UNIX for Dummies Questions & Answers

I am using OpenSSH on my sun servers.

There is another suite of sun servers attempting to SSH into my machines.

I am running ssh -vv:

OpenSSH_4.4p1, OpenSSL 0.9.8d 28 Sep 2006

the other guy is running the sun version of ssh (i don't know what/if any differences there are between the two)

the other guy is running SSHd version 1.8 and he says my sshd version is 1.74.

my question is:

Is there a known incompatibility between our two versions? Is there any reason why he would not be able to connect to my box?

background:
it is not a network issue as we have connectivity, and our respective firewalls are open on the correct ports with correct IP listings. and we have tracked the session between our two boxes.

when he attempts to connect, he does not get prompted for a user name and pass, which is an enabled authentication method on my box.


any and all help is appreciated.

THANKS!

What error do you get?

gimme a few min, i will get that for you, gotta ask the other guy.

Ok, sorry for the delay, took awhile to get to the other guy.

here is the error he gets:

OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6g 9 Aug 2002
Debug1: Reading configureation data /usr/local/etc/ssh_config
Debug2: ssh_connect: needpriv 0
Debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port xx
Debug1: Connection Established.
Debug2: key_type_from_name: unknown key type '1024'
Debug1: identity file /export/home/sysadmin/.ssh/identity type -1
Debug2: key-type_from_name: unknown key type '----begin'
Debug1: identity file /export/home/sysadmin/.ssh/id_rsa type 1
Debug2: key_type_from_name: unknown key type '----begin'
Debug1: identity file /export/home/sysadmin/.ssh/id_dsa type 2
Ssh_exchange_identification: Conneciton closed by remote host
Debug1: Calling cleanup 0x3c0cc(0x0)


Ok, we already know that the cause of the unknown keytype '----begin' is because the prefixs we have in our keys, if we remove them, we don't get the error. (not sure y they are there in the first place??)

Also we know that the unknown 1024 is because we don't have an identity file for the user. (no problem for us, as the identity is only used for ssh protocol 1, which we cannot use)

We believe that we just need to get our rsa and dsa keys to match (copy mine into his, or vice versa) to get it to work.

anyone else have some imput on this??

thanks again.

Hi,
I might be totally wrong but as far as I know, you should not need a key at all except you need public key authentication - eg for running automated scripts?
The known_hosts entry should be made automatically once you confirm your connection when you try to connect first and the server is not known by your system?
In our environments we need to connect between different kinds of authentication (nis + and boks) - so we need access routes defined on our authentication servers - but no keys at all. Maybe you have a similar environment?

Rgds
zxmaus

From the debugging output it looks like you made a mistake when copying the public key(s). Usually, public keys that OpenSSH understands start with something like "ssh-rsa AAAA.....", while yours look like they've been encoded (UUencode/Base64/...)

What I find somewhat strange is that it doesn't fall back to password authentication. Are you sure that this is enabled for the server and the user has a valid password?

you guys were right, i was giving them the wrong key info. I was able to successfully SSH into the system the other guy is trying to get to, from another systems i have. and like zxmaus said, it copied the key into the known_hosts file (which i did not know about).

So i copied that key and sent it to the other guy, unfortunately he had already left work for the day, so hopefully today we'll have success.

I still don't know about the password authentication, i thought it was supposed to work just like you think, if RSA fails, password prompt kicks in. and i did double check, it is enabled and i meade sure he had the correct credentials, (although he hasn't got to the password part yet )

well, hopefully this key works.

will post my success or failure today.