Key Authentication with DSA
Posted: Thu Jul 16, 2009 1:07 am
I am able to authenticate sFTP clients with RSA keys, but not DSA keys.
Here is the debug output when using DSA keys:
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to abc.def.com [192.168.10.10] port 22.
debug1: Connection established.
debug1: identity file /home/jbiggin/.ssh/id_rsa type -1
debug1: identity file /home/jbiggin/.ssh/id_dsa type 2
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: Remote protocol version 2.0, remote software version CoreFTP-0.1.2
debug1: no match: CoreFTP-0.1.2
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'abc.def.com' is known and matches the RSA host key.
debug1: Found key in /home/jbiggin/.ssh/known_hosts:8
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password,publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/jbiggin/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 433
Received disconnect from 192.168.10.10: 2: key check failed
Couldn't read packet: Connection reset by peer
Any thoughts
Here is the debug output when using DSA keys:
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to abc.def.com [192.168.10.10] port 22.
debug1: Connection established.
debug1: identity file /home/jbiggin/.ssh/id_rsa type -1
debug1: identity file /home/jbiggin/.ssh/id_dsa type 2
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: Remote protocol version 2.0, remote software version CoreFTP-0.1.2
debug1: no match: CoreFTP-0.1.2
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'abc.def.com' is known and matches the RSA host key.
debug1: Found key in /home/jbiggin/.ssh/known_hosts:8
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password,publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/jbiggin/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 433
Received disconnect from 192.168.10.10: 2: key check failed
Couldn't read packet: Connection reset by peer
Any thoughts