[CLUE-Tech] rsa1 logs in w/out password - not rsa(2)
David Anselmi
anselmi at americanisp.net
Wed Feb 19 13:08:10 MST 2003
Dave Price wrote:
> cluebies,
>
> I have genereated rssa1 and rsa keys and moved the .pub (public key)
> components to ann authorized_hosts file on a remote system.
>
> When I do an ssh -1 user at remote I get in with no password (rsa1)
>
> However, ssh user at remote (rsa2) always prompts me for a password.
>
> Any idea why this would happen?
You did not password protect your private key (~/.ssh/identity by
default). When you connect with ssh 1, the server asks for rsa
authentiction and the client provides it. If the key had been encrypted
with a password, you would have gotten a message asking for the
passphrase for the key (it is noticably different than when ssh asks for
your login password on the server).
When you use ssh 2, a different type of key is used (either an rsa or a
dsa key pair, I don't know how the rsa keys differ from those used in
ssh 1). Since you don't have a public key for ssh 2 on the server,
public key authentication fails and it tries password authentication
next. You can see all the gory details by using the above commands with
-v (or -vv) and comparing the debugging info.
By ssh 1 and ssh 2 I mean version 1 or 2 of the ssh protocol, regardless
of implementation. I assume you're using OpenSSH which uses different
key file formats for the two versions of the protocol even though the
underlying encrypt/decrypt algorithms are the same (though their use in
the two protocols may not be).
Dave
More information about the clue-tech
mailing list