Re: ssh pubkey exchange failing at send_pubkey_test

[Hans-Georg Scherneck]

My cygwin runs on a Windows 7. My problem is similar to a previous one

* /From/: Christophe Sauthier
* /To/: Cygwin List
* /Date/: Wed, 13 Apr 2005 10:39:14 +0200
* /Subject/: Re: Strange behaviour of Openssh


however it's really different. My problem occurs earlier in the
process.

I try to log in with ssh passwordless into a server that I've set up. sshd
is running there. I can log in with password.
When I set up the crypto (ssh-keygen -t ecdsa) and install the pub key at
the host, I can't login anymore, not by defaulting to password either.



How did you configure ssh?  Did you run ssh-user-config?
Does it work with the default rsa key?

--
Larry



Larry,
yes, I configured with ssh-user-config
No, it does not work with RSA keys either.
After a renewed ssh-user-config on the host side, the debug looks the 
same (except ecdsa ->  rsa)

ssh -vvv -i .ssh/id_rsa.pub me@server
see debug output at 
http://froste.oso.chalmers.se/hgs/cygwin/ssh-login-rsa-failure.txt


Note that I do have success with different Windows XP and Vista 
machines. It's only this one Windows 7 case that's misbehaving.  And the 
problem is independent whether I log in from another cygwin or a linux 
machine. It's always that one server under W7.


I've put up host's /etc/ssh_config at 
http://froste.oso.chalmers.se/hgs/cygwin/ssh_config_at_host

and the server's sshd_ equivalently.

I'd very much like to inspect logfiles on the server's side. Despite 
that I've arranged for sshd-stdout.log sshd-stderr.log files in /var/log 
(they are created), and despite that I have installed and activated the 
syslog-ng package the logins, whether failing or succeeding (keys 
disabled and password dialog), leave no messages in any of the logfiles.
( cygrunsrv --install sshd --path /usr/sbin/sshd -1 /var/log/sshd-1.log 
-2 /var/log/sshd-2.log --args -e; cygrunsrv -S sshd )

I've also looked into the W7 event logs, in vain.

Other clues for narrowing in: I connect within the same IP-domain, 
machines sit side-by-side, I give the full address 
h...@w7machine.oso.chalmers.se

and HGS is the user exactly as specified in /etc/passwd
Can the firewall prevent receiving the send_publickey_test ? Isn't 
send_publickey_test going thru port 22 too ?

ssh -i .ssh/id_ecdsa.pub h...@w7machine.oso.chalmers.se
Any option I miss in the ssh command line?

--
Med vänliga hälsningar / With best regards yours -
Hans-Georg Scherneck   /   A   \
-+--- |   / \   |
. Telephone&  -fax   | Chalmers University of Technology   \   /
. +46 31 772 5556| Earth and Space Sciences  -
. +46 31 772 5590 fx |&  Onsala Space Observatory | |
. E-Mail:| SE-439 92  Onsala, Sweden /   \
. hgs at chalmers.se | http://www.chalmers.se/rss   
. Ocean Loading Serv.| froste.oso.chalmers.se/loading   /===\ ,===//===\
. Gravimeter | froste.oso.chalmers.se/hgs/SCG  //`===,//
-+-\===//===' \===/


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: Putty and pre-shared keys with Cygwin's sshd

[Andrey Repin]

Greetings, Andrew DeFaria!

> Now putty does work but I like having pre-shared keys with ssh sessions.
> But I can't seem to get Putty's PuttyGen generated ssh keys to work with 
> Cygwin's sshd.

Then you're doing something wrong.

> http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter8.html#pubkey 
>  
> states 
> to basically use PuttyGen to generate the key then copy and paste it 
> into your ~/.ssh/authorized_keys file. I do that but when I try to ssh 
> in from a remote system using Putty I keep getting prompted for a 
> password. Does anybody know how to fix/configure this?

You didn't said anything to help you.
What key type you generate? How do you save both parts of the key?
You said you copied public key, did you saved private key as well?
Or you just assumed it was saved somewhere automatically?


