i'm having problems with ssh

[nuttervm]

i've been messing around with ssh-agent and the keychain tool to manage the agent... or at least i was getting ready to. for some reason connecting to a remote machine via putty or from a unix to unix connection on my home network is suddenly taking forever. i've rebooted almost all teh machines, but it still takes forever to connect. why is it going so slow? i tried to start over by deleting the entire .ssh directory and start from scratch, but that isnt helping. i tried installing the latest openssh from the freebsd ports collection to no avail either.

also, just to experiment, i've generated a ssh key for one of my users that is blank, so in theory all i would have to do is type ssh remotehost and i would log in. for some reason when i try to log in to that remote host, it asks for a password still. keep in mind the wording... it asks for a 'password' not 'passphrase' like openssh should be asking for. wtf is going on here?

why are these clients asking for a password instead of passphrase? am i doing something wrong? i'm very frustrated at this, and the openssh faq doesnt address my issue. (the connections seem really slow both on my openbsd firewall and on freebsd workstations)

 

[freebsddude]

Check this main document list which lists 1, 2 and 3.

Good Luck!

 

[nuttervm]

yeah thats actually what i was looking at for setting up keychain, but my problems don't lie there. i think that for some reason ssh isn't looking at my ~/.ssh/* files.

correct me if i'm wrong, but i an supposed to type ssh-keygen, then enter a passPHRASE. then i am supposed to copy the contents of the .pub file to the remote authorized_keys file in the remote home/.ssh/ directory. then when i try to log in to the remote host, ssh is supposed to ask me what my passPHRASE (not password) is, use that to decrypt the local private key and then use that information to negotiate a connection with the remote machine. ssh is supposed to use that decrypted local private key and talk to the remote server (in the process looking at the remote authorized_keys file) and use that to authenticate me.

what i'm saying is that almost no matter what i do, it asks me for my password and not passphrase. it is totally skipping over my .ssh directory files and going for simple password authentication. the only time i can get a machine to ask for a passphrase is when i ssh into my openbsd box (where it asks for a password) and then type ssh localhost... only then does it ask for the ssh dsa or rsa passphrase! what the hell is going on here? why don't my computers work like every damn tutorial and manpage say they should?

nocmonkey, do you know what's up with this?

 

[nuttervm]

can anyone tell me why it is running so damn SLOW? sometimes it connects fast to the login screen, sometimes it takes forever to finish the connection. i've killed sshd and restarted it to see if that was the problem, and that didnt solve anything. i know this isnt the fastest machine ever, but for some reason all of my unix boxen seem really slow when using ssh recently. is there some sort of disease that i dont know about? something that could slow their traffic thru my network.

 

[n0cmonkey]

-v wil give you verbose output. Chances are its dns related. Anyhow, if you dont want it to ask you passwords, answer no in /etc/sshd_config for the Ask password Option or whatever its called.

EDIT: Oh yeah, and on the client machine (the one you are on locally or whatever), edit /etc/ssh_config to tell it which key to use by default, and there may be a password option there too.

 

[freebsddude]

OK, here is a list of things to verify.

ssh by DEFAULT does default ssh password encryption, meaning it uses niether RSA or DSA private/public stuff, but simply encrypts the password over the wire.

How did you generate your public key ? IF one of the machines uses openssh and the other uses ssh then you need to CONVERT the public key appropriately on the machine on which you are trying to connect. If you dont convert it will default to password authentication.

For example, I am using OpenSSH on the server side and F-Secure on the client side. I generated my private and public keys on the client (F-Secure side) and first uploaded the public key to the server. Then I converted the public key using the following command:

ssh-keygen -X -f <just uploaded public key file> >> ~/.ssh/authorized_keys2

In your case you are going from Unix->Unix, so your public key file is $HOME/.ssh/identity.pub and private file is $HOME/.ssh/identity.

Beyond this, I am not sure why it asks for the password auth first.