SecurityFocus

keys not recognized in Unixware --> RedHat Connection Sep 25 2008 08:51PM
COHEN, STEVEN M (ATTSI) (sc1478 att com) (2 replies)

I am trying to connect via ssh from a box running UnixWare 5 7.1.3 which has
OpenSSH installed at version OpenSSH_5.0p1, OpenSSL 0.9.8g 19 Oct 2007 to a
box running
Linux 2.6.9-78.0.1.EL #1 Tue Jul 22 17:50:01 EDT 2008 which has OpenSSH
installed at version OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003.

I find that the keys generated on the Unixware box are not accepted on the
Linux box. This authentication always fails and I am forced to type the
passphrase in every time.

I did the following (using non-standard key name since I did not want to
mess up existing connectivity):

$ ssh-keygen -t dsa -f id_dsa2
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_dsa2.
Your public key has been saved in id_dsa2.pub.
The key fingerprint is: ...

Then, I copied id_dsa2.pub to the Linux box.

and did the following on that box

$ mv authorized_keys authorized_keys.bak
$ cp id_dsa2.pub authorized_keys

Then, back on unixware box, I do the following

$ ssh -v -i id_dsa2 ip2
OpenSSH_5.0p1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to ip2 [xx.xx.xx.xx] port 22.
debug1: Connection established.
debug1: identity file id_dsa2 type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ip2' is known and matches the RSA host key.
debug1: Found key in /home/myusername/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: id_dsa2
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key 'id_dsa2':
debug1: No more authentication methods to try.
Permission denied (publickey).

If I had entered my passphrase I would have gotten in.

Can someone explain why this happens?

