From owner-freebsd-questions@FreeBSD.ORG Thu Sep 28 14:36:45 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BCF1E16A403 for ; Thu, 28 Sep 2006 14:36:45 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from mail3.sea5.speakeasy.net (mail3.sea5.speakeasy.net [69.17.117.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2167F43D7D for ; Thu, 28 Sep 2006 14:36:41 +0000 (GMT) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: (qmail 25582 invoked from network); 28 Sep 2006 14:36:41 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail3.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 28 Sep 2006 14:36:41 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id 8F63A2842C; Thu, 28 Sep 2006 10:36:40 -0400 (EDT) To: Free BSD Questions list References: <20060927123921.GA6760@teddy.fas.com> From: Lowell Gilbert Date: Thu, 28 Sep 2006 10:36:40 -0400 In-Reply-To: <20060927123921.GA6760@teddy.fas.com> (stan's message of "Wed, 27 Sep 2006 08:39:21 -0400") Message-ID: <44wt7o6osn.fsf@be-well.ilk.org> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: Replace worksation, now can't ssh to older machine X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2006 14:36:45 -0000 stan writes: > My trusty lon suffering FreeBSD workstation at work died (hardware), and I > am in the process of replacig it. > > The current iss I have is that I have several older HP-UX achines that I > need to be able to ssh to. I can't remeber exactly how I set these machines > up (it was years agao), but they seem to have some restrictions as to what > machines can ssh to them. I can't sem to get the new FreeBSD machine to be > accepted by them. The are running: > > OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f > > I added the id_rsa.pub and identity.pub lines to the ~/.ssh/authorized_keys > file on one of the HP-UX machines, but when Itry to conect with verbose > mode urned on, I get: > > ssh -v phse6 > OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Connecting to phse6.meadwestvaco.com [170.85.106.131] port 22. > debug1: Connection established. > debug1: identity file /home/stan/.ssh/identity type 0 > debug1: identity file /home/stan/.ssh/id_rsa type 1 > debug1: identity file /home/stan/.ssh/id_dsa type -1 > debug1: Remote protocol version 1.99, remote software version > OpenSSH_2.5.1p1 > debug1: match: OpenSSH_2.5.1p1 pat OpenSSH_2.5.0p1*,OpenSSH_2.5.1p1* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_4.2p1 FreeBSD-20050903 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client 3des-cbc hmac-md5 none > debug1: kex: client->server 3des-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD(2048) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Host 'phse6.meadwestvaco.com' is known and matches the DSA host > key. > debug1: Found key in /home/stan/.ssh/known_hosts:195 > debug1: ssh_dss_verify: signature correct > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: publickey,keyboard-interactive > debug1: Next authentication method: publickey > debug1: Offering public key: /home/stan/.ssh/id_rsa > debug1: Authentications that can continue: publickey,keyboard-interactive > debug1: Trying private key: /home/stan/.ssh/id_dsa > debug1: Next authentication method: keyboard-interactive > debug1: Authentications that can continue: publickey,keyboard-interactive > debug1: No more authentication methods to try. > Permission denied (publickey,keyboard-interactive). > > Any sugestionsas to what to check next? Turn on verbose mode on the servers, and see what they think. They're the ones that are unhappy with the authentication, so they're the ones you should look at for why the RSA key isn't being accepted.