netbsd-users: Re: "ssh" with SSHv2 public key buggy?

Subject: Re: "ssh" with SSHv2 public key buggy?
To: Frederick Bruckman <fredb@immanent.net>
From: Brian A. Seklecki <lavalamp@burghcom.com>
List: netbsd-users
Date: 10/06/2001 17:52:58

On the source host:

user@host% ssh-keygen -b 2048 -P '' -t dsa

Then copy that user's ~/.ssh/id_dsa.pub to the remote users's
~/.ssh/authorized_keys2

On Sat, 6 Oct 2001, Frederick Bruckman wrote:

> Is there a secret to getting the public key stuff to work with SSHv2?
>
> Going from a NetBSD-1.5.2 host, I add the id_dsa key to the agent, but
> I always have to enter the passphrase anyway; then it says it
> succeeded, but it still asks for my password on the remote host!
>
> debug: authentications that can continue: publickey,password
> debug: next auth method to try is publickey
> debug: userauth_pubkey_agent: trying agent key /u/fredb/.ssh/id_dsa
> debug: authentications that can continue: publickey,password
> debug: next auth method to try is publickey
> debug: try pubkey: /u/fredb/.ssh/id_dsa
> debug: PEM_read_PrivateKey failed
> debug: read SSH2 private key done: name <no key> success 0
> Enter passphrase for key '/u/fredb/.ssh/id_dsa':
> debug: read SSH2 private key done: name dsa w/o comment success 1
>                                                         ^^^^^^^
> debug: sig size 20 20
> debug: authentications that can continue: publickey,password
> debug: next auth method to try is publickey
> debug: next auth method to try is password
> fb@shell-1.enteract.com's password:
>
> I could just skip the agent, hit return when it prompts for the
> passphrase, and just use password authentication, but I was wondering
> if perhaps I'm missing something.
>
> Another thing. I have an .ssh/config just slightly longer than this:
>
> Host                    *.enteract.com
> User                    fb
> GatewayPorts            yes
> #Protocol               1
>
> Host                    *
> Cipher                  blowfish
> Compression             yes
> CompressionLevel        3
>
> With v1, ssh correctly concatenates all the options for hosts that
> match the first block with the second block. With v2, it doesn't,
> choosing defaults for anything that isn't in the first matching block.
> (In this case, "Cipher 3des" and "CompressionLevel 6".)
>
> Frederick
>
>
>

--Brian

 ----

"GNU/Linux: About as stable as the elements at the bottom of the periodic
table"