gabriel rosenkoetter on Wed, 17 Jan 2001 12:57:27 -0500 |
On Wed, Jan 17, 2001 at 10:49:28AM +0100, MaD dUCK wrote: > scenario: > > client running openssh 2.1.1 protocol 2 > 3 servers (madduck, sccs, sirius) running ssh 1.2.27 protocol 1.5 Presuming the sirius you mean is mine, Martin, it's actually running OpenSSH 2.1.1 too. (I know /usr/local/sbin/sshd still exists and is SSH.com's 1.2.27, but it's not the one that's run out of rc.local, and it'll get wiped when that machine is upgraded to NetBSD 1.5 later this week... especially since 1.5 ships with NetBSD's port of OpenSSH 2.2.) > 3 servers (ceylon, uriel, localhost) running openssh 2.1.1 protocol 2 This correct does give you a pattern below: > ssh version rsa works? > madduck@sccs 1.2.27 yes > madduck@uriel 2.1.1 no madduck@sirius 2.1.1 no > madduck@madduck 1.2.27 yes > madduck@ceylon 2.1.1 no > testuser@localhost 2.1.1 no OpenSSH is pickier about syntax. (For instance, where SSH.com's ssh will accept any white space in its /etc/ssh_config and ~/.ssh/config files, OpenSSH insists on tabs.) I have no problem connecting to any of those machines with RSA authentication, using either 1.2.2x or 2.1.1 clients. What does your authorized_keys file look like? (It's safe to post that, don't worry... all we could do with it is let you into our computers.) > ssh_config@localhost: > ======== > Host * > ForwardAgent yes > ForwardX11 yes > RhostsAuthentication no > RhostsRSAAuthentication yes > RSAAuthentication yes > TISAuthentication no > PasswordAuthentication yes > FallBackToRsh no > UseRsh no > BatchMode no > CheckHostIP yes > StrictHostKeyChecking no > IdentityFile ~/.ssh/identity > Port 22 > Protocol 2,1 > Cipher 3des > EscapeChar ~ > ======== Presuming you're using OpenSSH 2.1.1 locally, this config file simply won't work. All those spaces MUST be tabs. Btw, I strongly disagree with allowing X11 and Agent forwarding to *... default should be off, you should turn it on for specific, trusted hosts. > sshd_config@localhost: > ======== > Port 22 > ListenAddress 0.0.0.0 > HostKey /etc/ssh/ssh_host_key > ServerKeyBits 768 > LoginGraceTime 600 > KeyRegenerationInterval 3600 > PermitRootLogin yes > IgnoreRhosts yes > StrictModes yes > X11Forwarding yes > X11DisplayOffset 10 > PrintMotd yes > KeepAlive yes > SyslogFacility AUTH > LogLevel INFO > RhostsAuthentication no > RhostsRSAAuthentication yes > RSAAuthentication yes > PasswordAuthentication yes > PermitEmptyPasswords no > UseLogin no > CheckMail no > ========= I'm shocked that OpenSSH's sshd isn't bitching loudly about this. (Have you checked your logs?) Same goes for the files on madduck. Fix the config files, see if that makes the problem go away. ~ g r @ eclipsed.net ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|