[oclug] ssh-agent pasephrase not working

James Leigh james.leigh at ottawa.com
Fri Aug 17 11:56:08 EDT 2001 

I want to setup ssh so I can log in without a using a password, rather a
pasephrase, but I am very close to giving up.  The debug info is bleek
and I cannot figure out the problem. Version 2.9p2-4 of openssh on hosta
and version 2.5.2p2-3 on hostb.
  I am on hosta and connecting to hostb, both machines are on a local
net and share the home dir.  Any suggestions of what to try next would
be helpfull.

thanks,
james

  This is what I have done:

me at hosta$ rm -rf .ssh
me at hosta$ ssh hostb  # using password 
	# writes the .ssh/known_hosts2 file
me at hosta$ ssh-keygen
	# creates .ssh/identity and .ssh/identitiy.pub with a pasephrase
me at hosta$ cp .ssh/identity.pub .ssh/authorized_keys
	# both host share /home
me at hosta$ echo "Host *
	PasswordAuthentication no" > .ssh/config
me at hosta$ ls -l .ssh
total 4
-rw-r--rw-    1 me      us         328 Aug 17 11:30 authorized_keys
-rw-r--r--    1 me      us          34 Aug 17 11:31 config
-rw-------    1 me      us         524 Aug 17 11:30 identity
-rw-r--r--    1 me      us         328 Aug 17 11:30 identity.pub
-rw-r--r--    1 me      us         231 Aug 17 11:30 known_hosts2
me at hosta$ rsh hostb cat /etc/ssh/ssh_config
#	$OpenBSD: ssh_config,v 1.10 2001/04/03 21:19:38 todd Exp $

# This is ssh client systemwide configuration file.  See ssh(1) for more
# information.  This file provides defaults for users, and the values can
# be changed in per-user configuration files or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# We turn ForwardAgent and ForwardX11 on for localhost
Host localhost
  ForwardAgent yes
  ForwardX11 yes

# Site-wide defaults for various options

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsAuthentication no
#   RhostsRSAAuthentication yes
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   FallBackToRsh no
#   UseRsh no
#   BatchMode no
#   CheckHostIP yes
#   StrictHostKeyChecking yes
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_rsa
#   Port 22
#   Protocol 2,1
#   Cipher blowfish
#   EscapeChar ~
me at hosta$ ssh -v -v -v -i .ssh/identity hostb
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /home/me/.ssh/config
debug1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 1000 geteuid 1000 anon 1
debug1: Connecting to hostb [192.168.32.17] port 22.
debug1: temporarily_use_uid: 1000/1000 (e=1000)
debug1: restore_uid
debug1: temporarily_use_uid: 1000/1000 (e=1000)
debug1: restore_uid
debug1: Connection established.
debug1: identity file .ssh/identity type 0
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.5.2p2
debug1: match: OpenSSH_2.5.2p2 pat ^OpenSSH_2\.5\.[012]
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 141/256
debug1: bits set: 987/2049
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/me/.ssh/known_hosts2
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename /home/me/.ssh/known_hosts2
debug3: check_host_in_hostfile: match line 1
debug1: Host 'hostb' is known and matches the RSA host key.
debug1: Found key in /home/me/.ssh/known_hosts2:1
debug1: bits set: 1008/2049
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug2: we did not send a packet, disable method
debug1: no more auth methods to try
Permission denied (publickey,password).
debug1: Calling cleanup 0x8062c3c(0x0)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://tux.oclug.on.ca/pipermail/oclug/attachments/20010817/e53957d6/attachment.bin

More information about the OCLUG mailing list