Steve Cohen
Technical Architect
AT&T Relay Services

0? *?H?÷
?0?10 +0? *?H?÷
?
c0?0??
x[µÒ$ó0
*?H?÷
0|1"0 *?H?÷
rm-pkiadmin (at) att (dot) com1 [email concealed]0 UUS10
U
ATT10
UPeople1*0(U!ATT ServicePass Basic Employee CA0
080402203009Z
090402204009Z0r1$0" *?H?÷
sc1478 (at) mwmail.att (dot) com1 [email concealed]0 UUS10
U
ATT10
UPeople10USteven M Cohen:sc14780?0
*?H?÷
0?èî¼L<ûæ`=e¥MVk?ág¥ß¾??6ÐJ"ÄÐÎ6jRNºÉ>d??Üí,Û?ümèTØ6?FT?_È?»8É?<*»¢¬+<Èi§újòF Üê»/9?¾"æªåÕ?ÌÕl?® ??ëÛä¹?»ÙÄx?:?Cy?èd²3£?¨0?¤0U 0U%0+
+0U½¾?@>¤Î½¤6'5?.??0?0£U#?0??øva«³<Ñ#¨gô
ÐË?(g?¡t¤r0p1"0 *?H?÷
rm-pkiadmin (at) att (dot) com1 [email concealed]0 UUS10
U
ATT1
0UCorp1 0UATT ServicePass Root CA?
2g¿`
0L+@0>0<+0?0http://servicepass.att.com/aia/attspbasemp
ca.crt0AU:0806 4 2?0http://servicepass.att.com/crl/attspbasempca.cr
l0 U0sc1478 (at) mwmail.att (dot) com0 [email concealed]
*?H?÷
¬§/·»1j\`Ðû¨y?
§]ºHÒÉ?]:qg½¤ïæ6ñÅÄ2(¢zÏ???0?? ÒÄ1£Ô?îzêÜîXÖ£f*L =»?¨??r!?1ón¡F[C.¢X&¦|Õ¨2M´}õmf?}¹]r4ól?m¨^ÜÁ¶§u0?a0?I !
ñfY½Hù4ÊÍ?0
*?H?÷
0p1"0 *?H?÷
rm-pkiadmin (at) att (dot) com1 [email concealed]0 UUS10
U
ATT1
0UCorp1 0UATT ServicePass Root CA0
020620190620Z
220620191414Z0p1"0 *?H?÷
rm-pkiadmin (at) att (dot) com1 [email concealed]0 UUS10
U
ATT1
0UCorp1 0UATT ServicePass Root CA0?"0
*?H?÷
?0?
?©.oLÞ
Ix?I?bâ4_P<Ý«wg?ºz]ã$+ÓÖóu8¬?¼ÈÅº >o/Héÿì?Z?7¶@;¿$ê?VP&n½f©±ð×¿?3?ìYGµlÛ¹;°«
h^#ç
.UäêPïª¸£å?¹?¾³G#µQ¶lnXh'?çå%Ðç=ëó(Èqf?ãÉþBJ(>Ì¿äÈ´?i =NW?¤9v?g¹zëã?D§?ñNï&¨JôApq?ßþò¾?ÄñúUß
»Núf¤³Üxûìì?{}ö3ßC£[ù¤ãs'¾meùÅOxýÁ{-Ý£ö0ó0UÆ0Uÿ
0ÿ0UÛ"g,ÍLà?òR);7v?%eq?0?U80604 2 0?.http://servicep
ass.att.com/crl/attsprootca.crl0 +?70aU Z0X0V`?H?÷ 0G0E+9http://servicepass.att.com/policy/attsprootca/defaul
t.asp0
*?H?÷
?
°7Ü?_Qôñ©²øÊ«Ò#¯Ô?Ó¦=¹??ItüÕ$«¹åTc¡?MvÖe$`¯xÀéÇ;¼/¾l??<?Å?bè²<
Òh`¾x,CÎ#h¬À£ñÑ°?T¨FaN.0'ôAÅòè?Eî[ýÛË§¥¥)¤N^ü
¸'Ó$ùÒÃÖ?"Xh.ù}®'ÖÄÝÃ~ÄÏ¤*),ò¹Ë?ag??³Ñ´X9Xh?Ï0]ÕÅ??ÇÄ?`:öp?º98
®^ca÷íÔ@??üþþÆö¢"I ¡~øð??åÁH
Cg?¶Ë?¡{òÉÉÏ>þ?&HAEq?0?ß0?Ç
2g¿`
0
*?H?÷
0p1"0 *?H?÷
rm-pkiadmin (at) att (dot) com1 [email concealed]0 UUS10
U
ATT1
0UCorp1 0UATT ServicePass Root CA0
060518121549Z
110518122549Z0|1"0 *?H?÷
rm-pkiadmin (at) att (dot) com1 [email concealed]0 UUS10
U
ATT10
UPeople1*0(U!ATT ServicePass Basic Employee CA0?0
*?H?÷
0?áY`égÓKûWµ?J0??,kg÷,à¡À;ùG ü6ÒÕy¤;×À?nówCü?è¦ ?õó§.õ¾??ØÄ2?æ?_î? äõÃ×æFÐN°baÌRÒ|ô9EPFé÷.+P2´'û6år?Ý?ª´?ûx)ûO
ÅÉ]£?ñ0?í0 +?70Uøva«³<Ñ#¨gô
ÐË?(g?0cU \0Z0X`?H?÷ 0I0G+;http://servicepass.att.com/policy/attspbasempca/defa
ult.asp0UÆ0Uÿ0ÿ0©U#¡0??Û"g,ÍLà?òR);7v?%eq
?¡t¤r0p1"0 *?H?÷
rm-pkiadmin (at) att (dot) com1 [email concealed]0 UUS10
U
ATT1
0UCorp1 0UATT ServicePass Root CA?!ñfY½Hù4ÊÍ?0?U80604 2 0?.http://servicepass.att.com/crl/at
tsprootca.crl0J+>0<0:+0?.http://servicepass.att.com/ai
a/attsprootca.crt0
*?H?÷
??ðXÂ\Å7?,;½T?'?Íäp?
?Á=üéùK3! üO?zúÕ[%?g?µ>é" ?¯é¼??ørðù.!®FÕùê¹*ÎPÅ?¨ä?ÖÚÀÿC4?R??1)?¥Ùô8?õ£q_A«]??0
ÏßÄn>ÁúF°xÚ¾¬¦,"lúÜÂ?±X{Hu?5b?ïI?bSË±5µuxÄä½x\?Ê²ÎCÆle.e»?Ýõ???¸êÎr
Ð?büÎe??QÂh?ØB=÷Æ¥t ð0?G¾·;åÏh./`<?Dg0?2`¿|ý³×Ñ1?90?50?0|1"0 *?H?÷
rm-pkiadmin (at) att (dot) com1 [email concealed]0 UUS10
U
ATT10
UPeople1*0(U!ATT ServicePass Basic Employee CA
x[µÒ$ó0 + ?0 *?H?÷
1 *?H?÷
0 *?H?÷
1
080925205154Z0# *?H?÷
1^ µ4T/¡¡ÃnQ¼}ð20g *?H?÷
1Z0X0
*?H?÷
0*?H?÷
?0
*?H?÷
@0+0
*?H?÷
(0+0
*?H?÷
0? +?710?0|1"0 *?H?÷
rm-pkiadmin (at) att (dot) com1 [email concealed]0 UUS10
U
ATT10
UPeople1*0(U!ATT ServicePass Basic Employee CA
x[µÒ$ó0*?H?÷
1 ?0|1"0 *?H?÷
rm-pkiadmin (at) att (dot) com1 [email concealed]0 UUS10
U
ATT10
UPeople1*0(U!ATT ServicePass Basic Employee CA
x[µÒ$ó0
*?H?÷
?3j
c4??öGV³Ë¦p?ô?1jÂ?oõû?ã
Ø#Ú@"?=ï¥Ò6BÔ X¢Gb³¹+½K??cr?ô¬'?ï?ì,¤?&íÐéy2ÞMNðt®øÇCâBÜtTãBþ8Rô<þAµ?PÛÔî
Ç;D« {PÂ©

[ reply ]

Re: keys not recognized in Unixware --> RedHat Connection Sep 26 2008 12:16PM
Greg Wooledge (wooledg eeg ccf org)

Re: keys not recognized in Unixware --> RedHat Connection Sep 26 2008 03:05AM
Dan Nelson (dnelson allantgroup com) (1 replies)

RE: keys not recognized in Unixware --> RedHat Connection Sep 26 2008 01:52PM
COHEN, STEVEN M (ATTSI) (sc1478 att com) (1 replies)

Re: keys not recognized in Unixware --> RedHat Connection Sep 26 2008 05:36PM
Dan Nelson (dnelson allantgroup com)