openssh unix dev - Feb 2001 - further problems with OpenSSH 2.5.1p1 on RH 6.2

I'm finding another problem with OpenSSH 2.5.1p1 on RH 6.2 (at least,
I think it's the linux box that is the problem).

I'm ssh'ing to a RH 6.2 box from a Solaris 7 server (scp also... seems
like the same problem).

I'm using authorized_keys and identity.pub files to do it automagically,
and all works well when it's from user to user, where the username is the
same, but if I do something like this :

root at solarisbox: ssh -l blah linuxbox

I'm seeing this :

ssh -1 -v -l blah linuxbox
OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
debug: Reading configuration data /opt/local/etc/ssh_config
debug: Applying options for *
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to linuxbox [1.2.3.4] port 22.
debug: Seeding random number generator
debug: Allocated local port 635.
debug: Connection established.
debug: identity file //.ssh/identity type 0
debug: Remote protocol version 1.99, remote software version OpenSSH_2.5.1p1
debug: match: OpenSSH_2.5.1p1 pat ^OpenSSH
debug: Local version string SSH-1.5-OpenSSH_2.5.1p1
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host 'linuxbox' is known and matches the RSA1 host key.
debug: Found key in //.ssh/known_hosts:12
debug: Seeding random number generator
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Trying RSA authentication with key 'root at solarisbox'
debug: Received RSA challenge from server.
debug: Sending response to host key RSA challenge.
debug: Remote: RSA authentication accepted.
debug: RSA authentication refused.
debug: Doing password authentication.
blah at linuxbox's password: 


I didn't have this problem before upgrading from 2.3.0p1 on both.

running truss on the solaris box shows this :

debug: Found key in //.ssh/known_hosts:12
debug: Seeding random number generator
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
19087:  open("//.ssh/identity", O_RDONLY)               = 4
debug: Trying RSA authentication with key 'root at solarisbox'
debug: Received RSA challenge from server.
19087:  open("//.ssh/identity", O_RDONLY)               = 4
debug: Sending response to host key RSA challenge.
debug: Remote: RSA authentication accepted.
debug: RSA authentication refused.
debug: Doing password authentication.
19087:  open("/dev/tty", O_RDWR)                        = 4
blah at linuxbox's password: 

I can get a passwordless logon if I come from the same username.

I'm going to back out back to 2.3.0p1, and see if that fixes it,
but does anyone have any suggestions?  Maybe I broke a config file?

This is my sshd_config on the linuxbox :

#       $OpenBSD: sshd_config,v 1.32 2001/02/06 22:07:50 deraadt Exp $

# This is the sshd server system-wide configuration file.  See sshd(8)
# for more information.

Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_rsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding no
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes

# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging

RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
#
RSAAuthentication yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Uncomment to disable s/key passwords 
#ChallengeResponseAuthentication no

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

#CheckMail yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes

Subsystem       sftp    /usr/libexec/openssh/sftp-server

Carl

Consider moving to 0.9.6 OpenSSL.  I belive part of the issues are
the RPMs are compiled against 0.9.6 and odd things occur when you
use 0.9.5a.

