Here is the debug output that i get when i do ssh and try to login into
a remote server:

OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to serv1.bahai.org [216.236.139.18] port 22.
debug1: Connection established.
debug3: Not a RSA1 key file /home/thecoolone/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/thecoolone/.ssh/id_rsa type 1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 122/256
debug2: bits set: 488/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename
/home/thecoolone/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename
/home/thecoolone/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'serv1.bahai.org' is known and matches the RSA host key.
debug1: Found key in /home/thecoolone/.ssh/known_hosts:1
debug2: bits set: 511/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/thecoolone/.ssh/id_rsa (0x82c2ee8)
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug3: start over, passed a different list
publickey,password,keyboard-interactive
debug3: preferred
gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/thecoolone/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password


I have checked for the permissions of $HOME it is 755 and $HOME/.ssh is
700
drwxr-xr-x 4 thecoolone thecoolone 4096 Dec 1 03:53 thecoolone
drwx------ 2 thecoolone thecoolone 4096 Dec 1 03:36 .ssh
-rw-r--r-- 1 thecoolone thecoolone 232 Apr 9 2006 id_rsa.pub


On debug3: is is saying "Not a RSA1 key file
/home/thecoolone/.ssh/id_rsa."
and then later "debug1: identity file /home/thecoolone/.ssh/id_rsa type
1"

I am not understanding that why are first it says not RSA and then
recognises it as type 1?
Does anyone have a clue on how to make ssh work with passphrase. I will
be using it from a cron job later.

Here is the debug output that i get when i do ssh and try to login into
a remote server:

OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to serv1.bahai.org [216.236.139.18] port 22.
debug1: Connection established.
debug3: Not a RSA1 key file /home/thecoolone/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/thecoolone/.ssh/id_rsa type 1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-...@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-...@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 122/256
debug2: bits set: 488/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename
/home/thecoolone/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename
/home/thecoolone/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'serv1.bahai.org' is known and matches the RSA host key.
debug1: Found key in /home/thecoolone/.ssh/known_hosts:1
debug2: bits set: 511/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/thecoolone/.ssh/id_rsa (0x82c2ee8)
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug3: start over, passed a different list
publickey,password,keyboard-interactive
debug3: preferred
gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/thecoolone/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password

I have checked for the permissions of $HOME it is 755 and $HOME/.ssh is
700
drwxr-xr-x 4 thecoolone thecoolone 4096 Dec 1 03:53 thecoolone
drwx------ 2 thecoolone thecoolone 4096 Dec 1 03:36 .ssh
-rw-r--r-- 1 thecoolone thecoolone 232 Apr 9 2006 id_rsa.pub

On debug3: is is saying "Not a RSA1 key file
/home/thecoolone/.ssh/id_rsa."
and then later "debug1: identity file /home/thecoolone/.ssh/id_rsa type
1"

I am not understanding that why at first it says not an RSA type and
then
recognises it as type 1?
Does anyone have a clue on how to make ssh work with passphrase. It was
working before i tried to make a new crontab for another account and
now i am reverting back to the old crontab and ssh is asking password.

Why is the old crontab not working any more?

thecoolone <jahan9@gmail.com> wrote:
> Here is the debug output that i get when i do ssh and try to login into
> a remote server:

Ignore this bit:
> debug3: Not a RSA1 key file /home/thecoolone/.ssh/id_rsa.
> debug2: key_type_from_name: unknown key type '-----BEGIN'

What the client can offer:
> debug2: key: /home/thecoolone/.ssh/id_rsa (0x82c2ee8)
> debug1: Authentications that can continue: publickey,password,keyboard-interactive

What the server can accept:
> debug3: start over, passed a different list
> publickey,password,keyboard-interactive
> debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password

Resulting intersection of authentication methods:
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey

First possibility (from the ordered list):
> debug1: Next authentication method: publickey
> debug1: Offering public key: /home/thecoolone/.ssh/id_rsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug1: Authentications that can continue: publickey,password,keyboard-interactive
> debug2: we did not send a packet, disable method

Didn't work, so strip it from the list and try the next option
> debug3: authmethod_lookup keyboard-interactive
> debug3: remaining preferred: password
> debug3: authmethod_is_enabled keyboard-interactive

Second possibility is keyboard-interactive, i.e. a password. So your
public/private key authentication has failed


