[mdk-re] SSH-2.4.0 <-> OpenSSH_3.1p1

Yura Zotov =?iso-8859-1?q?yznews_=CE=C1_hotbox=2Eru?=
Ср Апр 3 18:08:35 MSD 2002 

On Wed, Apr 03, 2002 at 03:04:45PM +0400, Dmitry V. Levin wrote:
> On Wed, Apr 03, 2002 at 01:28:17PM +0400, Yura Zotov wrote:
> > При соединении с SSH-2.4.0 на OpenSSH не проходит авторизация по
> > ключу. С OpenSSH на OpenSSH с этим же ключом, авторизация
> > срабатывает. Вот только OpenSSH не может расшифровать ключ по
> > паролю, сгенерированный на SSH-2.4.0.
> 
> На чем основано это утверждение?
> Что делает openssh-сервер при попытке авторизации по этому ключу?
> Находит ли он нужный ключ?
> 
> 

Точно сказать не могу, я в этом плоховато пока разбираюсь. Внизу
логи OpenSSH->OpenSSH с ключом от SSH-2.4.0. После трехкратного
введения пароля клиент отваливается, потому что думает, что
пароль неправильный. Опять же с SSH-2.4.0 на OpenSSH клиент даже
не спрашивает пароля.

Вот лог клиента:

$ ssh -v -i id_dsa_1024_a lena на vezyolka
OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f
debug1: Reading configuration data /home/yura/.ssh/config
debug1: Reading configuration data /etc/openssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not
be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 501 geteuid 501 anon 1
debug1: Connecting to vezyolka [192.168.165.3] port 22.
debug1: temporarily_use_uid: 501/501 (e=501)
debug1: restore_uid
debug1: temporarily_use_uid: 501/501 (e=501)
debug1: restore_uid
debug1: Connection established.
debug1: identity file id_dsa_1024_a type -1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client blowfish-cbc hmac-md5 none
debug1: kex: client->server blowfish-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 127/256
debug1: bits set: 1612/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'vezyolka' is known and matches the RSA host key.
debug1: Found key in /home/yura/.ssh/known_hosts2:10
debug1: bits set: 1626/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey
debug1: next auth method to try is publickey
debug1: try privkey: id_dsa_1024_a
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key 'id_dsa_1024_a':
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key 'id_dsa_1024_a':
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key 'id_dsa_1024_a':
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: no more auth methods to try
Permission denied (publickey).
debug1: Calling cleanup 0x80637c0(0x0)


Вот лог сервера.

# /usr/sbin/sshd -d
debug1: sshd version OpenSSH_3.1p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Server will not fork when running in debugging mode.
Connection from 192.168.165.3 port 41837
debug1: Client protocol version 2.0; client software version
OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.1p1
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server blowfish-cbc hmac-md5 none
debug1: kex: server->client blowfish-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 142/256
debug1: bits set: 1626/3191
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 1612/3191
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user lena service ssh-connection
method none
debug1: attempt 0 failures 0
debug1: Starting up PAM with username "lena"
debug1: PAM setting rhost to "vezyolka.home"
Failed none for lena from 192.168.165.3 port 41837 ssh2
Connection closed by 192.168.165.3
debug1: Calling cleanup 0x8052570(0x0)
debug1: Calling cleanup 0x8067c00(0x0)


--
Юрий А. Зотов

Подробная информация о списке рассылки community