Mathieu Roy <[EMAIL PROTECTED]> writes: > I'm puzzled as we got > Accepted rsa for kfogel from 65.42.95.175 port 37964 > in the logs.
Wow. That's strange, yeah. > Can you provide the content of /etc/ssh/ssh_config Suer. Note that my system is not OpenBSD (I guess the file was inherited from some OpenBSD tree at some point). I've indented everything by three spaces; the file looks to be all comments anyway: # $OpenBSD: ssh_config,v 1.10 2001/04/03 21:19:38 todd Exp $ # This is ssh client systemwide configuration file. See ssh(1) for more # information. This file provides defaults for users, and the values can # be changed in per-user configuration files or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for various options # Host * # ForwardAgent no # ForwardX11 no # RhostsAuthentication no # RhostsRSAAuthentication yes # RSAAuthentication yes # PasswordAuthentication yes # FallBackToRsh no # UseRsh no # BatchMode no # CheckHostIP yes # StrictHostKeyChecking yes # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_dsa # IdentityFile ~/.ssh/id_rsa # Port 22 # Protocol 2,1 # Cipher blowfish # EscapeChar ~ > Does your connection with your rsa1 keys (identity) works somewhere > else? I don't know; mainly I connect to machines using DSA. I'll try reversing the Protocol order in my ~/.ssh/config... Holy cow! That did it! If ~/.ssh/config has Protocol 2,1 as its first line, then I see the same symptoms we've been seeing. But if I switch it to: Protocol 1,2 then the cvs update of my Emacs tree works. So, it appears there's some bug in OpenSSH 3.0.2p1, whereby the top level Protocol specification in the config file cannot be overridden, neither by the command line, nor by a Host section later in the config file. But I can't find anything about such a bug on Google, so perhaps something more complex is going on here... Anyway, I have a workaround now, even if a clumsy one. If I find out anything more about this problem, I'll let you know. Thanks for all your help, -Karl _______________________________________________ Savannah-hackers mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/savannah-hackers
