• Home
  • Help
  • Search
  • Login
  • Register
Pages: [1]
Author Topic: Anybody succeeded in keybased ssh login from ssh.com free win client?  (Read 3563 times)
CqCn
Full Member
***

Karma: 0
Posts: 169



View Profile
« on: August 22, 2009, 11:08:01 AM »

ssh.com (commercial) has a free Win graphical client for terminal/ftp login to ssh. This has been my favorite ssh client because it is feature rich, solid, and has file drag drop between remote and local.

 I have used this client successfully using ssh2 protocol keys to log in into other linux boxes including the Slug (another tiny server box like our SheevaPlug) for many years.  While the native key formats are not compatible, using the key conversion software of putty, one can make compatible keys. The sshd running on ShPlug is a bit higher version than the one on my old Slug.  I have not been able to make key-based ssh to ShPlug work from the ssh.com free client.

Has anybody tried?  Any success?
Logged

Cordially, CqCn

AutoStatic
Newbie
*

Karma: 1
Posts: 40


View Profile
« Reply #1 on: August 22, 2009, 12:18:28 PM »

Hello CqCn, how does the /etc/ssh/sshd_config on the plug look like? Key-based authentication should be no problem at all. I'm not familiar with the ssh.com client though, does it use .ppk files like Putty?
Logged

CqCn
Full Member
***

Karma: 0
Posts: 169



View Profile
« Reply #2 on: August 22, 2009, 12:47:40 PM »

Hello CqCn, how does the /etc/ssh/sshd_config on the plug look like? Key-based authentication should be no problem at all. I'm not familiar with the ssh.com client though, does it use .ppk files like Putty?
The ssh.com client does use the putty .ppk.  The way to make compatible keys is:
generate keys in ssh.com;
import to putty keygen;
export putty keys.
    The putty keys are compatible  among putty, ssh.com and openSsh.
 
My relevant portions of sshd-config (the file has not been modified):
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     %h/.ssh/authorized_keys
Logged

Cordially, CqCn

AutoStatic
Newbie
*

Karma: 1
Posts: 40


View Profile
« Reply #3 on: August 22, 2009, 01:42:21 PM »

Hmmm, looks good. What error messages do you get when you try to connect?
Logged

CqCn
Full Member
***

Karma: 0
Posts: 169



View Profile
« Reply #4 on: August 23, 2009, 07:11:47 PM »

AutoStatic,

The msg ssh.com client shows in a pop up window includes the line:
An protocol error was detected.  This usually indicates a bug  in the application (either ssh server or client.).

BTW, what does this config line (in sshd_config) mean?
ChallengeResponseAuthentication no

Logged

Cordially, CqCn

AutoStatic
Newbie
*

Karma: 1
Posts: 40


View Profile
« Reply #5 on: August 24, 2009, 12:08:58 AM »

From man sshd_config:
Quote
     ChallengeResponseAuthentication
             Specifies whether challenge-response authentication is allowed.
             All authentication styles from login.conf(5) are supported.  The
             default is “yes”.
From /etc/ssh/sshd_config:
Code:
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
And the error message doesn't ring a bell, unfortunately. Does the ssh.com client allow you to specify a protocol?
Logged

CqCn
Full Member
***

Karma: 0
Posts: 169



View Profile
« Reply #6 on: August 24, 2009, 07:24:52 AM »

AuoStatic, Yes I had also seen the man description.  I was wondering how challenge/response works, and what if any roles that might play in the publicKey authentication.  Anyway, I changed this setting to yes, and had no perceived effect on what I was attempting.

The way I usually login from ssh.com, is that the server would ask for the passkey; since the ssh.com version does not have a keyagent, and it does work with the key agent of putty.

I did an experiment to compare as closely as possible the two plug-like servers' behavior on this.  I can ssh.com log in to Slug with public key from Win machine.  I copied the authorized_keys file from the Slug to the Plug at the corresponding place -- this would make all conditiions identical except for the plug sshd software version.  I can login into the plug, but not to the slug from ssh.com.  So there is something different between the two versions of the sshd on the two.
   The version on the (working) Slug:    openssh-sshd - 4.0p1-r10
   The version on the (NON-working) Plug:   openssh-sshd  5.1p1-5ubuntu1

Now, the basic public key authentication does work on Plug.  I can authenticate from putty, and I can auhenticate between Slug and Plug.  Only that is not working is from ssh.com client to Plug.

It is possible there is indeed a (new) problem in the newer version of the software, but since ssh.com client may not be that widely used/tested with this particular version of sshd, it may not have been dicovered/fixed yet...
 

Logged

Cordially, CqCn

AutoStatic
Newbie
*

Karma: 1
Posts: 40


View Profile
« Reply #7 on: August 24, 2009, 11:17:50 AM »

Did you already try running sudo tail -f /var/log/auth.log on the plug and then logging in with the ssh.com client?
Logged

restamp
Global Moderator
Sr. Member
*****

Karma: 4
Posts: 273


View Profile
« Reply #8 on: August 24, 2009, 02:17:12 PM »

Nothing to do with the current thread, but I notice you've "sudo"ed to see /var/log/auth.log.

FWIW, here is a little trick I've used on all my *nix boxes for years:

First, I set up my own bin directory under my $HOME for my own programs/scripts I use from my personal (non-root) account.  Including it in your $PATH is left as an exercise for the reader.

Next (as root, and substituting your own account name for "restamp", of course) I:
Code:
# cp /bin/cat ~restamp/bin/icat
# chown root:restamp ~restamp/bin/icat
# chmod 4550 ~restamp/bin/icat
# ls -l ~restamp/bin/icat
-r-sr-x--- 1 root restamp 26192 2009-06-27 23:23 /home/restamp/bin/icat

After doing this, you (almost) never have to "sudo" to read any file.  Just type "icat <filename>".  Try it, you'll like it!
Logged

CqCn
Full Member
***

Karma: 0
Posts: 169



View Profile
« Reply #9 on: August 24, 2009, 02:35:34 PM »

restamp,
Thank you very much for offering this tip even without my asking Smiley  Currently I really don't have a need to do sudo, I use some other method, without actually loging in as root.  Root login is still preserved, if I screwup the login script of other account, etc.

BTW, please take a quick look at the question I left for you at our other long running thread an hour ago on '2.6.30.5 new release'.  Thanks!
Logged

Cordially, CqCn

CqCn
Full Member
***

Karma: 0
Posts: 169



View Profile
« Reply #10 on: August 24, 2009, 07:04:38 PM »

AuoStatic,  The log gives the following while I try public key login. Next is password, which succeeds with two more lines in the log.
Code:
Aug 24 17:17:01 ganges CRON[1810]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug 24 17:17:01 ganges CRON[1810]: pam_unix(cron:session): session closed for user root

Your tip has given me a lot better view as I was otherwise blindly experimenting... Thanks.
« Last Edit: August 25, 2009, 07:36:59 AM by CqCn » Logged

Cordially, CqCn

AutoStatic
Newbie
*

Karma: 1
Posts: 40


View Profile
« Reply #11 on: August 25, 2009, 12:28:24 AM »

Those entries are relatied to cron, it should read something like this when pubkey authentication succeeds:
Code:
Aug 25 09:23:50 plugserver sshd[10025]: Accepted publickey for autostatic from x.x.x.x port xxx ssh2
Aug 25 09:23:50 plugserver sshd[10025]: pam_unix(sshd:session): session opened for user autostatic by (uid=0)

If it fails it should read something like:
Code:
Aug 25 09:26:30 plugserver sshd[10043]: Invalid user hackz0r from x.x.x.x
Logged

CqCn
Full Member
***

Karma: 0
Posts: 169



View Profile
« Reply #12 on: August 25, 2009, 07:39:10 AM »

Autostatic,  I do get similar lines when pubkeyAuth succeeds, but that is when initiated from Putty.  So the puzzle of why Plug and Slug differ continues.
Logged

Cordially, CqCn

HelenJames
Guest
re
« Reply #13 on: July 26, 2010, 02:04:22 PM »

The similar subject was already observed somewhere at this thread
Logged

Pages: [1]
Print
Jump to: