| View previous topic :: View next topic |
| Author |
Message |
RobinVossen
Tux's lil' helper
Joined: 05 Nov 2007
Posts: 132
|
 Posted: Wed Dec 12, 2007 12:30 pm Post subject: ssh is slow? How to speedup? |
 |
|
Hello, you all helped me a lot already. This is really a great comunity and Id wish I could help you guys aswell.
But ok, enough for the but kissing now lets get down the Business..
My SSH is terible slow and I have no idea why.
Only the connecting is the problem it takes like 2~3 minutes.. And well the box is 0.5milisec away for eachother
I tryed diffrent Chippers and well I just cant find a way to really speed things up.
I have the USE-Flags: pam and tcpd and Id like to know what the flags X, chroot and skey do. But thats not my current question.
I just really like to know how to speed it up. Or WHY it is that slow..
Ping to the box takes: 0.070/0.075/0.100/0.015 ms so as you see thats low..
The Box (ssh server) has 501 MB RAM free and has minimal tasks running::
htop gives me:
| Code: |
init [3]
/usr/sbin/sshd
vzctl: pts/0
-bash
htop
|
So, well what can be the problem?
How to fix?
Cheers,
Robin
_________________
Server Unplugged! |
|
| Back to top |
|
 |
JeliJami
Veteran
Joined: 17 Jan 2006
Posts: 1086
Location: Belgium
|
| Posted: Wed Dec 12, 2007 1:15 pm Post subject: |
|
|
Try to find out where the ssh connections stalls; use the -v option:
| Code: | # man ssh
..
-v Verbose mode. Causes ssh to print debugging messages about its
progress. This is helpful in debugging connection, authentica-
tion, and configuration problems. Multiple -v options increase
the verbosity. The maximum is 3.
..
|
Some possibilities:
Disable DNS lookup on the ssh server
| Code: | # cat /etc/ssh/sshd_config
..
UseDNS no
.. |
If you don't use ldap, make sure GSS is disabled, in both server config and client config:
| Code: | # cat /etc/ssh/ssh(d)_config
..
GSSAPIAuthentication no
..
|
Maybe you can disable PAM altogether?
| Code: | # cat /etc/ssh/sshd_config
..
UsePAM no
.. |
_________________
Unanswered Post Initiative | Search | FAQ
Former username: davjel |
|
| Back to top |
|
|
RobinVossen
Tux's lil' helper
Joined: 05 Nov 2007
Posts: 132
|
| Posted: Wed Dec 12, 2007 1:24 pm Post subject: |
|
|
Thanks for the -v Flag I found that it only hangs at
| Code: | | SSH2_MSG_SERVICE_ACCEPT received |
for Quite a while..
I can disable indeed since I dont use that..
I did disable all 
But still I get that. Ill look into that.
Thanks a lot ALREADY.
Cheers,
Robin
_________________
Server Unplugged! |
|
| Back to top |
|
|
JeliJami
Veteran
Joined: 17 Jan 2006
Posts: 1086
Location: Belgium
|
| Posted: Wed Dec 12, 2007 1:29 pm Post subject: |
|
|
| RobinVossen wrote: | Thanks for the -v Flag I found that it only hangs at
| Code: | | SSH2_MSG_SERVICE_ACCEPT received |
for Quite a while..
|
Do you mean it takes a long time to print that message or do you mean after that message, it takes a long time to get to the following message?
In the latter case, what is the next message in the -v output?
_________________
Unanswered Post Initiative | Search | FAQ
Former username: davjel |
|
| Back to top |
|
|
RobinVossen
Tux's lil' helper
Joined: 05 Nov 2007
Posts: 132
|
| Posted: Wed Dec 12, 2007 1:41 pm Post subject: |
|
|
I see that msg as the last msg.
The next msg is:
- Authentications that can continue: publickey,password,keyboard-interactive
after that I get that he picks publickey and that he logs in fine
Cheers,
Robin
_________________
Server Unplugged! |
|
| Back to top |
|
|
think4urs11
Bodhisattva
Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
|
| Posted: Wed Dec 12, 2007 7:11 pm Post subject: |
|
|
| RobinVossen wrote: | My SSH is terible slow and I have no idea why.
