On Mon, Sep 17, 2001 at 10:32:36AM +0200, Pietro Cagnoni wrote: > ... > > i've always been able to solve my ssh problems using sshd -d and ssh -v
doh. yeah, I probably tried that. but now I've poked at it some more. sshd -d -d -d, all protocols enabled: not very interesting. just so you know what keys it finds: debug1: private host key: #0 type 0 RSA1 debug1: private host key: #1 type 1 RSA debug1: private host key: #2 type 2 DSA and then ssh -2 -v -v -v: eh, dumped to logs and ran diff. < w/ all protocols enabled, > w/ only 2 (only let it see the DSA key) 17c17 < debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2 --- > debug1: Remote protocol version 2.0, remote software version OpenSSH_2.9p2 36c36 < debug2: kex_parse_kexinit: ssh-rsa,ssh-dss --- > debug2: kex_parse_kexinit: ssh-dss 53,54c53,54 < debug1: dh_gen_key: priv key bits set: 122/256 < debug1: bits set: 1016/2049 --- > debug1: dh_gen_key: priv key bits set: 135/256 > debug1: bits set: 995/2049 62c62 < RSA key fingerprint is eb:a9:6b:36:7e:16:33:d7:38:80:48:61:c7:44:4f:e3. --- > DSA key fingerprint is d0:51:d4:c5:b7:a5:93:de:05:aa:c1:ac:87:c3:a7:7a. Yes, I actually have to hide the ssh_host_rsa_key to get it to use v2. Just setting 'Protocol 2' isn't enough, it still falls back to protocol 1 and finds the RSA key. Even though the debug output shows prot v2.0. At first I thought the "protocol v1.99" threw it off, but the third case with the setting 'Protocol 2' produces this output, among others: debug1: Remote protocol version 2.0, remote software version OpenSSH_2.9p2 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss RSA key fingerprint is ... ...so now I think that's it. Seems to me to be preferring protocol 1, ssh-rsa, if it's available regardless of the 'Protocol' setting. Which seems to me to be broken behavior. Which I'd file a bug report for, if I wasn't worried that I'm just being an idiot. eh. Again, any comments? Anybody else trying to figure out why protocol 2 won't work? :) Mike McGuire
