Date: Fri, 22 Jun 2001 16:10:50 -0700 From: "Robert L Sowders" <rsowders@usgs.gov> To: "Kevin Oberman" <oberman@es.net> Cc: Martin McCormick <martin@dc.cis.okstate.edu>, owner-freebsd-questions@FreeBSD.ORG, questions@FreeBSD.ORG Subject: Re: Secure Shell ssh-1.2.27 is Almost Right but not quite. Message-ID: <OF62A0880F.448ED426-ON88256A73.007F32E2@wr.usgs.gov>
next in thread | raw e-mail | index | archive | help
Have you tried uncommenting or adding the switch in /etc/make.conf
#MAKE_IDEA= YES # IDEA (128 bit symmetric encryption)
Don't know if that's going to help you, but maybe.
"Kevin Oberman" <oberman@es.net>
Sent by: owner-freebsd-questions@FreeBSD.ORG
06/21/2001 10:51 AM
To: Martin McCormick <martin@dc.cis.okstate.edu>
cc: questions@FreeBSD.ORG
Subject: Re: Secure Shell ssh-1.2.27 is Almost Right but not quite.
The original version of ssh (now at 1.2.27 or so) defaults to
IDEA. IDEA is a patented algorithm, so is not used in OpenSSH. Your
two good choices are 3DES and Blowfish. You can edit your ssh_config
file to change the default with the line:
Cipher 3des
The other problem is probably a configuration problem, too. OpenSSH in
FreeBSD has VERY conservative defaults. For example, the default is to
not forward X or the authentication agent. Try entering:
RhostsAuthentication yes
to your config. Do NOT assume that the values in this file really are
defaults!
Finally, make sure the remote server is configured to allow
rhost/shosts access. I don't think that this is the default.
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman@es.net Phone: +1
510 486-8634
> Date: Thu, 21 Jun 2001 11:55:53 -0500
> From: Martin McCormick <martin@dc.cis.okstate.edu>
> Sender: owner-freebsd-questions@FreeBSD.ORG
>
> I wrote to this group on the thirteenth of June and
> asked about installing ssh-1.2.27. I was informed that this was
> not necessary as there is a good port of ssh and sshd all ready
> to go in freebsd. After getting past that little bit of
> ignorance on my part, I found that to be true and also that the
> ssh version supports both the ssh-1 and ssh-2 protocols. In
> other words, it is really neat.
>
> I now have a .shosts file in my home directory on the
> freebsd system and /etc/ssh/shosts.equiv identifying the remote
> system I am communicating with.
>
> I can go from the remote system to the freebsd box
> without a password after installing the key in known_hosts, of
> course, but I still can't ssh from the freebsd box to anywhere
> else without having to enter a password. Here is the output from
> the ssh -v command. I hope somebody might find this familiar as
> I have stared at it so long, I may be missing something obvious.
> Debug output follows:
>
> SSH Version OpenSSH_2.3.0 green@FreeBSD.org 20010321, protocol versions
1.5/2.0.
> Compiled with SSL (0x0090600f).
> debug: Reading configuration data /etc/ssh/ssh_config
> debug: ssh_connect: getuid 1234 geteuid 1234 anon 1
> debug: Connecting to remote.system.okstate.edu [139.78.x.x] port 22.
> debug: Connection established.
> debug: Remote protocol version 1.5, remote software version 1.2.27
> debug: no match: 1.2.27
> debug: Local version string SSH-1.5-OpenSSH_2.3.0 green@FreeBSD.org
20010321
> debug: Waiting for server public key.
> debug: Received server public key (768 bits) and host key (1024 bits).
> debug: Host 'remote.system.okstate.edu' is known and matches the RSA
host key.
> debug: Encryption type: 3des
> debug: Sent encrypted session key.
> debug: Installing crc compensation attack detector.
> debug: Received encrypted confirmation.
>
>
> -------------
>
> Here is where it seems to not be quite right.
>
>
> --------
> debug: Doing password authentication.
>
>
> At that point, one gets a login which works fine after
> entering the password.
>
> The ssh-1.2.27 systems use "idea" as the encryption
> technique when they talk to each other instead of 3des but I am
> not sure if that matters so long as both systems agree on the
> same type.
>
> Martin McCormick WB5AGZ Stillwater, OK
> OSU Center for Computing and Information Services Data Communications
Group
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OF62A0880F.448ED426-ON88256A73.007F32E2>