- Ben

On Wed, 21 Feb 2001 carl at bl.echidna.id.au wrote:
> I'm finding another problem with OpenSSH 2.5.1p1 on RH 6.2 (at least,
> I think it's the linux box that is the problem).
> 
> I'm ssh'ing to a RH 6.2 box from a Solaris 7 server (scp also...
seems
> like the same problem).
> 
> I'm using authorized_keys and identity.pub files to do it
automagically,
> and all works well when it's from user to user, where the username is
the
> same, but if I do something like this :
> 
> root at solarisbox: ssh -l blah linuxbox
> 
> I'm seeing this :
> 
> ssh -1 -v -l blah linuxbox
> OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
> debug: Reading configuration data /opt/local/etc/ssh_config
> debug: Applying options for *
> debug: ssh_connect: getuid 0 geteuid 0 anon 0
> debug: Connecting to linuxbox [1.2.3.4] port 22.
> debug: Seeding random number generator
> debug: Allocated local port 635.
> debug: Connection established.
> debug: identity file //.ssh/identity type 0
> debug: Remote protocol version 1.99, remote software version
OpenSSH_2.5.1p1
> debug: match: OpenSSH_2.5.1p1 pat ^OpenSSH
> debug: Local version string SSH-1.5-OpenSSH_2.5.1p1
> debug: Waiting for server public key.
> debug: Received server public key (768 bits) and host key (1024 bits).
> debug: Host 'linuxbox' is known and matches the RSA1 host key.
> debug: Found key in //.ssh/known_hosts:12
> debug: Seeding random number generator
> debug: Encryption type: 3des
> debug: Sent encrypted session key.
> debug: Installing crc compensation attack detector.
> debug: Received encrypted confirmation.
> debug: Trying RSA authentication with key 'root at solarisbox'
> debug: Received RSA challenge from server.
> debug: Sending response to host key RSA challenge.
> debug: Remote: RSA authentication accepted.
> debug: RSA authentication refused.
> debug: Doing password authentication.
> blah at linuxbox's password: 
> 
> 
> I didn't have this problem before upgrading from 2.3.0p1 on both.
> 
> running truss on the solaris box shows this :
> 
> debug: Found key in //.ssh/known_hosts:12
> debug: Seeding random number generator
> debug: Encryption type: 3des
> debug: Sent encrypted session key.
> debug: Installing crc compensation attack detector.
> debug: Received encrypted confirmation.
> 19087:  open("//.ssh/identity", O_RDONLY)               = 4
> debug: Trying RSA authentication with key 'root at solarisbox'
> debug: Received RSA challenge from server.
> 19087:  open("//.ssh/identity", O_RDONLY)               = 4
> debug: Sending response to host key RSA challenge.
> debug: Remote: RSA authentication accepted.
> debug: RSA authentication refused.
> debug: Doing password authentication.
> 19087:  open("/dev/tty", O_RDWR)                        = 4
> blah at linuxbox's password: 
> 
> I can get a passwordless logon if I come from the same username.
> 
> I'm going to back out back to 2.3.0p1, and see if that fixes it,
> but does anyone have any suggestions?  Maybe I broke a config file?
> 
> This is my sshd_config on the linuxbox :
> 
> #       $OpenBSD: sshd_config,v 1.32 2001/02/06 22:07:50 deraadt Exp $
> 
> # This is the sshd server system-wide configuration file.  See sshd(8)
> # for more information.
> 
> Port 22
> #Protocol 2,1
> #ListenAddress 0.0.0.0
> #ListenAddress ::
> HostKey /etc/ssh/ssh_host_key
> HostKey /etc/ssh/ssh_host_dsa_key
> #HostKey /etc/ssh/ssh_host_rsa_key
> ServerKeyBits 768
> LoginGraceTime 600
> KeyRegenerationInterval 3600
> PermitRootLogin yes
> #
> # Don't read ~/.rhosts and ~/.shosts files
> IgnoreRhosts yes
> # Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
> #IgnoreUserKnownHosts yes
> StrictModes yes
> X11Forwarding no
> X11DisplayOffset 10
> PrintMotd yes
> KeepAlive yes
> 
> # Logging
> SyslogFacility AUTH
> LogLevel INFO
> #obsoletes QuietMode and FascistLogging
> 
> RhostsAuthentication no
> #
> # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
> RhostsRSAAuthentication no
> #
> RSAAuthentication yes
> 
> # To disable tunneled clear text passwords, change to no here!
> PasswordAuthentication yes
> PermitEmptyPasswords no
> 
> # Uncomment to disable s/key passwords 
> #ChallengeResponseAuthentication no
> 
> # To change Kerberos options
> #KerberosAuthentication no
> #KerberosOrLocalPasswd yes
> #AFSTokenPassing no
> #KerberosTicketCleanup no
> 
> # Kerberos TGT Passing does only work with the AFS kaserver
> #KerberosTgtPassing yes
> 
> #CheckMail yes
> #UseLogin no
> 
> #MaxStartups 10:30:60
> #Banner /etc/issue.net
> #ReverseMappingCheck yes
> 
> Subsystem       sftp    /usr/libexec/openssh/sftp-server
> 
> Carl
> 
>