Only the connecting is the problem it takes like 2~3 minutes.. |
reverse dns issue (or the box is *really* old+slow)
see e.g. https://forums.gentoo.org/viewtopic-p-3187949.html#3187949
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
| Back to top |
|
|
RobinVossen
Tux's lil' helper
Joined: 05 Nov 2007
Posts: 132
|
| Posted: Thu Dec 13, 2007 8:29 am Post subject: |
|
|
Well, I did check it out now.
First SSH just DIED when I rebooted.
Now I updated both and well the config files are still fine but he wants to have a Password that I dont know..
So, I HOPE that DNS thing works but I aint sure.
And the box is not really that old..
Cheers,
Robin
Edit/Add:
The servers /etc/ssh/sshd_config file has the following lines:
| Code: | Protocol 2
PremitRootLogin no
MaxAuthTries 6
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeyFile .ssh/authorized_keys
PasswordAuthentication no
UsePAM no
UseDNS no
Subsystem sftp /usr/lib/misc/sftp-server
X11Forwarding no |
The Clients /etc/ssh/ssh_config file has the following lines:
| Code: | RSAAuthentication yes
IdentityFile ~/.ssh/id_dsa |
The clients ~/.ssh/id_dsa.pub file is like this:
| Code: | | ssh-dss AAAAB3<way more>lnCjg= _sxb@1 |
The servers ~/.ssh/authorized_keys file is like this:
| Code: | | ssh-dss AAAAB3<way more>lnCjg= _sxb@1 |
_________________
Server Unplugged! |
|
| Back to top |
|
|
JeliJami
Veteran
Joined: 17 Jan 2006
Posts: 1086
Location: Belgium
|
| Posted: Thu Dec 13, 2007 9:43 am Post subject: |
|
|
should be solved with
or am i missing something?
_________________
Unanswered Post Initiative | Search | FAQ
Former username: davjel |
|
| Back to top |
|
|
RobinVossen
Tux's lil' helper
Joined: 05 Nov 2007
Posts: 132
|
| Posted: Thu Dec 13, 2007 10:38 am Post subject: |
|
|
well it might that that should solve the ReverseDNS problem.
But well I cant connect now what so ever..
The Authen Keys is ignored now for some reason.. :S
_________________
Server Unplugged! |
|
| Back to top |
|
|
RobinVossen
Tux's lil' helper
Joined: 05 Nov 2007
Posts: 132
|
| Posted: Fri Dec 14, 2007 7:57 am Post subject: maybe this is needed. |
|
|
Well after looking in my files. I tryed TONS of things.
They the newest versions right now. So its not a old bug or something.
everything is updated and well It still doesnt bloody work..
I think this info is the Important info for you all to be able to get it back up.. ^^
| Code: |
The servers /etc/ssh/sshd_config file has the following lines:
Protocol 2
PremitRootLogin no
MaxAuthTries 6
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeyFile .ssh/authorized_keys
PasswordAuthentication no
UsePAM no
UseDNS no
Subsystem sftp /usr/lib/misc/sftp-server
X11Forwarding no
The Clients /etc/ssh/ssh_config file has the following lines:
RSAAuthentication yes
IdentityFile ~/.ssh/id_dsa
The clients ~/.ssh/id_dsa.pub file is like this:
ssh-dss AAAAB3<way more>lnCjg= john@localhost
The servers ~/.ssh/authorized_keys file is like this:
ssh-dss AAAAB3<way more>lnCjg= john@localhost
Those are EXACT copys.. I did copy them with cp
|
Cheers,
Robin
_________________
Server Unplugged! |
|
| Back to top |
|
|
m.b.j.
Guru
Joined: 12 Sep 2003
Posts: 407
Location: Germany (Essen)
|
| Posted: Sat Dec 15, 2007 9:25 pm Post subject: |
|
|
Try to strace the client and or the server. If a system call hangs to long you will see it.
_________________
root@mbj # echo "sys-pizza/calzone -tunfish" >> /etc/paludis/use.conf
root@mbj # paludis -i calzone --dl-blocks discard |
|
| Back to top |
|
|
RobinVossen
Tux's lil' helper
Joined: 05 Nov 2007
Posts: 132
|
| Posted: Mon Dec 17, 2007 8:49 am Post subject: |
|
|
I can ping and stuff.
So, they can see eachother.
