Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Why am I sending the publickey?

from [Zembower, Kevin] Network Security [Permanent Link]
Subject: RE: Why am I sending the publickey?
Date: Tue, 21 Mar 2006 17:12:22 -0500 
No, I didn't need to, as removing the malformed ssh-rsa line in the
remote system's /root/.ssh/authorized_keys file solved the problem.

Thanks, again, for your help and suggestions.

-Kevin

-----Original Message-----
From: Gian G. Spicuzza [mailto:gianspi@gsent.org] 
Sent: Tuesday, March 21, 2006 4:04 PM
To: Zembower, Kevin; secureshell@securityfocus.com
Subject: Re: Why am I sending the publickey?

Did you increase the max retrys in sshd_config?
The default is:

MaxAuthTries 6 


Zembower, Kevin wrote:


Gian and Raz, thank you for your suggestions.

Gian, I'm able to logon with PreferredAuthentications=password.

However,

after I send my public key, I still can't make a connection:

[root@xxx2 ~]# cat ~/.ssh/id_rsa.pub | ssh -o
PreferredAuthentications=password xxx.xxx.xxx 'umask 022; cat
 


~/.ssh/authorized_keys'
     


root@xxx.xxx.xxx password: 
[root@xxx2 ~]# ssh xxx.xxx.xxx
Connection closed by xx.xxx.xxx.xxx
[root@xxx2 ~]#

Raz, I think you're on to something, suspecting that there's a problem.
I get this message in /var/log/auth.log when the connection fails:

Mar 21 11:42:20 main sshd[16735]: fatal: buffer_get: trying to get more
bytes 129 than in buffer 36
main:/var/log#

After searching on Google, I found this solution involving improper

line

endings in ~/.ssh/authorized_keys:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=64972. Their
solution was to erase the key in question, which I had done previously.
However, I noticed that the key preceding the one in question seemed to
be malformed. It was much longer than the other ssh-rsa keys, and
contained spaces, which the other ones did not. Removing this key

solved

the problem. I can now log on using either password or public key.

Thank you all very much for your help and suggestions.

-Kevin Zembower

----Original Message-----
From: Roland Turner (Security Focus)
[mailto:raz.frphevglsbphf.pbz@raz.cx] 
Sent: Monday, March 20, 2006 11:15 AM
To: secureshell@securityfocus.com
Subject: Re: Why am I sending the publickey?

On Mon, 2006-03-20 at 10:12 -0500, Zembower, Kevin wrote:

 


debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
Connection closed by xx.xx.xx.xx
[root@xxx .ssh]#

I don't understand why it's trying the publickey method.

On the remote host, I've removed the lines in /root/.ssh/authorized
   


keys
 


for the host I'm coming from, and restarted sshd,
   



Your client is offering a key because your server is indicating a
willingness to accept one (this is controlled by sshd_config, not
authorized_keys).

There's some brokenness here though; it's not clear why the connection
is closing immediately after the public key is offered. It should

refuse

it, then move on to the other authorisation methods. A sudden closure
suggests that your server process is aborting (e.g. a segmentation
violation). How confident are you that your server build is reasonable?

- Raz
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: PAM and SSH (add new options?), Ron Wheeler
Next by Date:  Re: Why am I sending the publickey?, Gian G. Spicuzza
Previous by Thread:  Re: Why am I sending the publickey?, Gian G. Spicuzza
Next by Thread:  Logging tunnels established by users., Laurence Stendard
Indexes:  [Date] [Thread] [Top] [All Lists]