Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

help? ssh connect w/ DSA pubkey auth keeps asking for passphrase; w/ RSA

from [OpenMacNews] Network Security [Permanent Link]
Subject: help? ssh connect w/ DSA pubkey auth keeps asking for passphrase; w/ RSA pubkey auth, all is OK
Date: Sun, 04 Sep 2005 12:51:31 -0700 
hi all,

i've:

% ssh -V
OpenSSH_4.1p1, OpenSSL 0.9.7g 11 Apr 2005
% uname -a
Darwin devbox 8.2.0 Darwin Kernel Version 8.2.0: Fri Jun 24 17:46:54 PDT 2005; root:xnu-792.2.4.obj~3/RELEASE_PPC Power Macintosh powerpc


i've created two ssh passphrase-less keypairs for my machine, 'devbox', one RSA and one DSA, using:

ssh-keygen -b 2048 -t rsa -f /usr/local/etc/ssh/rsakeys/ssh.devbox.rsa -N "" -C "root@devbox"
ssh-keygen -b 2048 -t dsa -f /usr/local/etc/ssh/dsakeys/ssh.devbox.dsa -N "" -C "root@devbox"

after propagating both pubkeys to another box ('myserver'), if i 'ssh' to 'myserver' using the RSA key as an identity file:

        IdentityFile  /usr/local/etc/ssh/rsakeys/ssh.devbox.rsa.pub

all is OK.  i can immediately connect via pubkey auth with no error ...



however, if i try the exact same thing but, with the DSA ident file:

        IdentityFile  /usr/local/etc/ssh/dsakeys/ssh.devbox.dsa.pub


on connection attempt, i get an error:

        PEM_read_PrivateKey failed

and a request for a passphrase:

...
debug1: Host 'devbox.mydomain.com' is known and matches the DSA host key.
debug1: Found key in /usr/local/etc/ssh/authorized_keys2:1
debug2: bits set: 500/1024
debug1: ssh_dss_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /usr/local/etc/ssh/dsakeys/ssh.devbox.dsa.pub (0x401d10)
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /usr/local/etc/ssh/dsakeys/ssh.devbox.dsa.pub
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-dss blen 818
debug2: input_userauth_pk_ok: fp 74:3f:c7:96:12:9e:6d:88:8e:bc:21:56:d3:40:9f:e3
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/usr/local/etc/ssh/dsakeys/ssh.devbox.dsa.pub':


i've googled, and all i'm finding (so far) is advice to create the DSA keys without passphrase ...

which, as above, i have already, i believe, done correctly, and checked & re-checked ...

suggestions?

thx!

richard

Attachment: pgpd67xiKDs5t.pgp
Description: PGP signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: User name prompt with ssh, Greg Wooledge
Next by Date:  Re: Port Forwarding from different local addresses, Darren Tucker
Previous by Thread:  Port Forwarding from different local addresses, James Thomas Richardson
Next by Thread:  Re: help? ssh connect w/ DSA pubkey auth keeps asking for passphrase; w/ RSA pubkey auth, all is OK, Alexey G. Khramkov
Indexes:  [Date] [Thread] [Top] [All Lists]