But well there communication is kinda wrong...
its like one is a German guy and one a France Guy... (or Chinese and Dutch or what ever)
anyhow.
The config files:
sshd on the server:
| Code: |
# $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768
# Logging
# obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
MaxAuthTries 6
#RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication yes
# similar for protocol version 2
HostbasedAuthentication yes
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#I chaned the above from yes to no
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
UsePAM yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
# no default banner path
#Banner /some/path
# override default of no subsystems
Subsystem sftp /usr/lib/misc/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
X11Forwarding yes
# AllowTcpForwarding no
# ForceCommand cvs server
|
and well
The error when connect is:
| Code: |
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.1.1' is known and matches the RSA host key.
debug1: Found key in /home/john/.ssh/known_hosts:1
debug2: bits set: 516/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/john/.ssh/id_dsa.pub (0x809bb68)
debug1: Authentications that can continue: publickey,hostbased
debug1: Next authentication method: publickey
debug1: Offering public key: /home/john/.ssh/id_dsa.pub
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-dss blen 434
debug2: input_userauth_pk_ok: fp 8d:7a:a8:c9:a5:25:e8:e6:0c:7b:a5:b9:43:da:23:49
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/home/john/.ssh/id_dsa.pub':
|
But I pressed "Enter" at that part so I tryed that there and then I get Access Denied..!
_________________
Server Unplugged! |
|
| Back to top |
|
|
JeliJami
Veteran
Joined: 17 Jan 2006
Posts: 1086
Location: Belgium
|
| Posted: Mon Dec 17, 2007 9:16 am Post subject: |
|
|
| RobinVossen wrote: | ...
| Code: |
...
debug1: Offering public key: /home/john/.ssh/id_dsa.pub
...
|
But I pressed "Enter" at that part so I tryed that there and then I get Access Denied..! |
That should say
| Code: |
...
debug1: Offering public key: /home/john/.ssh/id_dsa
...
|
You should offer the private part of your key!
I think you have things mixed up with SSH keys. But you're not the first, and you won't be the last 
Put your public key part on the server in /home/john/.ssh/authorized_keys; and connect with your private key part on the client:
| Code: | | ssh -i /home/john/.ssh/id_dsa serverip |
_________________
Unanswered Post Initiative | Search | FAQ
Former username: davjel |
|
| Back to top |
|
|
RobinVossen
Tux's lil' helper
Joined: 05 Nov 2007
Posts: 132
|
| Posted: Mon Dec 17, 2007 10:52 am Post subject: |
|
|
THANKS!!
Though it didn't help me a bit.. But I think I do something wrong now
I get:
| Code: |
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client blowfish-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server blowfish-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 136/256
debug2: bits set: 537/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.1.1' is known and matches the RSA host key.
debug1: Found key in /home/john/.ssh/known_hosts:1
debug2: bits set: 526/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/john/.ssh/id_dsa (0x809bb88)
debug2: key: /home/john/.ssh/id_dsa.pub (0x809bb70)
debug1: Authentications that can continue: publickey,hostbased
debug1: Next authentication method: publickey
debug1: Offering public key: /home/john/.ssh/id_dsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,hostbased
debug1: Offering public key: /home/john/.ssh/id_dsa.pub
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,hostbased
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,hostbased).
|
I connect using:
| Code: | | john@localhost / $ ssh -2 -c blowfish -X -i /home/john/.ssh/id_dsa -vv _sxb@192.168.1.1 |
_________________
Server Unplugged! |
|
| Back to top |
|
|
JeliJami
Veteran
Joined: 17 Jan 2006
Posts: 1086
Location: Belgium
|
| Posted: Mon Dec 17, 2007 11:12 am Post subject: |
|
|
what are the file permissions on the server?
