public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed
* Trouble with RSA authentication
@ 2002-10-31  5:45 Marcos Lorenzo
  2002-10-31  5:58 ` Max Bowsher
  0 siblings, 1 reply; 3+ messages in thread
From: Marcos Lorenzo @ 2002-10-31  5:45 UTC (permalink / raw)
  To: cygwin

I finally got sshd working!

But I cannot authenticate via RSA. I made the keygen with ssh-keygen in my
winbox and copied identity.pub to authorized_keys and identity in my
linbox (I have the same files in both machines). I really know how ssh
works in linux, but I have some troubles with RSA in cygwin. Below is the
message that I got:

12:16:21 marcos@laud~ ssh -i .ssh/identity.mozart -vvv mozart.lab  -1
OpenSSH_3.4p1 Debian 1:3.4p1-1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to mozart.lab [163.117.144.225] port 22.
debug1: Connection established.
debug1: identity file .ssh/identity.mozart type 0
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat OpenSSH*
debug1: Local version string SSH-1.5-OpenSSH_3.4p1 Debian 1:3.4p1-1
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug3: check_host_in_hostfile: filename
/users/tec/marcos/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug3: check_host_in_hostfile: filename
/users/tec/marcos/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug3: check_host_in_hostfile: filename
/users/tec/marcos/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 45
debug3: check_host_in_hostfile: filename
/users/tec/marcos/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 44
debug1: Host 'mozart.lab' is known and matches the RSA1 host key.
debug1: Found key in /users/tec/marcos/.ssh/known_hosts:45
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: cipher_init: set keylen (16 -> 32)
debug1: cipher_init: set keylen (16 -> 32)
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying RSA authentication with key '.ssh/identity.mozart'
debug1: Server refused our key.
debug1: Doing challenge response authentication.
debug1: No challenge.
debug1: Doing password authentication.
marcos@mozart.lab's password:

My sshd_config is:

marcos@MOZART ~$ grep -v ^# /etc/sshd_config | grep .
Port 22
Protocol 2,1
LoginGraceTime 600
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
AuthorizedKeysFile     %h/.ssh/authorized_keys
PermitEmptyPasswords no
X11Forwarding yes
UsePrivilegeSeparation yes
Subsystem      sftp    /usr/sbin/sftp-server

I set RSAAuthentication and AuthorizedKeysFile just in case it was
defaulting to no... but this doesn't work neither.

thx in advance,
m4c.


__________________________________________________________
Marcos Lorenzo de Santiago (Labs Technician)

Departament of Telematic Engineering
University Carlos III Av.Universidad 30 Leganés (Madrid).
Torres Quevedo Building 4.1A01 
E-mail: marcos@it.uc3m.es, Telephone: (+34)91-624-8757
Home Page http://www.it.uc3m.es/marcos
__________________________________________________________


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Trouble with RSA authentication
  2002-10-31  5:45 Trouble with RSA authentication Marcos Lorenzo
@ 2002-10-31  5:58 ` Max Bowsher
  2002-10-31  9:10   ` Ross Smith II
  0 siblings, 1 reply; 3+ messages in thread
From: Max Bowsher @ 2002-10-31  5:58 UTC (permalink / raw)
  To: Marcos Lorenzo, cygwin

Marcos Lorenzo <marcos@it.uc3m.es> wrote:
> I finally got sshd working!
>
> But I cannot authenticate via RSA. I made the keygen with ssh-keygen
> in my winbox and copied identity.pub to authorized_keys and identity
> in my linbox (I have the same files in both machines). I really know
> how ssh works in linux, but I have some troubles with RSA in cygwin.
> Below is the message that I got:
>
> 12:16:21 marcos@laud~ ssh -i .ssh/identity.mozart -vvv mozart.lab  -1
> debug1: Connecting to mozart.lab [163.117.144.225] port 22.
> debug1: Trying RSA authentication with key '.ssh/identity.mozart'
> debug1: Server refused our key.

Looks like the server logs with debugging enabled will hold the necessary
info to debug this.

