-   Linux - Security (
-   -   ssh RSA key (

thanat0s 09-28-2003 11:58 PM

ssh RSA key
For the last few nights i've been attempting to get RSA authentication for the user root up and running. My goal is to be able to log in as a regular user using a password but require RSA authentication (which i want to save on a floppy and use Putty to log in) for root access. I'm running the OpenSSH_3.6.1p2 server off a Mandrake 9.1 machine on my network. I thought it would be a simple task to accomplish, was I ever wrong...

my 'ssh -v -l root -i id_rsa' output looks like this:

OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: Connecting to rhost [] port 22.
debug1: Connection established.
debug1: identity file id_rsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '' is known and matches the RSA host key.
debug1: Found key in /home/*user*/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: id_rsa
Enter passphrase for key 'id_rsa':
Enter passphrase for key 'id_rsa':
Enter passphrase for key 'id_rsa':
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password

Notice the three attempted authentications?

Then it asks for a password (which is disabled for root)
I've heard there was a problem with MD5, the authentication used for passphrases on an ssh-key. So i installed the libsasl2-plug-crammd5-2.1.12-1mdk , but to my dismay did not fix my problem

ANY HELP/LINKS/EXPERIENCE will be greatly appreciated... GREATLY

acid_kewpie 09-29-2003 02:33 AM

well it'd appear that you've created an rsa with a passphrase in it. if you don't want one you'll need to recreate the rsa key, and just press enter when prompted, instead of typing in a passphrase.

unSpawn 09-29-2003 05:41 AM

...besides that you sneaked in this little phrase: "for root access", and I tell you you must NOT do that. "Best practices" advice is to treate and use a regular user account to log in to the system and then use sudo to su to root.

thanat0s 09-29-2003 09:51 PM

Thank you for you replies.

thank you for noticing the passphrase thing, but yes that was my initial intention, i much rather set it up to be valid ONLY with a passphrase, my concern is more as to how i can add support to the openssh library (OpenSSH_3.6.1p2) to support passphrase authentication through my Putty clilent (on a floppy).
Unspawn: thank you for the security advisory any clues on how to set RSA authentication for a regular user?

preciate any help...

All times are GMT -5. The time now is 10:35 PM.