| Code: | $ ls -ld /home/_sxb/.ssh/
$ ls -l /home/_sxb/.ssh/
|
_________________
Unanswered Post Initiative | Search | FAQ
Former username: davjel |
|
| Back to top |
|
|
RobinVossen
Tux's lil' helper
Joined: 05 Nov 2007
Posts: 132
|
| Posted: Mon Dec 17, 2007 12:25 pm Post subject: |
|
|
Well the map is the EXACT same map as on the server.. (Synced)
And the owners are right (both the real using since they have the same UID (aint that Smart )
| Code: |
appserv / # ls -ld /home/_sxb/.ssh && ls -l /home/_sxb/.ssh/
drwxr-xr-x 2 _sxb _sxb 4096 Dec 17 15:30 /home/_sxb/.ssh
total 16
-rw-r--r-- 1 _sxb _sxb 604 Dec 17 15:27 authorized_hosts
-rw------- 1 _sxb _sxb 668 Dec 17 15:27 id_dsa
-rw-r--r-- 1 _sxb _sxb 604 Dec 17 15:27 id_dsa.pub
-rw-r--r-- 1 _sxb _sxb 393 Dec 17 15:30 known_hosts
|
I hope this is usefull ^^
_________________
Server Unplugged! |
|
| Back to top |
|
|
JeliJami
Veteran
Joined: 17 Jan 2006
Posts: 1086
Location: Belgium
|
| Posted: Mon Dec 17, 2007 12:56 pm Post subject: |
|
|
on the client side, you should have
| Code: | $ ls -ld /home/_sxb/.ssh
drwx------ 3 _sxb _sxb 4096 Dec 17 15:30 /home/_sxb/.ssh
|
and on the server side, you should have
| Code: | $ ls -ld /home/_sxb/.ssh
drwx------ 3 _sxb _sxb 4096 Dec 17 15:30 /home/_sxb/.ssh
$ ls -l /home/_sxb/.ssh
-rw-r--r-- 1 _sxb _sxb 604 Dec 17 15:27 authorized_keys
..
|
To summarize:
- make the .ssh directories user-only accessible
- change authorized_hosts to authorized_keys
_________________
Unanswered Post Initiative | Search | FAQ
Former username: davjel |
|
| Back to top |
|
|
RobinVossen
Tux's lil' helper
Joined: 05 Nov 2007
Posts: 132
|
| Posted: Mon Dec 17, 2007 1:41 pm Post subject: |
|
|
Dude!, THANKS! (You really take time and have patience for me.. You are really great )
Well I did what you said..
Now I get:
| Code: |
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/john/.ssh/id_dsa.pub (0x809bb68)
debug1: Authentications that can continue: publickey,hostbased
debug1: Next authentication method: publickey
debug1: Offering public key: /home/john/.ssh/id_dsa.pub
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-dss blen 433
debug2: input_userauth_pk_ok: fp 6d:49:bf:26:83:34:a5:15:1d:9d:f6:02:17:c4:dd:35
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/home/john/.ssh/id_dsa.pub' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /home/john/.ssh/id_dsa.pub
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,hostbased).
|
So, I thought Id change the /home/john/.ssh/id_dsa.pub files rights to 600 and guess when I get:
| Code: |
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/john/.ssh/id_dsa.pub (0x809bb68)
debug1: Authentications that can continue: publickey,hostbased
debug1: Next authentication method: publickey
debug1: Offering public key: /home/john/.ssh/id_dsa.pub
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-dss blen 433
debug2: input_userauth_pk_ok: fp 6d:49:bf:26:83:34:a5:15:1d:9d:f6:02:17:c4:dd:35
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/home/john/.ssh/id_dsa.pub':
debug2: no passphrase given, try next key
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,hostbased).
|
I really think I do something really Stupid wrong..
I try to connect using this line:
| Code: | [color=green]john@localhost[/color] [color=darkblue]/ $[/color] ssh -2 -c blowfish -X -vv _sxb@192.168.1.1
|
ps. I am SO happy I can copy paste now finally!
_________________
Server Unplugged! |
|
| Back to top |
|
|
JeliJami
Veteran
Joined: 17 Jan 2006
Posts: 1086
Location: Belgium
|
| Posted: Mon Dec 17, 2007 5:03 pm Post subject: |
|
|
| RobinVossen wrote: | | Dude!, THANKS! (You really take time and have patience for me.. You are really great ) |
thanks
| Quote: |
Well I did what you said..
Now I get:
So, I thought Id change the /home/john/.ssh/id_dsa.pub files rights to 600 and guess when I get:
| Code: |
...
debug2: key: /home/john/.ssh/id_dsa.pub (0x809bb68)
debug1: Authentications that can continue: publickey,hostbased
debug1: Next authentication method: publickey
debug1: Offering public key: /home/john/.ssh/id_dsa.pub
...
|
|
You are still using the public part of the key, instead of the private part!
| Quote: |
I really think I do something really Stupid wrong..
