On Sat, Oct 13, 2001 at 10:06:10PM -0500, Orion Buckminster Montoya
wrote:> I've searched the FAQ and the list archives for the solution to this
> problem, and asked knowlegeable people, but to no avail. Rather than
> spam the list with tons of ssh-v output, I've put it up at
> http://valla.uchicago.edu/ssh-v/, and referred to it below as
> appropriate.
>
> I am running OpenSSH_2.9p2 on a Debian GNU/Linux (Sid) system, and I
> can't use ssh-agent to connect to some hosts, but for some I can.
> Some of these are running commerical SSH, but many are running
> OpenSSH.
[rest of information deleted]
If I analyze the output correctly, you only have an RSA1 key available
in your agent. Please understand, that there are 3 types of keys available:
* RSA1: only available for protocol 1 (ssh-1.2.x and OpenSSH running in
compatibility mode). Check your output: if your logfile says
Remote protocol version 1.5, remote software version ...
and
Host 'dsal.uchicago.edu' is known and matches the RSA1 host key
you are using the old and deprecated protocol 1.
* DSA: only available for protocol 2 (ssh-2.xx and OpenSSH-2.x.x)
* RSA: only available for protocol 2 (OpenSSH-2.x.x, ssh-3(?)).
Solution: create a new set of public keys for DSA and RSA (protocol 2)
and also load them into the agent. If you use them with the same passphrase,
you can even add them with ssh-add all at once.
If you have all 3 keys available (RSA1, RSA, DSA) you will have all
options available.
Please also check out all of the ssh[d]_config files. You should enable
protocol 2 as the default protocol. This is not yet true in your case.
To the OpenSSH-maintainers: detecting this problem might have been easier,
if ssh -v (and/or sshd -d) would explicitly tell "choosing protocol
x.x" :-)
Best regards,
Lutz
--
Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
