From owner-freebsd-stable@FreeBSD.ORG Thu Aug 14 17:25:16 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D30E21065677 for ; Thu, 14 Aug 2008 17:25:16 +0000 (UTC) (envelope-from spomerg@cwu.EDU) Received: from donald.cts.cwu.edu (donald.cts.cwu.edu [198.104.67.147]) by mx1.freebsd.org (Postfix) with ESMTP id C7C748FC15 for ; Thu, 14 Aug 2008 17:25:16 +0000 (UTC) (envelope-from spomerg@cwu.EDU) Received: from CONVERSION-CWU-DAEMON.DONALD.CTS.CWU.EDU by DONALD.CTS.CWU.EDU (PMDF V6.4 #31640) id <01MYCG4I5W1S000S07@DONALD.CTS.CWU.EDU> for freebsd-stable@freebsd.org; Thu, 14 Aug 2008 10:25:16 -0700 (PDT) Received: from hermes.cwu.edu (hermes.cwu.edu [172.16.21.28]) by DONALD.CTS.CWU.EDU (PMDF V6.4 #31640) with ESMTP id <01MYCG4HQUI4000TD2@DONALD.CTS.CWU.EDU> for freebsd-stable@freebsd.org; Thu, 14 Aug 2008 10:25:15 -0700 (PDT) Received: from cwugate1-MTA by hermes.cwu.edu with Novell_GroupWise; Thu, 14 Aug 2008 10:25:15 -0700 Date: Thu, 14 Aug 2008 10:25:09 -0700 From: Gavin Spomer To: freebsd-stable@freebsd.org Message-id: <48A40805020000900001C185@hermes.cwu.edu> MIME-version: 1.0 X-Mailer: Novell GroupWise Internet Agent 7.0.3 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: quoted-printable Content-disposition: inline Subject: Re: ssh-keygen between SuSE and FreeBSD X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Aug 2008 17:25:16 -0000 >=20 >>> Marian Hettwer 08/14/08 9:43 AM >>> > Hi Gavin, > From your Suse, try to run the ssh commando with "-v" or even -vv or = -vvv > to get debugging output. > If you can't figure out what the debugging output wants to tell you, = send > it to the list. > But complete, copy 'n' paste please :) Sure, no problem: (edited) myusername@suseserver:~> ssh -v myusername@freebsdserver OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to freebsdserver [xxx.xxx.xxx.xxx] port 22. debug1: Connection established. debug1: identity file /home/myusername/.ssh/id_rsa type -1 debug1: identity file /home/myusername/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.5p1 = FreeBSD-20061110 debug1: match: OpenSSH_4.5p1 FreeBSD-20061110 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'freebsdserver' is known and matches the DSA host key. debug1: Found key in /home/myusername/.ssh/known_hosts:6 debug1: ssh_dss_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /home/myusername/.ssh/id_rsa debug1: Trying private key: /home/myusername/.ssh/id_dsa debug1: Next authentication method: keyboard-interactive Password: debug1: Authentication succeeded (keyboard-interactive). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG =3D en_US.UTF-8 Last login: Thu Aug 14 10:08:12 2008 from suseserver . [snip] . Welcome to FreeBSD! . [snip] . [myusername@freebsdserver ~]$ > I'm not quite sure right now why you're using rsa keys. I'm always using > dsa keys (ssh-keygen -t dsa). It comes to my mind, that rsa keys are for > ssh version 1, while dsa keys are for ssh version 2. > But I could be wrong here ;) > No man ssh handy right now, sorry. If that's true, then I believe I will start using the dsa ones! I think I = chose rsa because the FreeBSD manual indicated I could use either and I = could only find settings for enabling rsa in sshd_config on the remote = servers, but I'll look again... > > I noticed you made a distinction between password and passphrase. = Could > > you please explain the difference? > > > Well, when you generate a rsa or dsa key, you get asked to enter a > passphrase for that key. > So a passphrase is basically the password to your ssh key. > While the password is the real password of the local user you're trying = to > be. Like ssh foo@bar, the password would be the password of the user foo = at > host bar. > And since everybody likes to know wether someone is talking about the > "password" of a ssh key or the password of a local user, you say = passphrase > to keys and password to local users. > That's how I would explain it :)) Good explanation. I grok, I grok. :D > Cheers, > Marian