http://bugzilla.mindrot.org/show_bug.cgi?id=806
Summary: openssh after 3.6.1p1 can not authenticate via public
rsa2 key
Product: Portable OpenSSH
Version: 3.8p1
Platform: HPPA
OS/Version: HP-UX
Status: NEW
Severity: major
Priority: P2
Component: ssh
AssignedTo: openssh-bugs@mindrot.org
ReportedBy: peter.kielbasiewicz@philips.com
My compilation of openssh 3.7.1p2 and 3.8p1 can not authenticate from HPUX 10.20
via rsa2 or dsa public key.
The sshd daemon side works OK. I can use public key authentication from Linux or
Windows TO HPUX without problems.
I am using rsa2 keys and the keys as well as the access rights of my directory
structure are ok. I can connect to the sshd on HPUX from other platforms with my
key pair using public key authentication without problems.
When I try ssh FROM HPUX to other hosts or even to myself sshd always asks
for a password.
It seems that the ssh client skips the public key authentication step as can be
seen from the debug output below.
The openssh version 3.6.1p1 does not show the described effect, i.e. I can
connect from HP-UX using my rsa2 public key authentication without problems.
As HP-UX does not support PAM I did not use the with-pam flag for compilation.
The compile flags were the same for all revisions and as follows:
CFLAGS="+O3 +ESlit +Optrs_strongly_typed
-I$SRC/tcp_wrappers/$TCP_WRAPver" \
LDFLAGS="-L$SRC/tcp_wrappers/$TCP_WRAPver" \
./configure --prefix=/opt/$VER \
--sysconfdir=/etc/opt/openssh \
--with-default-path="/usr/bin:/usr/sbin:/opt/$VER/bin" \
--with-ssl-dir=$SRC/openssl/$OPENSSLver \
--with-zlib=$SRC/zlib/$ZLIBver \
--with-prngd-socket=/var/run/egd-pool \
--with-tcp-wrappers \
--without-shadow \
--disable-suid-ssh
I compiled against
TCP_WRAPver=tcp_wrappers_7.6-ipv6.3
OPENSSLver=openssl-0.9.7c
ZLIBver=zlib-1.2.1
PRNGDver=prngd-0.9.27
Parts from debug output:
debug1: identity file /home/peterk/.ssh/identity type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/peterk/.ssh/id_rsa type 1
debug1: identity file /home/peterk/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.8p1
...
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Summary: openssh after 3.6.1p1 can not authenticate via public
rsa2 key
Product: Portable OpenSSH
Version: 3.8p1
Platform: HPPA
OS/Version: HP-UX
Status: NEW
Severity: major
Priority: P2
Component: ssh
AssignedTo: openssh-bugs@mindrot.org
ReportedBy: peter.kielbasiewicz@philips.com
My compilation of openssh 3.7.1p2 and 3.8p1 can not authenticate from HPUX 10.20
via rsa2 or dsa public key.
The sshd daemon side works OK. I can use public key authentication from Linux or
Windows TO HPUX without problems.
I am using rsa2 keys and the keys as well as the access rights of my directory
structure are ok. I can connect to the sshd on HPUX from other platforms with my
key pair using public key authentication without problems.
When I try ssh FROM HPUX to other hosts or even to myself sshd always asks
for a password.
It seems that the ssh client skips the public key authentication step as can be
seen from the debug output below.
The openssh version 3.6.1p1 does not show the described effect, i.e. I can
connect from HP-UX using my rsa2 public key authentication without problems.
As HP-UX does not support PAM I did not use the with-pam flag for compilation.
The compile flags were the same for all revisions and as follows:
CFLAGS="+O3 +ESlit +Optrs_strongly_typed
-I$SRC/tcp_wrappers/$TCP_WRAPver" \
LDFLAGS="-L$SRC/tcp_wrappers/$TCP_WRAPver" \
./configure --prefix=/opt/$VER \
--sysconfdir=/etc/opt/openssh \
--with-default-path="/usr/bin:/usr/sbin:/opt/$VER/bin" \
--with-ssl-dir=$SRC/openssl/$OPENSSLver \
--with-zlib=$SRC/zlib/$ZLIBver \
--with-prngd-socket=/var/run/egd-pool \
--with-tcp-wrappers \
--without-shadow \
--disable-suid-ssh
I compiled against
TCP_WRAPver=tcp_wrappers_7.6-ipv6.3
OPENSSLver=openssl-0.9.7c
ZLIBver=zlib-1.2.1
PRNGDver=prngd-0.9.27
Parts from debug output:
debug1: identity file /home/peterk/.ssh/identity type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/peterk/.ssh/id_rsa type 1
debug1: identity file /home/peterk/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.8p1
...
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.