ssh and dsa keys

Art Edwards edwardsa at icantbelieveimdoingthis.com
Mon Jul 22 22:56:25 UTC 2013


On Mon, Jul 22, 2013 at 11:23:54PM +0100, Avi Greenbury wrote:
> Art Edwards wrote:
> > My front end machine is ignoring my dsa key on the first login attempt. That is,
> > The first time I attempt to login, it requires a password. Once I am logged in,
> > all succeeding attempts access the dsa key. I'm running 12.04.2, and all ssh 
> > traffic is on internal networks.
> 
> Are these successive attempts using the key, or are they using a
> shared socket; how are you determining that they are using the key?
> 
> You can use the -v flag to the SSH client to get more details, more vs
> give more details:
> 
>     ssh -v user at host
> 
> will give you more details as to how its trying to connect, 
> 
>     ssh -vv user at host
> 
> will elaborate on reasons for failure. Could you reply with the
> outputs of those commands if they're not particularly enlightening for
> you, please?
> 
> -- 
> Avi

Here are the two successive logins using the verbose option:

1: Unsuccessful use of dsa key

theory/home/edwardsa>ssh -v buckhill
OpenSSH_6.0p1a, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /usr/local/ossh/etc/ssh_config
debug1: /usr/local/ossh/etc/ssh_config line 20: Applying options for *
debug1: Connecting to buckhill [192.168.1.1] port 22.
debug1: Connection established.
debug1: identity file /home/edwardsa/.ssh/id_rsa type -1
debug1: identity file /home/edwardsa/.ssh/id_rsa-cert type -1
debug1: identity file /home/edwardsa/.ssh/id_dsa type 2
debug1: identity file /home/edwardsa/.ssh/id_dsa-cert type -1
debug1: identity file /home/edwardsa/.ssh/id_ecdsa type -1
debug1: identity file /home/edwardsa/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH_5*
debug1: Remote is NON-HPN aware
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1a
debug1: Miscellaneous failure
No credentials cache found

debug1: Miscellaneous failure
No credentials cache found

debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 96:18:72:8b:6b:11:00:6b:6a:4e:22:11:64:09:b8:6c
debug1: Host 'buckhill' is known and matches the ECDSA host key.
debug1: Found key in /home/edwardsa/.ssh/known_hosts:9
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering DSA public key: /home/edwardsa/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/edwardsa/.ssh/id_rsa
debug1: Trying private key: /home/edwardsa/.ssh/id_ecdsa
debug1: Next authentication method: password
edwardsa at buckhill's password: 
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
edwardsa at buckhill's password: 
debug1: Authentication succeeded (password).
Authenticated to buckhill ([192.168.1.1]:22).
debug1: HPN to Non-HPN Connection
debug1: Final hpn_buffer_size = 131072
debug1: HPN Disabled: 0, HPN Buffer Size: 131072
debug1: channel 0: new [client-session]
debug1: Enabled Dynamic Window Scaling

debug1: Requesting no-more-sessions at openssh.com
debug1: Entering interactive session.
debug1: Requesting X11 forwarding with authentication spoofing.
Welcome to Ubuntu 12.04.2 LTS (GNU/Linux 3.2.0-49-generic x86_64)


> 
> -- 
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users


2. Successful use of dsa key

theory/home/edwardsa>ssh -v buckhill
OpenSSH_6.0p1a, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /usr/local/ossh/etc/ssh_config
debug1: /usr/local/ossh/etc/ssh_config line 20: Applying options for *
debug1: Connecting to buckhill [192.168.1.1] port 22.
debug1: Connection established.
debug1: identity file /home/edwardsa/.ssh/id_rsa type -1
debug1: identity file /home/edwardsa/.ssh/id_rsa-cert type -1
debug1: identity file /home/edwardsa/.ssh/id_dsa type 2
debug1: identity file /home/edwardsa/.ssh/id_dsa-cert type -1
debug1: identity file /home/edwardsa/.ssh/id_ecdsa type -1
debug1: identity file /home/edwardsa/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH_5*
debug1: Remote is NON-HPN aware
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1a
debug1: Miscellaneous failure
No credentials cache found

debug1: Miscellaneous failure
No credentials cache found

debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 96:18:72:8b:6b:11:00:6b:6a:4e:22:11:64:09:b8:6c
debug1: Host 'buckhill' is known and matches the ECDSA host key.
debug1: Found key in /home/edwardsa/.ssh/known_hosts:9
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering DSA public key: /home/edwardsa/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 435
debug1: Authentication succeeded (publickey).
Authenticated to buckhill ([192.168.1.1]:22).
debug1: HPN to Non-HPN Connection
debug1: Final hpn_buffer_size = 131072
debug1: HPN Disabled: 0, HPN Buffer Size: 131072
debug1: channel 0: new [client-session]
debug1: Enabled Dynamic Window Scaling

debug1: Requesting no-more-sessions at openssh.com
debug1: Entering interactive session.
debug1: Requesting X11 forwarding with authentication spoofing.
Welcome to Ubuntu 12.04.2 LTS (GNU/Linux 3.2.0-49-generic x86_64)

It seems that both querry for the key, but only the second uses it successfully.

Art Edwards




More information about the ubuntu-users mailing list