Yusuf Goolamabbas
2000-Dec-21 08:03 UTC
ssh 2.3.0p1 does not seem to fallback protocol from 2 to 1
Hi, I have the following line in $HOME/.ssh/config Protocol 2,1 I run OpenSSH 2.3.0p1 on my RH 7.0 box running 2.2.18. I am trying to ssh into a FreeBSD 4.2-stable box which runs OpenSSH 2.2.0. The account I am trying to ssh into has two files in $HOME/.ssh authorized_keys and authorized_key2 which contains RSA and DSA keys respectively.>From my RH 7.0 machine, I do the followingssh -v <targethost> and it gets me in via DSA key Then I rename authorized_keys2 on remote machine to ak_2 and do the same thing. OpenSSH 2.3.0 tries to connect via DSA key and when it can't find the key prompts me for the remote users password. I would have expected it to use the RSA key instead to log me in. Is there something I might have missed Regards, Yusuf -- Yusuf Goolamabbas yusufg at outblaze.com
Markus Friedl
2000-Dec-21 11:06 UTC
ssh 2.3.0p1 does not seem to fallback protocol from 2 to 1
On Thu, Dec 21, 2000 at 08:03:55AM -0000, Yusuf Goolamabbas wrote:> I would have expected it to use the RSA key instead to log me in. > > Is there something I might have missedyes. your expectations are wrong :) 'Protocol 2,1' means: try to start speak the protocol 2 to the ssh server. if the server does not speak protocol 2, then fallback to protocol 1. you did expect: connect with protocol 2 if possible if authentication fails for some specific method (DSA in your case), don't even try other methods (like passwd) but reconnect with protocol 1 and try RSA auth for example. this will never work. the fallback is for about: what protocol do i speak to the server. once you have chosen a protocol and started speaking it's impossible to change the protocol. hope this makes things clear. -markus
Possibly Parallel Threads
- workaround for 'hang on exit' bug does not seem to work
- [tytso@mit.edu: Re: Your ext2 optimisation for readdir+stat]
- [andrea@suse.de: Re: VFS bug in 2.4.10+ which applies ulimits to block devices]
- ogg123/libao needs to factor non support for mono in i810 driver
- Making UseLogin yes requires a valid reverse DNS enty