--
WBR,
Andrey Repin (anrdae...@freemail.ru) 21.01.2012, <16:36>

Sorry for my terrible english...


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: Putty and pre-shared keys with Cygwin's sshd

[Andrew DeFaria]

On 01/21/2012 04:39 AM, Andrey Repin wrote:

http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter8.html#pubkey
  
states
to basically use PuttyGen to generate the key then copy and paste it
into your ~/.ssh/authorized_keys file. I do that but when I try to ssh
in from a remote system using Putty I keep getting prompted for a
password. Does anybody know how to fix/configure this?

You didn't said anything to help you.

Actually I was expecting help from you! ;-)

What key type you generate?

I tried them all.

How do you save both parts of the key?
Didn't think I had to. IIRC there was a save button. I clicked on that 
and saved whatever it saved. I don't recall it saying what part it would 
save.

You said you copied public key, did you saved private key as well?
Or you just assumed it was saved somewhere automatically?
Yes I did assume it would save it somewhere. If you use ssh-keygen it 
does save it somewhere (~/.ssh by default). As I said, I don't use putty 
so I have no idea how it works. Where am I supposed to save it? How does 
putty then later find it and use it?

--
Andrew DeFaria 
Animal testing is a bad idea - they get nervous and give the wrong answers.


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: what happened to [PATCH] setup -e, --separate-src-dirs option (http://sourceware.org/ml/cygwin-apps/2011-12/msg00022.html)

[Hans Horn]

On 1/17/2012 10:39 AM, Hans Horn wrote:

As subject line says.
As far as I recall, this got a lot of +1 votes.


Nothing? Not even an insult? That's disappointing


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: YA call for snapshot testing

[Hans Horn]

On 1/19/2012 2:06 PM, Chris Sutcliffe wrote:

On 19 January 2012 14:52, Christopher Faylor wrote:

Corinna and I think that we're coming close to achieving stability for
a new release so we'd like you to try the most recent snapshot at:

http://cygwin.com/snapshots/

Please reports variations from 1.7.9, including "Hey! It's a lot faster
than 1.7.9!" as well as the usual bug reports.


I've been running the 2012-01-11 snapshot since it was released with no issues.

Thank you for all the hard work!

Chris



ditto!

Said snapshot appears to be the "best" cygwin I'd installed for many months.
Bash starts up noticeably faster.
No random "fork", "bad address" etc errors anymore when when building 
large projects.

Kudos to all that made it happen.

H.



--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: YA call for snapshot testing

[Christopher Faylor]

On Sat, Jan 21, 2012 at 08:45:58AM -0800, Hans Horn wrote:
>On 1/19/2012 2:06 PM, Chris Sutcliffe wrote:
>> On 19 January 2012 14:52, Christopher Faylor wrote:
>>> Corinna and I think that we're coming close to achieving stability for
>>> a new release so we'd like you to try the most recent snapshot at:
>>>
>>> http://cygwin.com/snapshots/
>>>
>>> Please reports variations from 1.7.9, including "Hey! It's a lot faster
>>> than 1.7.9!" as well as the usual bug reports.
>>
>> I've been running the 2012-01-11 snapshot since it was released with no 
>> issues.
>>
>> Thank you for all the hard work!
>>
>> Chris
>>
>
>ditto!
>
>Said snapshot appears to be the "best" cygwin I'd installed for many months.
>Bash starts up noticeably faster.
>No random "fork", "bad address" etc errors anymore when when building 
>large projects.
>Kudos to all that made it happen.

Thanks for the positive feedback.  It looks like if we can fix Yaakov's problem
we may be ready to ship.

cgf

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: what happened to [PATCH] setup -e, --separate-src-dirs option (http://sourceware.org/ml/cygwin-apps/2011-12/msg00022.html)

[Christopher Faylor]

On Sat, Jan 21, 2012 at 07:54:04AM -0800, Hans Horn wrote:
>On 1/17/2012 10:39 AM, Hans Horn wrote:
>> As subject line says.
>> As far as I recall, this got a lot of +1 votes.
>
>Nothing? Not even an insult? That's disappointing

Not an insult but if you were reading the thread you saw that I had a
problem with the approach.  I'd rather not burden setup.exe with unneeded
code when the problem could be handled either by the package maintainer
or by changing the way files are uploaded to sourceware.