Max.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

^ permalink raw reply	[flat|nested] 3+ messages in thread

* RE: Trouble with RSA authentication
  2002-10-31  5:58 ` Max Bowsher
@ 2002-10-31  9:10   ` Ross Smith II
  0 siblings, 0 replies; 3+ messages in thread
From: Ross Smith II @ 2002-10-31  9:10 UTC (permalink / raw)
  To: Max Bowsher, Marcos Lorenzo; +Cc: cygwin

[-- Attachment #1: Type: text/plain, Size: 3736 bytes --]

/usr/doc/Cygwin/openssh-3.4p1-5.README states that RSA authentication only
works if sshd runs under a user account (as opposed to the SYSTEM account).

To that end, I've created 2 shell scripts to allow one to "switch" from
running sshd as SYSTEM to running as a user, and visa versa.

These scripts will also fix the '/var/empty' problem, so they are worthwhile
to run once, even if you will never switch.

I haven't tried it, but you could probably even have a user and a SYSTEM
daemon running at the same time, by running one of the daemons on another
port via the -p option.

Attached and inline are the scripts.

I'll also put the latest versions up at http://www.netebb.com/cygwin/.

I'd love to see these incorporated into cygwin's openssh (or at least a user
contribs) package.

I'm not a cygwin wizard, so feedback is appreciated.

-Ross

#!/bin/sh
# $Id: sshd_user.sh $

case "$1" in
    -h | -he | -hel | -help | -? | --h | --he | --hel | --help | --? | /h |
/he | /hel | /help | /?)
	echo Usage: $0 [username] [password] ["CYGWIN options"] ["sshd options"]
	exit 1
	;;
    *)
    	;;
esac

if [ -n "$1" ]
then
	USER=$1
fi

CYGRUNSRV=
if [ -n "$2" ]
then
	CYGRUNSRV="-w $2"
fi

if [ -n "$3" ]
then
	CYGWIN=$3
fi

SSHD=""
if [ -n "$4" ]
then
	shift
	shift
	shift
	SSHD=$*
fi

cd

if [ ! -d .ssh ]
then
	echo $0: Please run ssh-user-config first to create your .ssh directory.
	exit 2
fi

chown ${USER}.None . .ssh /var/empty /etc/ssh_host_* /var/log/sshd.log
chmod 755 . .ssh
chmod 600 .ssh/*
chmod 644 .ssh/*.pub .ssh/authorized_keys? /var/log/sshd.log
chmod 755 /var/empty
cygrunsrv --stop sshd
cygrunsrv --remove sshd
cygrunsrv --install sshd -e "CYGWIN=${CYGWIN}" \
   -u ${USER} \
   ${CYGRUNSRV} \
   -d "sshd as ${USER}" \
   -p /usr/sbin/sshd.exe \
   -1 /var/log/sshd.log \
   -2 /var/log/sshd.log \
   -a "-e -D ${SSHD} "
cygrunsrv --start sshd
#!/bin/sh
# $Id: sshd_system.sh $

case "$1" in
    -h | -he | -hel | -help | -? | --h | --he | --hel | --help | --? | /h |
/he | /hel | /help | /?)
	echo Usage: $0 [CYGWIN options...]
	exit 0
	;;
    *)
    	;;
esac

if [ -n "$1" ]
then
	CYGWIN="$*"
fi

SSHD=""
if [ -n "$4" ]
then
	shift
	shift
	shift
	SSHD=$*
fi

if [ ! -f /etc/ssh_host_key ]
then
	echo $0: Please run ssh-host-config first to create your /etc/ssh_host_*
files.
	exit 2
fi

chown SYSTEM.SYSTEM /var/empty /etc/ssh_host_* /var/log/sshd.log
chmod 600 /etc/ssh_host_*
chmod 644 /etc/ssh_host_*.pub /var/log/sshd.log
chmod 755 /var/empty
cygrunsrv --stop sshd
cygrunsrv --remove sshd
cygrunsrv --install sshd -e "CYGWIN=${CYGWIN}" \
   -d "sshd as SYSTEM" \
   -p /usr/sbin/sshd.exe \
   -1 /var/log/sshd.log \
   -2 /var/log/sshd.log \
   -a "-e -D ${SSHD}"
cygrunsrv --start sshd


> -----Original Message-----
> From: cygwin-owner@cygwin.com [mailto:cygwin-owner@cygwin.com]On Behalf
> Of Max Bowsher
> Sent: Thursday, October 31, 2002 4:29 AM
> To: Marcos Lorenzo; cygwin@cygwin.com
> Subject: Re: Trouble with RSA authentication
>
>
> Marcos Lorenzo <marcos@it.uc3m.es> wrote:
> > I finally got sshd working!
> >
> > But I cannot authenticate via RSA. I made the keygen with ssh-keygen
> > in my winbox and copied identity.pub to authorized_keys and identity
> > in my linbox (I have the same files in both machines). I really know
> > how ssh works in linux, but I have some troubles with RSA in cygwin.
> > Below is the message that I got:
> >
> > 12:16:21 marcos@laud~ ssh -i .ssh/identity.mozart -vvv mozart.lab  -1
> > debug1: Connecting to mozart.lab [163.117.144.225] port 22.
> > debug1: Trying RSA authentication with key '.ssh/identity.mozart'
> > debug1: Server refused our key.
>
> Looks like the server logs with debugging enabled will hold the necessary
> info to debug this.
>
> Max.

[-- Attachment #2: sshd_user.sh --]
[-- Type: application/octet-stream, Size: 1079 bytes --]

#!/bin/sh
# $Id: sshd_user.sh $

case "$1" in
    -h | -he | -hel | -help | -? | --h | --he | --hel | --help | --? | /h | /he | /hel | /help | /?)
	echo Usage: $0 [username] [password] ["CYGWIN options"] ["sshd options"]
	exit 1
	;;
    *)
    	;;
esac

if [ -n "$1" ]
then
	USER=$1
fi

CYGRUNSRV=
if [ -n "$2" ]
then
	CYGRUNSRV="-w $2"
fi

if [ -n "$3" ]
then
	CYGWIN=$3
fi

SSHD=""
if [ -n "$4" ]
then
	shift
	shift
	shift
	SSHD=$*
fi

cd

if [ ! -d .ssh ]
then
	echo $0: Please run ssh-user-config first to create your .ssh directory.
	exit 2
fi

chown ${USER}.None . .ssh /var/empty /etc/ssh_host_* /var/log/sshd.log 
chmod 755 . .ssh
chmod 600 .ssh/*
chmod 644 .ssh/*.pub .ssh/authorized_keys? /var/log/sshd.log
chmod 755 /var/empty
cygrunsrv --stop sshd
cygrunsrv --remove sshd
cygrunsrv --install sshd -e "CYGWIN=${CYGWIN}" \
   -u ${USER} \
   ${CYGRUNSRV} \
   -d "sshd as ${USER}" \
   -p /usr/sbin/sshd.exe \
   -1 /var/log/sshd.log \
   -2 /var/log/sshd.log \
   -a "-e -D ${SSHD} "
cygrunsrv --start sshd

[-- Attachment #3: sshd_system.sh --]
[-- Type: application/octet-stream, Size: 897 bytes --]

#!/bin/sh
# $Id: sshd_system.sh $

case "$1" in
    -h | -he | -hel | -help | -? | --h | --he | --hel | --help | --? | /h | /he | /hel | /help | /?)
	echo Usage: $0 [CYGWIN options...]
	exit 0
	;;
    *)
    	;;
esac

if [ -n "$1" ]
then
	CYGWIN="$*"
fi

SSHD=""
if [ -n "$4" ]
then
	shift
	shift
	shift
	SSHD=$*
fi

if [ ! -f /etc/ssh_host_key ]
then
	echo $0: Please run ssh-host-config first to create your /etc/ssh_host_* files.
	exit 2
fi

chown SYSTEM.SYSTEM /var/empty /etc/ssh_host_* /var/log/sshd.log 
chmod 600 /etc/ssh_host_*
chmod 644 /etc/ssh_host_*.pub /var/log/sshd.log
chmod 755 /var/empty
cygrunsrv --stop sshd
cygrunsrv --remove sshd
cygrunsrv --install sshd -e "CYGWIN=${CYGWIN}" \
   -d "sshd as SYSTEM" \
   -p /usr/sbin/sshd.exe \
   -1 /var/log/sshd.log \
   -2 /var/log/sshd.log \
   -a "-e -D ${SSHD}"
cygrunsrv --start sshd


[-- Attachment #4: Type: text/plain, Size: 214 bytes --]

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2002-10-31 15:58 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-10-31  5:45 Trouble with RSA authentication Marcos Lorenzo
2002-10-31  5:58 ` Max Bowsher
2002-10-31  9:10   ` Ross Smith II

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).