Bug 54757 - Openssh 2.9p2 is not compatible
Summary: Openssh 2.9p2 is not compatible
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: openssh
Version: 7.1
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2001-10-17 23:32 UTC by Michael Meissner
Modified: 2008-05-01 15:38 UTC (History)
0 users

Clone Of:
Last Closed: 2001-10-17 23:33:02 UTC

Attachments (Terms of Use)

Description Michael Meissner 2001-10-17 23:32:58 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.10-ac4 i686)

Description of problem:
In order to talk to a bunch of machines, I need to use ssh version 1.  The
2.9p2 version of openssh that I just downloaded via RHN is not compatible
with ssh1 to the extent that the old version was.  Previously, I did not
need to modify /etc/ssh/ssh_config to specify the Protocol option, it would
automatically connect via ssh1 if I had ssh1 keys available (and no ssh2
keys).  Now, it seems that I have to hardwire the Protocol to 1,2 to get it
to work.  Here is my ssh_config file:

Compression yes
CompressionLevel 9
FallBackToRsh no
RSAAuthentication yes
GatewayPorts yes
ForwardX11 no
KeepAlive no
PasswordAuthentication no
RhostsAuthentication no
RhostsRSAAuthentication yes
RSAAuthentication yes
UseRsh no

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Use /etc/ssh/ssh_config file mentioned above
2. Only have .ssh/identify and no ssh2 id files
3. Do ssh-agent bash; ssh-add
4. Try to connect to ssh1 machines.
5. Watch it fail.

Actual Results:  I get messages like:

The authenticity of host 'cse (' can't be established.
DSA key fingerprint is 65:23:04:63:7e:04:5b:e1:ba:84:b4:bf:46:1e:e2:d0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'cse' (DSA) to the list of known hosts.
Permission denied (publickey,password).

Expected Results:  I expected to connect via ssh1.

Additional info:

Comment 1 Nalin Dahyabhai 2002-03-07 21:16:58 UTC
The protocol version is selected before authentication is performed, so when the
server offers protocol 2, the client attempts to use it.  It's only then that
the presence of a key comes into play, and when one isn't found which can be
used with the protocol in use, a password prompt is issued.  This is the
expected behavior.

Try adding something similar to this to override for just the particular host:
Host sources.redhat.com
        Protocol 1,2
        ForwardX11 no

Note You need to log in before you can comment on or make changes to this bug.