| Stefan Nicolin 2004-01-20, 5:42 am |
| SOLVED:
I am replying to my own post in case someone else will have this problem
too...
It's just that easy - I changed the hosts ip after creating the keys...
Connecting to 192.158.0.3 with a key created for a host with the ip
192.168.0.1 will produce this error.
Stefan
On Mon, 8 Dec 2003 22:21:10 +0100
Stefan Nicolin <root@nicolinux.de> wrote:
quote:
> Hi,
>
> suddenly I can not longer connect to my openbsdbox using private/public
> keys authentification. I have no clue what this is about, maybe someone
> with more experience can give me a hint:
>
> On the clientside (linux OpenSSH_3.7.1p2):
>
> # ssh -v -lroot -i .ssh/foo 192.168.0.3
> OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep 2003
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Connecting to 192.168.0.3 [192.168.0.3] port 22.
> debug1: Connection established.
> buffer_append_space: len 1474560 not supported
> debug1: Calling cleanup 0x8065d60(0x0)
>
> On the server side (OpenBSD 3.4 latest patches applied):
>
> # sshd -d -D -f /etc/ssh/sshd_config_test
>
> debug1: sshd version OpenSSH_3.7.1
> debug1: read PEM private key done: type RSA
> debug1: private host key: #0 type 1 RSA
> debug1: read PEM private key done: type DSA
> debug1: private host key: #1 type 2 DSA
> debug1: Bind to port 22 on 192.168.0.3.
> Server listening on 192.168.0.3 port 22.
> debug1: Server will not fork when running in debugging mode.
> Connection from 192.168.0.10 port 32812
> Did not receive identification string from 192.168.0.10
> debug1: Calling cleanup 0x1c01edbc(0x0)
>
> This must be Openbsd specific. I tried the same with FreeBSD 5.1
> (with both - server and client role) and it works.
>
> Here is my sshd_config_test:
> --------------------------------------------------------------
> Port 22
> Protocol 2
> ListenAddress 192.168.0.3
> #ListenAddress ::
>
> AllowUsers admin root
>
> # HostKey for protocol version 1
> #HostKey /etc/ssh/ssh_host_key
> # HostKeys for protocol version 2
> #HostKey /etc/ssh/ssh_host_rsa_key
> #HostKey /etc/ssh/ssh_host_dsa_key
>
> # Lifetime and size of ephemeral version 1 server key
> #KeyRegenerationInterval 1h
> #ServerKeyBits 768
>
> # Logging
> #obsoletes QuietMode and FascistLogging
> #SyslogFacility AUTH
> #LogLevel INFO
>
> # Authentication:
>
> #LoginGraceTime 2m
> PermitRootLogin yes
> StrictModes yes
>
> #RSAAuthentication yes
> PubkeyAuthentication yes
> #AuthorizedKeysFile .ssh/authorized_keys
>
> # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
> #RhostsRSAAuthentication no
> # similar for protocol version 2
> #HostbasedAuthentication no
> # Change to yes if you don't trust ~/.ssh/known_hosts for
> # RhostsRSAAuthentication and HostbasedAuthentication
> #IgnoreUserKnownHosts no
> # Don't read the user's ~/.rhosts and ~/.shosts files
> IgnoreRhosts yes
> # To disable tunneled clear text passwords, change to no here!
> #PasswordAuthentication yes
> #PermitEmptyPasswords no
>
> # Change to no to disable s/key passwords
> #ChallengeResponseAuthentication yes
>
> # Kerberos options
> #KerberosAuthentication no
> #KerberosOrLocalPasswd yes
> #KerberosTicketCleanup yes
>
> # GSSAPI options
> #GSSAPIAuthentication no
> #GSSAPICleanupCreds yes
>
> #AllowTcpForwarding yes
> #GatewayPorts no
> X11Forwarding no
> #X11DisplayOffset 10
> #X11UseLocalhost yes
> #PrintMotd yes
> #PrintLastLog yes
> #KeepAlive yes
> #UseLogin no
> #UsePrivilegeSeparation yes
> #PermitUserEnvironment no
> #Compression yes
> #ClientAliveInterval 0
> #ClientAliveCountMax 3
> #UseDNS yes
> #PidFile /var/run/sshd.pid
> MaxStartups 5
>
> # no default banner path
> #Banner /some/path
>
> # override default of no subsystems
> Subsystem sftp /usr/libexec/sftp-server
> --------------------------------------------------------------
>
> Thanks for your ideas.
>
> Stefan
|