SSH Does Not Accept the Public Key

Support knowledgebase (72_ssh)
Applies to

SuSE Linux: Version 7.2
This article refers to an older version of SuSE Linux. Therefore some of the informations given in this article may be outdated or the article may contain stale links.

OpenSSH: Version 2.9p1

Symptom

You have installed SuSE Linux 7.2 or upgraded to this version from an older one. Some users have older SSH keys. When logging in, they are asked for their user passwords instead of their key passphrases. Also, the ssh-agent cannot be used any longer.

Cause

OpenSSH version 2.9p1 or higher does no longer use the SSH protocol 1 but protocol 2 by default. Since older keys are not suitable for this protocol, SSH cannot authenticate users on the basis of their keys.

If you have disabled the password authentication, the authentication process will even completely abort.

Solution

There are two ways of restoring this accustomed function:

  1. Add the following line to the already active options in the file /etc/ssh/ssh_config (to make it work on the whole computer) or in the file ~/.ssh/config (to make it work for particular users only):

    Protocol 1,2
  2. Alternatively, you can also generate new keys for the protocol 2, which is a much more secure method:

    The new keys can be generated by executing ssh-keygen followed by the option for the algorithm DSA or RSA (just select the one you consider safer):

    ssh-keygen -t dsa
    or
    ssh-keygen -t rsa

    The new keys can be found in the directory ~/.ssh/ after having executed ssh-keygen:

    id_dsa and id_dsa.pub or id_rsa and id_rsa.pub. You should move the public keys (ending with *.pub) to the file ~/.ssh/authorized_keys2 so that they can be used, too.


Keywords: SSH, SSH-AGENT, PASSPHRASE, OPENSSH

Categories: Applications

SDB-72_ssh, Copyright SuSE Linux AG, Nürnberg, Germany - Version: 05. Feb 2002
SuSE Linux AG - Last generated: 05. Feb 2002 by ip (sdb_gen 1.40.0)