> I have checked for the permissions of $HOME it is 755 and $HOME/.ssh is
> 700
> drwxr-xr-x 4 thecoolone thecoolone 4096 Dec 1 03:53 thecoolone
> drwx------ 2 thecoolone thecoolone 4096 Dec 1 03:36 .ssh
> -rw-r--r-- 1 thecoolone thecoolone 232 Apr 9 2006 id_rsa.pub

1. You do have a "id_rsa" file corresponding to "id_rsa.pub" on the
local client? Permissions 600 (or 400).

2. You have copied your id_rsa.pub file to the remote host's .ssh
directory haven't you? Permissions 644, 600, or 400.

Chris

Followups changed to comp.security.ssh.

In comp.security.ssh thecoolone <jahan9@gmail.com> wrote:
> Here is the debug output that i get when i do ssh and try to login into
> a remote server:

The SSH (client) side debug is not always able to tell you much. The
server isn't going to tell you why you can't log in.

Running the server in dbeug mode is much more likely to give useful
information.

> On debug3: is is saying "Not a RSA1 key file
> /home/thecoolone/.ssh/id_rsa."
> and then later "debug1: identity file /home/thecoolone/.ssh/id_rsa type
> 1"

> I am not understanding that why at first it says not an RSA type and
> then
> recognises it as type 1?

Because RSA1 is not the same as rsa type 1. This is just a debug
statement and doesn't show anything useful for your situation.

I'd recommend running the server in debug when you try to log in.
That's the side that understands any issues.

--
Darren Dunham ddunham@taos.com
Senior Technical Consultant TAOS http://www.taos.com/
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >

Darren Dunham wrote:
> Followups changed to comp.security.ssh.
>
> In comp.security.ssh thecoolone <jahan9@gmail.com> wrote:
> > Here is the debug output that i get when i do ssh and try to login into
> > a remote server:
>
> The SSH (client) side debug is not always able to tell you much. The
> server isn't going to tell you why you can't log in.
>
> Running the server in dbeug mode is much more likely to give useful
> information.
>
> > On debug3: is is saying "Not a RSA1 key file
> > /home/thecoolone/.ssh/id_rsa."
> > and then later "debug1: identity file /home/thecoolone/.ssh/id_rsa type
> > 1"
>
> > I am not understanding that why at first it says not an RSA type and
> > then
> > recognises it as type 1?
>
> Because RSA1 is not the same as rsa type 1. This is just a debug
> statement and doesn't show anything useful for your situation.

Can you elaborate if you don't mind the difference between RSA1 and rsa
type 1.

> I'd recommend running the server in debug when you try to log in.
> That's the side that understands any issues.

To run the server in debug mode means i will have to modify the
ssh_config file on server right ?

thecoolone <jahan9@gmail.com> wrote:
> Darren Dunham wrote:
>> > On debug3: is is saying "Not a RSA1 key file
>> > /home/thecoolone/.ssh/id_rsa."
>> > and then later "debug1: identity file /home/thecoolone/.ssh/id_rsa type
>> > 1"
>>
>> > I am not understanding that why at first it says not an RSA type and
>> > then
>> > recognises it as type 1?
>>
>> Because RSA1 is not the same as rsa type 1. This is just a debug
>> statement and doesn't show anything useful for your situation.

> Can you elaborate if you don't mind the difference between RSA1 and rsa
> type 1.

RSA1 is the key used by SSH v1 and created by ssh-keygen with -t rsa1.
You won't see this much unless you need to create v1 compatible keys.
However, the debug3 output is rather verbose about mentioning that keys
aren't of this type.

rsa (type 1) is one of the possible SSH v2 keys (dsa being the other).
It's created by ssh-keygen with -t rsa. It's just a different key.

>> I'd recommend running the server in debug when you try to log in.
>> That's the side that understands any issues.

> To run the server in debug mode means i will have to modify the
> ssh_config file on server right ?

No. At least not on unix. You can make changes on the command line.
For instance, one of the easiest things would be to leave the normal
server alone and just run an additional (debug) daemon that listens on
another port.

# sshd -d -p 2222

Then have the client connect on the new port (with -p 2222) to watch the
output.

--
Darren Dunham ddunham@taos.com
Senior Technical Consultant TAOS http://www.taos.com/
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >