Hi, I am running into a problem trying to setup OpenSSH 3.6.1 on FreeBSD 5.3 release. I am connecting via clients (both ssh on BSD and WinSCP on Windows). I know this is not a FreeBSD group, but I bet someone else has run into this problem on a Unix-like platform. When I test the server with "sshd -ddd", I get an error back from the server which reads: debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key I have tried creating the above server key many times with no apparent luck. The clients connect to the server but the connect time is way over 60 seconds so I am bummed out. I have looked on the OpenSSH site and googled for it but have not found a workable solution. Any ideas would be appreciated, Thank you, Joel
joel> I am running into a problem trying to setup OpenSSH 3.6.1 on joel> FreeBSD 5.3 release. I am connecting via clients (both ssh on joel> BSD and WinSCP on Windows). I know this is not a FreeBSD group, joel> but I bet someone else has run into this problem on a Unix-like joel> platform. I'd also recommend 'putty' as a windows client. joel> When I test the server with "sshd -ddd", I get an error back joel> from the server which reads: debug3: Not a RSA1 key file joel> /etc/ssh/ssh_host_dsa_key How did you create the server key? Can you post you sshd_config (or is it sshd.config?) file so we cna look at it? joel> I have tried creating the above server key many times with no joel> apparent luck. How did you create the key? joel> The clients connect to the server but the connect time is way joel> over 60 seconds so I am bummed out. That almost sounds like you have reverse DNS turned on, but that your server isn't resolving properly. Can you check your configuration to make sure that you do NOT have reverse DNS resolving turned on? My last FreeBSD box died, so I don't have one handy to check configs. joel> I have looked on the OpenSSH site and googled for it but have joel> not found a workable solution. It's sounding more like a reverse DNS issue. Can your FreeBSD box resolve various hostnames outside and inside your domain? John
I use both putty and WinSCP as needed. An oversight on my part. I create the key using "ssh-keygen -t rsa1" and answer the questions for location and key. What follows is my sshd_config file. Thanks again for the help. ----------- # $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $ # $FreeBSD: src/crypto/openssh/sshd_config,v 1.40 2004/04/20 09:37:29 des Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. # Note that some of FreeBSD's defaults differ from OpenBSD's, and # FreeBSD has a few additional options. #VersionAddendum FreeBSD-20040419 Port 22 Protocol 2 ### Listen to all incoming addresses ListenAddress 0.0.0.0 #ListenAddress ### HostKey for protocol version 1 # HostKey /etc/ssh/ssh_host_key ### HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 1h ServerKeyBits 768 # Logging #obsoletes QuietMode and FascistLogging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 3m #PermitRootLogin yes PermitRootLogin no StrictModes yes RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # Change to yes to enable built-in password authentication. PasswordAuthentication no PermitEmptyPasswords no # Change to no to disable PAM authentication ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'no' to disable PAM authentication (via challenge-response) # and session processing. UsePAM yes #AllowTcpForwarding yes GatewayPorts no X11Forwarding no X11DisplayOffset 10 X11UseLocalhost yes PrintMotd yes PrintLastLog yes TCPKeepAlive yes UseLogin no UsePrivilegeSeparation yes PermitUserEnvironment no Compression yes ClientAliveInterval 0 ClientAliveCountMax 3 ## ## Added line to speed up connecitons ( Was UseDNS yes) UseDNS no # PidFile /var/run/sshd.pid MaxStartups 10 # no default banner path Banner /etc/ssh/banner # override default of no subsystems Subsystem sftp /usr/local/libexec/sftp-server
On Fri, Apr 08, 2005 at 04:50:20PM -0400, joel d wrote:
I use both putty and WinSCP as needed. An oversight on my part.
I create the key using "ssh-keygen -t rsa1" and answer the questions for location and key.
That creates a SSH v1 key. Your server config below is only allowing Protocol v2 (a good idea) with DSA keys. Try creating a SSH v2 DSA key: ssh-keygen -t dsa
What follows is my sshd_config file. Thanks again for the help.
----------- # $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $ # $FreeBSD: src/crypto/openssh/sshd_config,v 1.40 2004/04/20 09:37:29 des Exp $
# This is the sshd server system-wide configuration file. See # sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value.
# Note that some of FreeBSD's defaults differ from OpenBSD's, and # FreeBSD has a few additional options.
#VersionAddendum FreeBSD-20040419
Port 22 Protocol 2 ### Listen to all incoming addresses ListenAddress 0.0.0.0 #ListenAddress
### HostKey for protocol version 1 # HostKey /etc/ssh/ssh_host_key ### HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_dsa_key
Joel, The sshd conf looks fine to my eye, but I'd try and bump up the loglevel in there and restart the daemon completely. Then look in the log file on startup and see what it says. It might give more details. Unfortunately, I'm leaving for the weekend soon, so I won't be able to help much for a while... Good luck! John
participants (3)
-
Chuck R. Anderson -
joel d -
John Stoffel