From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kim Lee To: cygwin@cygwin.com Subject: sshd and RSA Authentication Date: Sun, 18 Feb 2001 17:24:00 -0000 Message-id: <3A9075CF.DE0442D9@bulletproof.net.au> X-SW-Source: 2001-02/msg01044.html Hi there, if there is a step by step document specific to cygwin, sshd and getting RSA authentication to work please point me to it.. Please read on anyway... I'm having problems getting w2k server sshd to allow RSA login without a password from another W2k Server box Here are some detail: I'm using latest (as of today) cygwin tools (ran the setup.exe and updated from the internet) /etc/passwd has... Administrator::500:513:,S-1-5-21-3438086697-2421862272-1916658313-500:/home/Administrator:/bin/sh This is the ssh client machine. administrator@SHRIMP ~ $ ssh -v KRILL SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0. Compiled with SSL (0x0090581f). debug: Seeding random number generator debug: ssh_connect: getuid 500 geteuid 500 anon 0 debug: Connecting to KRILL [172.16.0.202] port 22. debug: Seeding random number generator debug: Allocated local port 946. debug: Connection established. debug: Remote protocol version 1.5, remote software version 1.2.26 debug: no match: 1.2.26 debug: Local version string SSH-1.5-OpenSSH_2.3.0p1 debug: Waiting for server public key. debug: Received server public key (768 bits) and host key (1024 bits). debug: Host 'krill' is known and matches the RSA host key. debug: Seeding random number generator debug: Encryption type: 3des debug: Sent encrypted session key. debug: Installing crc compensation attack detector. debug: Received encrypted confirmation. debug: Trying RSA authentication with key 'administrator@SHRIMP' debug: Server refused our key. debug: Doing password authentication. administrator@krill's password: debug: Requesting pty. debug: Requesting shell. debug: Entering interactive session. Environment: HOME=/home/Administrator USER=administrator LOGNAME=administrator SHELL=/bin/sh SSH_CLIENT=172.16.0.201 946 22 SSH_TTY=/dev/tty0 TERM=cygwin \[\033]0;\w\007 \033[32m\]\u@\h \[\033[33m\w\033[0m\] $ exit Connection to KRILL closed. debug: Transferred: stdin 0, stdout 247, stderr 29 bytes in 5.8 seconds debug: Bytes per second: stdin 0.0, stdout 42.8, stderr 5.0 debug: Exit status 1 Here's the server end. administrator@KRILL ~ $ sshd -d debug: sshd version 1.2.26 [i586-pc-cygwin32] debug: Initializing random number generator; seed file ssh_random_seed log: Server listening on port 22. log: Generating 768 bit RSA key. Generating p: ..++ (distance 72) Generating q: ...................++ (distance 288) Computing the keys... Testing the keys... Key generation complete. log: RSA key generation complete. debug: Server will not fork when running in debugging mode. error: setsockopt IPTOS_LOWDELAY: Invalid argument log: Connection from 172.16.0.201 port 946 debug: Client protocol version 1.5; client software version OpenSSH_2.3.0p1 debug: Sent 768 bit public key and 1024 bit host key. debug: Encryption type: 3des debug: Received session key; encryption turned on. debug: Installing crc compensation attack detector. debug: Attempting authentication for administrator. debug: RSA authentication for administrator failed. log: Password authentication for administrator accepted. debug: Allocating pty. error: setsockopt IPTOS_LOWDELAY: Invalid argument debug: Forking shell. debug: Entering interactive session. debug: Received SIGCHLD. debug: End of interactive session; stdin 5, stdout (read 242, sent 242), stderr 0 bytes. debug: pty_cleanup_proc called debug: Command exited with status 1. debug: Received exit confirmation. log: Closing connection to 172.16.0.201 what is IPTOS_LOWDELAY, there is a rather long pause (10 seconds +) after the "connection is established" before the password prompt pops up. Note: the cygwin ssh client to a unix box with RSA authentication (no password) works fine and there is no delay. Another interesting thing is ssh client to a Windows 2000 Professional (NOT server) sshd doesn't have this delay but RSA authentication still doesn't work. What am I doing wrong? Any ideas or pointers? Thanks :) -- Cheers ---------------------------------------------------------------------- Kim Lee Senior Engineer - Bulletproof Networks ph: +61 (0) 416 212 025 http://www.bulletproof.net.au/ "When failure is not an option" -- Want to unsubscribe from this list? Check out: http://cygwin.com/ml/#unsubscribe-simple