On Tue, 17 Oct 2006, Per-Olov Sjvholm wrote:
> On Tuesday 17 October 2006 01:07, you wrote:
> > After I upgraded to 3.9 stable from Oct 10 SSH key login no longer work.
> >
> > All my servers stopped working with SSH key logins with the result that
all
> > my rsync automated backups gave up. This happened after my last upgrade
> > October 10, where I did a full source update of my 3.9 stable. I could
> > however still login with any account where I use passwords. Both source
and
> > target SSH was OpenBSD and 3.9 from October 10. And as said it happened
on
> > six server at the same time. The only thing that could have caused this
is
> > that this update contained the new OpenSSH 4.4.
> >
> > I think the thread "
> > Cannot login into OpenSSH after applying patch 020_ssh2.patch to OpenBSD
> > 3.8 stable" is not the same problem. Or is it? Well... the fix for that
> > thread problem was "cd /usr/src/usr.bin/ssh && make obj depend && make &&
> > make install". And that does not help here.... Apart from that, the
result
> > is EXACTLY the same as the referenced thread.
> >
> > Login with keys from a patched 3.9 system to a non patched system (ssh
4.4
> > against 4.3) still works...
> >
> > Any clues?
> >
> > Thanks in advance
> > Per-Olov
>
> Will add some output of a verbose login as well.....
> (name and IP changed)
>
> This worked on all six servers before the 3.9 STABLE update that changed
> OpenSSH to 4.4. And after the stable update all key logins are broken and
> only password login works.
It could be you forgat the make depend.
To rule out bad dependencies. run make cleandir first and then try again.
-Otto
>
>
> [EMAIL PROTECTED]:~#ssh -v [EMAIL PROTECTED]
>
> OpenSSH_4.4, OpenSSL 0.9.7g 11 Apr 2005
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Connecting to MYSERVER.MYDOMAIN.COM [1.1.1.1] port 22.
> debug1: Connection established.
> debug1: permanently_set_uid: 0/0
> debug1: identity file /root/.ssh/identity type -1
> debug1: identity file /root/.ssh/id_rsa type -1
> debug1: identity file /root/.ssh/id_dsa type 2
> debug1: Remote protocol version 1.99, remote software version OpenSSH_4.4
> debug1: match: OpenSSH_4.4 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_4.4
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'MYSERVER.MYDOMAIN.COM' is known and matches the RSA host key.
> debug1: Found key in /root/.ssh/known_hosts:3
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: Next authentication method: publickey
> debug1: Trying private key: /root/.ssh/identity
> debug1: Trying private key: /root/.ssh/id_rsa
> debug1: Offering public key: /root/.ssh/id_dsa
> debug1: Server accepts key: pkalg ssh-dss blen 1585
> debug1: read PEM private key done: type DSA
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: Next authentication method: keyboard-interactive
> Connection closed by 1.1.1.1
>
>
> /Per-Olov
