openssh unix dev - Mar 2002 - [Bug 165] Problem with SSH1 Keys on RedHat7.2

http://bugzilla.mindrot.org/show_bug.cgi?id=165





------- Additional Comments From markus at openbsd.org  2002-03-17 04:31 -------
never seen this. what does sshd -ddd say?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=165





------- Additional Comments From mmahler at 141.com  2002-03-18 08:58 -------
sshd -ddd on openssh 3.1

debug1: Local version string SSH-1.5-OpenSSH_3.1p1
debug1: Sent 768 bit server key and 1024 bit host key.
debug1: Encryption type: 3des
debug1: cipher_init: set keylen (16 -> 32)
debug1: cipher_init: set keylen (16 -> 32)
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug1: Starting up PAM with username "sisyphus"
debug3: Trying to reverse map address 127.0.0.1.
debug1: PAM setting rhost to "localhost.localdomain"
debug1: Attempting authentication for sisyphus.
debug1: temporarily_use_uid: 500/500 (e=0)
debug1: trying public RSA key file /home/sisyphus/.ssh/authorized_keys
debug3: secure_filename: checking '/home/sisyphus/.ssh'
debug3: secure_filename: checking '/home/sisyphus'
debug3: secure_filename: terminating check at '/home/sisyphus'
debug1: restore_uid
Failed rsa for sisyphus from 127.0.0.1 port 38968
debug1: rcvd SSH_CMSG_AUTH_TIS
Failed challenge-response for sisyphus from 127.0.0.1 port 38968
Connection closed by 127.0.0.1

sshd -ddd on openssh 3.0:
debug1: match: OpenSSH_3.0.2p1 pat ^OpenSSH
debug1: Local version string SSH-1.5-OpenSSH_3.0.2p1
debug1: Rhosts Authentication disabled, originating port 38971 not trusted.
debug1: Sent 768 bit server key and 1024 bit host key.
debug1: Encryption type: 3des
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug1: Starting up PAM with username "sisyphus"
debug3: Trying to reverse map address 127.0.0.1.
debug1: PAM setting rhost to "localhost.localdomain"
debug1: Attempting authentication for sisyphus.
debug1: temporarily_use_uid: 500/500 (e=0)
debug1: trying public RSA key file /home/sisyphus/.ssh/authorized_keys
debug3: secure_filename: checking '/home/sisyphus/.ssh'
debug3: secure_filename: checking '/home/sisyphus'
debug3: secure_filename: terminating check at '/home/sisyphus'
debug1: restore_uid
Accepted rsa for sisyphus from 127.0.0.1 port 38971
debug1: session_new: init
debug1: session_new: session 0

This is really weird.....



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=165





------- Additional Comments From mmahler at 141.com  2002-03-18 09:11 -------
Sorry that last post I made a mistake and posted the wrong config file on it.
It would appear that if in the sshd config file if you use ~ it looks for
root's
home, not the user trying to connect.

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      ~/.ssh/authorized_keys

if that's your config you get this:

debug1: match: OpenSSH_3.0 pat OpenSSH*
debug1: Local version string SSH-1.5-OpenSSH_3.1p1
debug1: Sent 768 bit server key and 1024 bit host key.
debug1: Encryption type: 3des
debug1: cipher_init: set keylen (16 -> 32)
debug1: cipher_init: set keylen (16 -> 32)
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug1: Starting up PAM with username "sisyphus"
debug3: Trying to reverse map address 128.138.39.14.
debug1: PAM setting rhost to "strn39-14-dhcp.resnet.colorado.edu"
debug1: Attempting authentication for sisyphus.
debug1: temporarily_use_uid: 500/500 (e=0)
debug1: trying public RSA key file /root/.ssh/authorized_keys
debug1: restore_uid
Failed rsa for sisyphus from 128.138.39.14 port 11065
debug1: temporarily_use_uid: 500/500 (e=0)
debug1: trying public RSA key file /root/.ssh/authorized_keys
debug1: restore_uid
Failed rsa for sisyphus from 128.138.39.14 port 11065
debug1: rcvd SSH_CMSG_AUTH_TIS
Failed challenge-response for sisyphus from 128.138.39.14 port 11065

if you change it to this :
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys

it'll work right.
but ~/.ssh/authorized_keys works fine in openssh3.0

sorry about that last mix up.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=165





------- Additional Comments From mouring at eviladmin.org  2002-03-18 10:31
-------
AuthorizedKeysFile     %h/.ssh/authorized_keys
or
AuthorizedKeysFile     .ssh/authorized_keys

are the defaults (depending on the release).  

Not sure how ~/.ssh/authorized_keys ever worked since we call 
auth.c:expand_filename() which only honors %%, %h, %u.  The same holds true for 
3.0.

- Ben




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=165

mmahler at 141.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID



------- Additional Comments From mmahler at 141.com  2002-03-19 05:29 -------
hmmm, not sure how it works eaither, but it does oddly work in 3.0...



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.