Public key wackiness

Tom Grassia tgrassia at sfnewmexican.com
Tue Jun 21 12:07:14 EDT 2005


Hello,

Once upon a time, there were two servers.  These servers were called sf and 
osf.  Sf was a V240 running solaris 9, while osf was an Ultra-2 running 
Solaris 8.  With these servers lived a kind and generous man named Unix 
Guy.  One day, Unix Guy had a bright idea.  He would use rsync to remotely 
backup the filesystems of sf onto the disk array on osf.

Since Unix Guy wanted to do this after hours, he decided this needed to be 
set as a cron job.  Therefore, he would not be able to enter a password by 
hand on the system.  Pondering his options, he decided to use public keys 
without passphrases.

Unix Guy set up passkeys using ssh-keygen on sf.  He then copied the public 
keys over to osf and cat'ed them into both authorized_keys and 
authorized_keys2 (which were located in the appropriate .ssh 
directory).  He then tested the setup by sshing from sf to osf.

While doing so, the wicked unix gremlin jumped up and throttled his 
attempt.  It generated the following to taunt Unix Guy.

SSH Version Sun_SSH_1.0.1, protocol versions 1.5/2.0.
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: ssh_connect: getuid 0 geteuid 0 anon 0
debug1: Connecting to oldsantafe [10.1.2.3] port 22.
debug1: Allocated local port 1023.
debug1: Connection established.
debug1: Bad RSA1 key file //.ssh/identity.
debug1: identity file //.ssh/identity type 3
debug1: Bad RSA1 key file //.ssh/id_rsa.
debug1: identity file //.ssh/id_rsa type 3
debug1: Bad RSA1 key file //.ssh/id_dsa.
debug1: identity file //.ssh/id_dsa type 3
debug1: Remote protocol version 2.0, remote software version 3.2.9.1 SSH 
Secure Shell (non-commercial)
debug1: no match: 3.2.9.1 SSH Secure Shell (non-commercial)
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.0.1
debug1: sent kexinit: diffie-hellman-group1-sha1
debug1: sent kexinit: ssh-rsa,ssh-dss
debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc
debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc
debug1: sent kexinit: hmac-sha1,hmac-md5
debug1: sent kexinit: hmac-sha1,hmac-md5
debug1: sent kexinit: none
debug1: sent kexinit: none
debug1: sent kexinit:
debug1: sent kexinit:
debug1: send KEXINIT
debug1: done
debug1: wait KEXINIT
debug1: got kexinit: diffie-hellman-group1-sha1
debug1: got kexinit: ssh-dss
debug1: got kexinit: 
aes128-cbc,3des-cbc,twofish128-cbc,cast128-cbc,twofish-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc,arcfour
debug1: got kexinit: 
aes128-cbc,3des-cbc,twofish128-cbc,cast128-cbc,twofish-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc,arcfour
debug1: got kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
debug1: got kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
debug1: got kexinit: none,zlib
debug1: got kexinit: none,zlib
debug1: got kexinit:
debug1: got kexinit:
debug1: first kex follow: 0
debug1: reserved: 0
debug1: done
debug2: mac_init: found hmac-sha1
debug1: kex: server->client unable to decide common locale
debug1: kex: server->client aes128-cbc hmac-sha1 none
debug2: mac_init: found hmac-sha1
debug1: kex: client->server unable to decide common locale
debug1: kex: client->server aes128-cbc hmac-sha1 none
debug1: Sending SSH2_MSG_KEXDH_INIT.
debug1: bits set: 499/1024
debug1: Wait SSH2_MSG_KEXDH_REPLY.
debug1: Got SSH2_MSG_KEXDH_REPLY.
debug1: Host 'oldsantafe' is known and matches the DSA host key.
debug1: Found key in //.ssh/known_hosts:1
debug1: bits set: 501/1024
debug1: len 55 datafellows 0
debug1: ssh_dss_verify: signature correct
debug1: Wait SSH2_MSG_NEWKEYS.
debug1: GOT SSH2_MSG_NEWKEYS.
debug1: send SSH2_MSG_NEWKEYS.
debug1: done: send SSH2_MSG_NEWKEYS.
debug1: done: KEX2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password
debug3: start over, passed a different list
debug3: authmethod_lookup publickey
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug1: try pubkey: //.ssh/identity
debug1: read SSH2 private key done: name rsa w/o comment success 1
debug3: sign_and_send_pubkey
debug2: ssh_rsa_sign: done
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password
debug3: authmethod_lookup publickey
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug1: try pubkey: //.ssh/id_rsa
debug1: read SSH2 private key done: name rsa w/o comment success 1
debug3: sign_and_send_pubkey
debug2: ssh_rsa_sign: done
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password
debug3: authmethod_lookup publickey
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug1: try pubkey: //.ssh/id_dsa
debug1: read SSH2 private key done: name dsa w/o comment success 1
debug3: sign_and_send_pubkey
debug1: sig size 20 20
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password
debug3: authmethod_lookup publickey
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: authmethod_lookup password
debug3: authmethod_is_enabled password
debug1: next auth method to try is password


Just when all looked hopeless, the magical Sun Manager Elves 
appeared.  They consoled Unix Guy, telling him the way to defeat the evil 
unix gremlin and finish his task was to...


Please finish the story.


--Tom



More information about the sunmanagers mailing list