Bug 54757

Summary: Openssh 2.9p2 is not compatible
Product: [Retired] Red Hat Linux Reporter: Michael Meissner <meissner>
Component: opensshAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-10-17 23:33:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michael Meissner 2001-10-17 23:32:58 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.10-ac4 i686)

Description of problem:
In order to talk to a bunch of machines, I need to use ssh version 1.  The
2.9p2 version of openssh that I just downloaded via RHN is not compatible
with ssh1 to the extent that the old version was.  Previously, I did not
need to modify /etc/ssh/ssh_config to specify the Protocol option, it would
automatically connect via ssh1 if I had ssh1 keys available (and no ssh2
keys).  Now, it seems that I have to hardwire the Protocol to 1,2 to get it
to work.  Here is my ssh_config file:

Compression yes
CompressionLevel 9
FallBackToRsh no
RSAAuthentication yes
GatewayPorts yes
ForwardX11 no
KeepAlive no
PasswordAuthentication no
RhostsAuthentication no
RhostsRSAAuthentication yes
RSAAuthentication yes
UseRsh no



Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Use /etc/ssh/ssh_config file mentioned above
2. Only have .ssh/identify and no ssh2 id files
3. Do ssh-agent bash; ssh-add
4. Try to connect to ssh1 machines.
5. Watch it fail.


Actual Results:  I get messages like:

The authenticity of host 'cse (205.180.230.236)' can't be established.
DSA key fingerprint is 65:23:04:63:7e:04:5b:e1:ba:84:b4:bf:46:1e:e2:d0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'cse' (DSA) to the list of known hosts.
Permission denied (publickey,password).


Expected Results:  I expected to connect via ssh1.

Additional info:
Comment 1 Nalin Dahyabhai 2002-03-07 21:16:58 UTC 
The protocol version is selected before authentication is performed, so when the
server offers protocol 2, the client attempts to use it.  It's only then that
the presence of a key comes into play, and when one isn't found which can be
used with the protocol in use, a password prompt is issued.  This is the
expected behavior.

Try adding something similar to this to override for just the particular host:
Host sources.redhat.com
        Protocol 1,2
        ForwardX11 no