From Bugzilla Helper: User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.10-ac4 i686) Description of problem: In order to talk to a bunch of machines, I need to use ssh version 1. The 2.9p2 version of openssh that I just downloaded via RHN is not compatible with ssh1 to the extent that the old version was. Previously, I did not need to modify /etc/ssh/ssh_config to specify the Protocol option, it would automatically connect via ssh1 if I had ssh1 keys available (and no ssh2 keys). Now, it seems that I have to hardwire the Protocol to 1,2 to get it to work. Here is my ssh_config file: Compression yes CompressionLevel 9 FallBackToRsh no RSAAuthentication yes GatewayPorts yes ForwardX11 no KeepAlive no PasswordAuthentication no RhostsAuthentication no RhostsRSAAuthentication yes RSAAuthentication yes UseRsh no Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Use /etc/ssh/ssh_config file mentioned above 2. Only have .ssh/identify and no ssh2 id files 3. Do ssh-agent bash; ssh-add 4. Try to connect to ssh1 machines. 5. Watch it fail. Actual Results: I get messages like: The authenticity of host 'cse (205.180.230.236)' can't be established. DSA key fingerprint is 65:23:04:63:7e:04:5b:e1:ba:84:b4:bf:46:1e:e2:d0. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'cse' (DSA) to the list of known hosts. Permission denied (publickey,password). Expected Results: I expected to connect via ssh1. Additional info:
The protocol version is selected before authentication is performed, so when the server offers protocol 2, the client attempts to use it. It's only then that the presence of a key comes into play, and when one isn't found which can be used with the protocol in use, a password prompt is issued. This is the expected behavior. Try adding something similar to this to override for just the particular host: Host sources.redhat.com Protocol 1,2 ForwardX11 no