I try to connect using this line:
| Code: | [color=green]john@localhost[/color] [color=darkblue]/ $[/color] ssh -2 -c blowfish -X -vv _sxb@192.168.1.1
|
|
try to specify the private part explicitly:
| Code: | | john@localhost/ $ ssh -2 -c blowfish -X -i /home/john/.ssh/id_dsa |
_________________
Unanswered Post Initiative | Search | FAQ
Former username: davjel |
|
| Back to top |
|
|
tarpman
Veteran
Joined: 04 Nov 2004
Posts: 1083
Location: Victoria, BC, Canada
|
| Posted: Tue Dec 18, 2007 2:51 am Post subject: |
|
|
JeliJami, what? Why would you send out the private part of your key? That's the whole point of having public and private parts - the public part you give out, the private part you keep to yourself. Offering id_dsa.pub is the correct behaviour.
_________________
Saving the world, one kilobyte at a time. |
|
| Back to top |
|
|
RobinVossen
Tux's lil' helper
Joined: 05 Nov 2007
Posts: 132
|
| Posted: Tue Dec 18, 2007 8:01 am Post subject: |
|
|
Eureka!
| Code: |
debug1: Server accepts key: pkalg ssh-dss blen 433
debug2: input_userauth_pk_ok: fp 45:05:f7:5f:75:d5:5f:6a:8f:4e:12:b0:33:cf:2d:58
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 0
debug2: channel 0: request shell confirm 0
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 2097152
Last login: Wed Dec 12 19:38:52 2007 from 192.168.1.11
-bash: /dev/null: Permission denied
-bash: /dev/null: Permission denied
_sxb@1 ~ $
|
I logged in Fine =D
Me is Happy ^^
Anyhow, is there a way to apply that in the sshdConfig? Since I dont really feel like changing ALL the links ^^
Cheers,
Me is Happy ^^ (Me know bad English (it is I am Happy and I know its bad English ))
_________________
Server Unplugged! |
|
| Back to top |
|
|
JeliJami
Veteran
Joined: 17 Jan 2006
Posts: 1086
Location: Belgium
|
| Posted: Tue Dec 18, 2007 9:08 am Post subject: |
|
|
| tarpman wrote: | | JeliJami, what? Why would you send out the private part of your key? That's the whole point of having public and private parts - the public part you give out, the private part you keep to yourself. Offering id_dsa.pub is the correct behaviour. |
That command does not send out your private part of your key:
| Code: | man ssh
..
-i identity_file
Selects a file from which the identity (private key) for RSA or
DSA authentication is read. The default is ~/.ssh/identity for
protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for pro-
tocol version 2. Identity files may also be specified on a per-
host basis in the configuration file. It is possible to have
multiple -i options (and multiple identities specified in config-
uration files).
|
The ssh client needs the private part (which stays on the client) to validate the passphrase, if present. Of course, the public part (same filename with .pub extension) will be used to negotiate the SSH session, and should be available on the server.
_________________
Unanswered Post Initiative | Search | FAQ
Former username: davjel |
|
| Back to top |
|
|
RobinVossen
Tux's lil' helper
Joined: 05 Nov 2007
Posts: 132
|
| Posted: Tue Dec 18, 2007 9:48 am Post subject: |
|
|
JeliJami, can I repay you in ANY way? ^^
Everything works fine now
(ps. If I want to add another Client that can connect to the Box. I should add the key in Authorized_keys right? (On the bottom?))
_________________
Server Unplugged! |
|
| Back to top |
|
|
JeliJami
Veteran
Joined: 17 Jan 2006
Posts: 1086
Location: Belgium
|
| Posted: Tue Dec 18, 2007 10:05 am Post subject: |
|
|
| RobinVossen wrote: | JeliJami, can I repay you in ANY way? ^^
Everything works fine now
(ps. If I want to add another Client that can connect to the Box. I should add the key in Authorized_keys right? (On the bottom?)) |
Yes, append the public part to authorized_keys on the server. That way someone else with a different key can login as the same user (_sxb).
_________________
Unanswered Post Initiative | Search | FAQ
Former username: davjel |
|
| Back to top |
|
|
|
Networking & Security
