Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Publick key authentication problem

from [Frans Englich] Network Security [Permanent Link]
Subject: Re: Publick key authentication problem
Date: Fri, 26 May 2006 21:09:15 +0000 
On Friday 26 May 2006 20:19, Pfister, Thomas P wrote:

Hi Thomas,

Thanks for your reply.


My experience with OpenSSH is limited to getting OpenSSH clients to work
with our commercial SSH server, so more experienced OpenSSH admins can
confirm or correct my thoughts here.

These lines from your attachment, ssh.log, look to me like your key file
has been converted to be compatible with ssh.com's commercial product:
debug2: key_type_from_name: unknown key type '-----BEGIN'
....
debug2: key_type_from_name: unknown key type '-----END'
But I believe you said that these same keys work on a different SSH
Server.  Might that server be running the commercial SSH server from
ssh.com instead of OpenSSH?


Might be. Unfortunately, I've no knowledge of the server's setup.


That would explain this key file working 
there but not on this server.


Ok, interesting. I created my key by running `ssh-keygen -t dsa'(not sure 
about the switches). `ssh -v' gives me "OpenSSH_4.2p1, OpenSSL 0.9.7d 17 Mar 
2004", if that is of any help.


You also do not have an identity file in your .ssh directory.  This file
should have an entry that looks like "IDKey id_dsa".  I can't explain
why your connection works to any server without this file.


Ok, I added such a file, permission 600, with content "IDKey id_dsa"(without 
quotes) and things started to happen. When trying to login, `ssh -vvv 
englich@HOSTNAME`, I was asked to "Enter passphrase for key 
'/home/frans/.ssh/identity'." The password I enter when adding my key with 
ssh-add, didn't work, neither did my password for my Linux account(not that I 
expected it to).

In the verbose output, this is perhaps of interest:

debug3: Not a RSA1 key file /home/frans/.ssh/identity.
debug2: key_type_from_name: unknown key type 'IDKey'
debug3: key_read: missing keytype
debug1: identity file /home/frans/.ssh/identity type -1

The -vvv output from the run with the `identity' file is attached.

Btw, the admin(for the server I'm having trouble connecting to) said when I 
was getting access to send him an "openssh v2 compatible public key". Might 
be a hint of the server, or what I am doing wrong.


Cheers,

                Frans

Attachment: attempt2.log
Description: Text Data

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Publick key authentication problem, Pfister, Thomas P
Next by Date:  Re: Kerberos 5 authentication without password?, Darren Tucker
Previous by Thread:  RE: Publick key authentication problem, Pfister, Thomas P
Next by Thread:  openssh with cross-realm kerberos (heimdal) authentication, Steven Van Acker
Indexes:  [Date] [Thread] [Top] [All Lists]