Bug 54757 - Openssh 2.9p2 is not compatible
Openssh 2.9p2 is not compatible
Product: Red Hat Linux
Classification: Retired
Component: openssh (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Depends On:
  Show dependency treegraph
Reported: 2001-10-17 19:32 EDT by Michael Meissner
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-10-17 19:33:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Michael Meissner 2001-10-17 19:32:58 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.10-ac4 i686)

Description of problem:
In order to talk to a bunch of machines, I need to use ssh version 1.  The
2.9p2 version of openssh that I just downloaded via RHN is not compatible
with ssh1 to the extent that the old version was.  Previously, I did not
need to modify /etc/ssh/ssh_config to specify the Protocol option, it would
automatically connect via ssh1 if I had ssh1 keys available (and no ssh2
keys).  Now, it seems that I have to hardwire the Protocol to 1,2 to get it
to work.  Here is my ssh_config file:

Compression yes
CompressionLevel 9
FallBackToRsh no
RSAAuthentication yes
GatewayPorts yes
ForwardX11 no
KeepAlive no
PasswordAuthentication no
RhostsAuthentication no
RhostsRSAAuthentication yes
RSAAuthentication yes
UseRsh no

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Use /etc/ssh/ssh_config file mentioned above
2. Only have .ssh/identify and no ssh2 id files
3. Do ssh-agent bash; ssh-add
4. Try to connect to ssh1 machines.
5. Watch it fail.

Actual Results:  I get messages like:

The authenticity of host 'cse (' can't be established.
DSA key fingerprint is 65:23:04:63:7e:04:5b:e1:ba:84:b4:bf:46:1e:e2:d0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'cse' (DSA) to the list of known hosts.
Permission denied (publickey,password).

Expected Results:  I expected to connect via ssh1.

Additional info:
Comment 1 Nalin Dahyabhai 2002-03-07 16:16:58 EST
The protocol version is selected before authentication is performed, so when the
server offers protocol 2, the client attempts to use it.  It's only then that
the presence of a key comes into play, and when one isn't found which can be
used with the protocol in use, a password prompt is issued.  This is the
expected behavior.

Try adding something similar to this to override for just the particular host:
Host sources.redhat.com
        Protocol 1,2
        ForwardX11 no

Note You need to log in before you can comment on or make changes to this bug.