544)
debug1: trying public key file /home/noname/.ssh/authorized_keys2
debug1: restore_uid: (unprivileged)
debug3: mm_answer_keyallowed: key 0x100f8700 is disallowed
debug3: mm_request_send entering: type 21
debug3: mm_request_receive entering
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
Failed publickey for noname from 10.0.666.20 port 39342 ssh2

DSA Key Debug Output
--------------------
debug1: userauth-request for user noname service ssh-connection method
publickey
debug1: attempt 2 failures 2
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 20
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 21
debug3: mm_request_receive entering
debug3: monitor_read: checking request 20
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x100f8550
debug1: temporarily_use_uid: 2217/544 (e=18/544)
debug1: trying public key file /home/noname/.ssh/authorized_keys
debug1: restore_uid: (unprivileged)
debug1: temporarily_use_uid: 2217/544 (e=18/544)
debug1: trying public key file /home/noname/.ssh/authorized_keys2
debug1: restore_uid: (unprivileged)
debug3: mm_answer_keyallowed: key 0x100f8550 is disallowed
debug3: mm_request_send entering: type 21
debug3: mm_request_receive entering
debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss
Failed publickey for noname from 10.0.666.20 port 39342 ssh2

I have looked through every possible link on the net and the newsgroups
but
find no answer to my problem. I did find a reference on a webpage that
stated there was some issue with using public key authentication from a
RedHat box to an NT box, but no answer as to why or how to solve it.

Thanks in advance,

Greg

--
List Information: http://tech.erdelynet.com/mailman/listinfo/ssh-l/
List Archives:    http://erdelynet.com/archive/ssh-l/
To Unsubscribe: Go to http://tech.erdelynet.com/mailman/listinfo/ssh-l/ and enter your email address at the bottom to "Edit Options". If you don't know your password, have it emailed to you. Then unsubscribe.