I started working on a new mechanism for uploading packages to
sourceware.  It requires uploading a new package to a staging area where
a validity check (and maybe package massaging) is done before a package
is moved to the release area.  But, I was bogged down by home computer
problems and haven't finished it yet.  I will get to it in the next
month or so, however.

cgf

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: Putty and pre-shared keys with Cygwin's sshd

[Andrew DeFaria]

On 1/21/2012 4:39 AM, Andrey Repin wrote:
What key type you generate? How do you save both parts of the key? You 
said you copied public key, did you saved private key as well? Or you 
just assumed it was saved somewhere automatically? -- WBR, Andrey 
Repin (anrdae...@freemail.ru) 21.01.2012, <16:36> Sorry for my 
terrible english... 

OK, here's what I did now:

 * Regenerated a SSH-2 DSA key 1024 bit
 * Saved the public and private keys
 * Copied the public key from the box in puttygen that says "Public key
   for the pasting into authorized-keys file" and pasted it into my
   machine's ~/.ssh/authorized_keys
 * Ran putty on the remote machine and made sure to point the
   Connection: SSH: Auth pointed to the private key I saved from
   puttygen (a .ppk file).

Attempted to connect with that and I got:

Using username "adefaria"
Server refused our key
adefaria@ltsdo-adefaria's password:

What did I do wrong?
--
Andrew DeFaria 
Everybody is somebody else's weirdo.


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: Putty and pre-shared keys with Cygwin's sshd

[Andrey Repin]

Greetings, Andrew DeFaria!

>> What key type you generate? How do you save both parts of the key? You
>> said you copied public key, did you saved private key as well? Or you 
>> just assumed it was saved somewhere automatically? -- WBR, Andrey 
>> Repin (anrdae...@freemail.ru) 21.01.2012, <16:36> Sorry for my 
>> terrible english... 
> OK, here's what I did now:

>   * Regenerated a SSH-2 DSA key 1024 bit
>   * Saved the public and private keys
>   * Copied the public key from the box in puttygen that says "Public key
> for the pasting into authorized-keys file" and pasted it into my
> machine's ~/.ssh/authorized_keys
>   * Ran putty on the remote machine and made sure to point the
> Connection: SSH: Auth pointed to the private key I saved from
> puttygen (a .ppk file).

> Attempted to connect with that and I got:

> Using username "adefaria"
> Server refused our key
> adefaria@ltsdo-adefaria's password:

> What did I do wrong?

Ok, now we're talking. There's indeed a tricky part involved, let me try to
cover it for you.
On puttygen part, it seems you did it right. (Though, saving public key part is
only required for ssh servers compliant with RFC4716.)
On connection part... seems like you've supplied the right login name...
On server part...
First. Make sure your ssh server is configured to allow DSA keys. RSA keys are
more common, as I've discovered. And sometimes servers configured to disallow
DSA key authentication, even if they are offering DSA key themselves.
Second, double-check server log for reason to refuse the key. The top (IMO)
reason to refuse key authentication is wrong access mask on 
~/.ssh/authorized_keys
file. It must not be group- or world-writable.


--
WBR,
Andrey Repin (anrdae...@freemail.ru) 22.01.2012, <00:18>

Sorry for my terrible english...


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: Putty and pre-shared keys with Cygwin's sshd

[Andrew DeFaria]

On 01/21/2012 12:34 PM, Andrey Repin wrote:
Ok, now we're talking. There's indeed a tricky part involved, let me 
try to cover it for you. On puttygen part, it seems you did it right. 
(Though, saving public key part is only required for ssh servers 
compliant with RFC4716.) On connection part... seems like you've 
supplied the right login name... On server part... First. Make sure 
your ssh server is configured to allow DSA keys. RSA keys are more 
common, as I've discovered. 
Let's remain focused. As the subject states, the "server" is Cygwin, 
running on my laptop. All I use is DSA myself. I can ssh to other 
Unix/Linux systems. They can ssh to me using preshared key. I can ssh to 
local host too. *I* use ssh, Cygwin's ssh and preshared keys. *Others* 
often don't use Cygwin and/or don't have OpenSSH installed and say "I 
have putty". I'm trying to help them. If it were me I'd just install 
Cygwin and OpenSSH and be done with it.
And sometimes servers configured to disallow DSA key authentication, 
even if they are offering DSA key themselves. Second, double-check 
server log for reason to refuse the key. The top (IMO) reason to 
refuse key authentication is wrong access mask on 
~/.ssh/authorized_keys file. It must not be group- or world-writable.
Well I checked my /var/log/sshd.log on my Cygwin laptop and it was of 0 
length. Even tried to reproduce the problem, got the same error but 
/var/log/sshd.log remains empty.

--
Andrew DeFaria 
A preposition must never be used to end a sentence with.


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: YA call for snapshot testing

[Shaddy Baddah]

Hi,


On 22/01/12 05:18, Christopher Faylor wrote:
Thanks for the positive feedback. It looks like if we can fix Yaakov's 
problem

we may be ready to ship.


I have one more problem to report. I tracked this problem as being
introduced in the 2011-12-17 00:14:25 UTC snapshot, including the
latest one, 2012-01-11 22:44:48 UTC:

sbaddah@*** ~
$ find ~/.. -iname '*dokan*' -print
dokan*
...
find: 
`***/dsl': 
Bad address
find: 
`***/-ubuntu': 
Bad address

...
  0 [main] find 6276 C:\Users\Public\portapps\cygwin\bin\find.exe: 
*** fatal error - cmalloc would have returned NULL

Stack trace:
Frame Function  Args
0028A3B8  6102F91B  (0028A3B8, , , )
0028A6A8  6102F91B  (6119BD20, 8000, , 6119DB0F)
0028B6D8  61005E5C  (6119D4A0, 0028B704, 0006, 61002C47)
0028B6F8  61005E98  (6119D4A0, 6119D498, 0028B798, 0028C9D0)
0028C9A8  61003154  (, 0028CA7A, 2007E96D, 0028CA20)
0028CBD8  610A7AAA  (612664E4, 0028CCB4, 0028CC38, 610815D0)
0028CC18  610A7DFB  (0003, 8000, , 61269864)
0028CC38  610D2E15  (20038630, 0001, 0001, 0005)
0028CC78  00401FD6  (61220049, 6119DD76, , 61006E18)
0028CD28  61006E18  (, 0028CD78, 61006410, )
End of stack trace
Hangup

The 2011-12-16 16:38:38 UTC snapshot, and earlier ones, seem free of
this problem.

I am running Windows 7 64bit.

--
Regards,
Shaddy


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: Putty and pre-shared keys with Cygwin's sshd

[Andrey Repin]

Greetings, Andrew DeFaria!

>> Ok, now we're talking. There's indeed a tricky part involved, let me
>> try to cover it for you. On puttygen part, it seems you did it right. 
>> (Though, saving public key part is only required for ssh servers 
>> compliant with RFC4716.) On connection part... seems like you've 
>> supplied the right login name... On server part... First. Make sure 
>> your ssh server is configured to allow DSA keys. RSA keys are more 
>> common, as I've discovered. 
> Let's remain focused. As the subject states, the "server" is Cygwin, 
> running on my laptop. All I use is DSA myself. I can ssh to other 
> Unix/Linux systems. They can ssh to me using preshared key. I can ssh to 
> local host too. *I* use ssh, Cygwin's ssh and preshared keys. *Others* 
> often don't use Cygwin and/or don't have OpenSSH installed and say "I 
> have putty". I'm trying to help them. If it were me I'd just install 
> Cygwin and OpenSSH and be done with it.

Well, *I* am using Cygwin SSH and PuTTY. And I've had no issues other than
what I have explained.
One way or another, back or forth, to my Linux box, or from it, from my
Windows box to any imaginable server around the globe - no problem.
Using puttygen to create new keys, or converting keys from OpenSSH to
PuTTY, or the other way around to use for Cygwin's ssh in test box.
It just works. Exactly as described in PuTTY help file, chapter 8.2.

>> And sometimes servers configured to disallow DSA key authentication, 
>> even if they are offering DSA key themselves. Second, double-check 
>> server log for reason to refuse the key. The top (IMO) reason to 
>> refuse key authentication is wrong access mask on 
>> ~/.ssh/authorized_keys file. It must not be group- or world-writable.
> Well I checked my /var/log/sshd.log on my Cygwin laptop and it was of 0 
> length. Even tried to reproduce the problem, got the same error but 
> /var/log/sshd.log remains empty.

Check Windows event log. Though, it's obvious.
Also keep an eye on nearby discussion regarding SSHD issues. It may be your
case too.


--
WBR,
Andrey Repin (anrdae...@freemail.ru) 22.01.2012, <07:15>

Sorry for my terrible english...


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: YA call for snapshot testing

[Christopher Faylor]

On Sun, Jan 22, 2012 at 01:07:45PM +1100, Shaddy Baddah wrote:
>Hi,
>
>
>On 22/01/12 05:18, Christopher Faylor wrote:
>> Thanks for the positive feedback. It looks like if we can fix Yaakov's 
>> problem
>> we may be ready to ship.
>
>I have one more problem to report. I tracked this problem as being
>introduced in the 2011-12-17 00:14:25 UTC snapshot, including the
>latest one, 2012-01-11 22:44:48 UTC:

Sorry but you'll really need to provide more details about what your
disk looks like so that we can attempt to duplicate the problem.

Also, the stack trace that you provided doesn't look like it came from
the 2012-01-11 snapshot.  I can't tell for sure since you didn't provide
cygcheck outpput.

cgf

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: YA call for snapshot testing

[Christopher Faylor]

On Sun, Jan 22, 2012 at 12:47:19AM -0500, Christopher Faylor wrote:
>On Sun, Jan 22, 2012 at 01:07:45PM +1100, Shaddy Baddah wrote:
>>Hi,
>>
>>
>>On 22/01/12 05:18, Christopher Faylor wrote:
>>> Thanks for the positive feedback. It looks like if we can fix Yaakov's 
>>> problem
>>> we may be ready to ship.
>>
>>I have one more problem to report. I tracked this problem as being
>>introduced in the 2011-12-17 00:14:25 UTC snapshot, including the
>>latest one, 2012-01-11 22:44:48 UTC:
>
>Sorry but you'll really need to provide more details about what your
>disk looks like so that we can attempt to duplicate the problem.
>
>Also, the stack trace that you provided doesn't look like it came from
>the 2012-01-11 snapshot.  I can't tell for sure since you didn't provide
>cygcheck outpput.

Also did this crash happen instantaneously or did it take a while?

cgf

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: Putty and pre-shared keys with Cygwin's sshd

[Andrew DeFaria]

On 01/21/2012 07:28 PM, Andrey Repin wrote:

Well, *I* am using Cygwin SSH and PuTTY. And I've had no issues other than
what I have explained.
One way or another, back or forth, to my Linux box, or from it, from my
Windows box to any imaginable server around the globe - no problem.
The scenario here is going from one Windows box using PuTTY to another 
Windows box using OpenSSH in Cygwin.

Using puttygen to create new keys, or converting keys from OpenSSH to
PuTTY, or the other way around to use for Cygwin's ssh in test box.
It just works. Exactly as described in PuTTY help file, chapter 8.2.

I'm glad it's working for you, I wish it were working for me.

You mention "converting keys from OpenSSH to PuTTY, or the other way 
around". What is this conversion process that you speak of? How do you 
convert a PuTTY key to an OpenSSH key? Because so far nobody's mentioned 
where in this process I need to convert between the two.

Check Windows event log. Though, it's obvious.
Also keep an eye on nearby discussion regarding SSHD issues. It may be your
case too.
I will check when I get back into work (don't run Windows nor PuTTY at 
home to check things) but I thought Cygwin's sshd logs to 
/var/log/sshd.log. Otherwise why would I have a file there at all?

--
Andrew DeFaria 
Indecision is the key to flexibility.


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple