Yes we can replace it. What was the problem with the original key?

We have had a security breech. We would like to replace the current
key to fix this.

Kenneth,

We have had a security breech. We would like to replace the current
key to fix this.

louis is more likely to deal with this in a timely fashion. apologies
for the delay

thanks, martijn, but simon and support needs to handle this.
Simon, just attach the new key and reassign to support.

-louis

Created attachment 5589 [details]
new ssh2 public key

Reassigned to support@openoffice.org with new key attached.

Opened internal issue to get key on system.

timeframe: will update by 04/14/03.

Simon, we need the key attachment as a 1-line with no line-break key
instead of the public key footer. Could you please reattach your key?

fyi- you'll notice the actual key won't have "---BEGIN---" or the
subject. It should start "ssh-dss" and will end with something similar
to == simon@

Kenneth,

I don't understand what you are asking for. ssh-keygen created the id_dsa.pub 
file, that contains the key, that I placed in a zip file for you to use. This 
is exactly the same way that I created the last key and sent to OpenOffice. Why 
is there a difference this time?

Please advise.

there's a small difference, but nothing wrong with the key itself,
just the way the data is exported (and then presented to us as text).

what program did you use to generate your keypair? If you let me know
what you used I can look up how to export the data in the format we need.

Like I stated in my previous message I used the ssh-keygen program to generate 
the key. The public and private keys are placed in the .ssh2 folder in the home 
directory, and that is what I sent you.

ssh-keygen -i -f oookeys/id_dsa_2048_c.pub > id_dsa_2048_c.pub

did the trick. please test your tunneling access and verify you can
connect.

Kenneth,

Tried to login to tunnel today but password not accepted. Here is the session:

$ ssh2 -x -L 2401:localhost:2401 tunnel@openoffice.org
Host key not found from database.
Key fingerprint:
xoziv-tovup-kovib-lucud-fubub-mudyl-rucid-docir-rapad-celed-fexux
You can get a public key's fingerprint by running
% ssh-keygen -F publickey.pub
on the keyfile.
Are you sure you want to continue connecting (yes/no)? yes
Host key saved to /boot/home/.ssh2/hostkeys/key_22_openoffice.org.pub
host key for openoffice.org, accepted by simon Wed Apr 23 2003 13:45:42 -0300
tunnel's password:
tunnel's password:
tunnel's password:
warning: Authentication failed.
Disconnected; no more authentication methods available (No further 
authentication methods available.).
$

Simon, 
Could you please re-run the tunnel command and paste the output in the
issue again. I'd like to have a more recent copy of an attempt. 

After posting this, do not assign this issue to any individual,
reassign it to the appropriate issue alias so that it won't get lost
in any individual queue. Thanks

simon - also add the -vvv (a lot of verbosity) in the command, for
additional output

Here is the output from another attempt:
Note, I hit Ctrl-C at the end after attempting to login twice.
------------
$  ssh2 -vvv -x -L 2401:localhost:2401 tunnel@openoffice.org
debug: Connecting to openoffice.org, port 22... (SOCKS not used)
debug: Ssh2/ssh2.c:2311/main: Entering event loop.
debug: BeOSfdStream/sshbeosfdstream.c:221/beos_write_fd_func: Write thread for 
filedescriptor 1 started. thread=930
debug: BeOSfdStream/sshbeosfdstream.c:183/beos_read_fd_func: Read thread for 
filedescriptor 0 started. thread=929
debug: Ssh2Client/sshclient.c:1421/ssh_client_wrap: Creating transport 
protocol.
debug: SshAuthMethodClient/sshauthmethodc.c:85/
ssh_client_authentication_initialize: Added "publickey" to usable methods.
debug: SshAuthMethodClient/sshauthmethodc.c:85/
ssh_client_authentication_initialize: Added "keyboard-interactive" to usable 
methods.
debug: SshAuthMethodClient/sshauthmethodc.c:85/
ssh_client_authentication_initialize: Added "password" to usable methods.
debug: Ssh2Client/sshclient.c:1462/ssh_client_wrap: Creating userauth protocol.
debug: client supports 3 auth methods: 'publickey,keyboard-
interactive,password'
debug: Ssh2Common/sshcommon.c:530/ssh_common_wrap: local ip = 129.173.67.61, 
local port = 49165
debug: Ssh2Common/sshcommon.c:532/ssh_common_wrap: remote ip = 64.125.133.202, 
remote port = 22
debug: SshConnection/sshconn.c:1945/ssh_conn_wrap: Wrapping...
debug: SshReadLine/sshreadline.c:2420/ssh_readline_eloop_initialize: 
Initializing ReadLine...
debug: Remote version: SSH-1.99-OpenSSH_3.4p1
debug: OpenSSH: Major: 3 Minor: 4 Revision: 0
debug: Ssh2Transport/trcommon.c:1518/ssh_tr_input_version: All versions of 
OpenSSH handle kex guesses incorrectly.
debug: Ssh2Transport/trcommon.c:1901/ssh_tr_negotiate: lang s to c: `', lang c 
to s: `'
debug: Ssh2Transport/trcommon.c:1967/ssh_tr_negotiate: c_to_s: cipher aes128-
cbc, mac hmac-sha1, compression none
debug: Ssh2Transport/trcommon.c:1970/ssh_tr_negotiate: s_to_c: cipher aes128-
cbc, mac hmac-sha1, compression none
debug: Remote host key found from database.
debug: Ssh2Common/sshcommon.c:331/ssh_common_special: Received 
SSH_CROSS_STARTUP packet from connection protocol.
debug: Ssh2Common/sshcommon.c:381/ssh_common_special: Received 
SSH_CROSS_ALGORITHMS packet from connection protocol.
debug: server offers auth methods 'publickey,password'.
debug: SshConfig/sshconfig.c:2704/ssh2_parse_config_ext: Unable to open /boot/
home/.ssh2/identification
debug: Ssh2AuthClient/sshauthc.c:319/ssh_authc_completion_proc: Method 
'publickey' disabled.
debug: server offers auth methods 'publickey,password'.
debug: Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd: Starting 
password query...
tunnel's password:
debug: server offers auth methods 'publickey,password'.
debug: Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd: Starting 
password query...
tunnel's password:
debug: server offers auth methods 'publickey,password'.
debug: Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd: Starting 
password query...
tunnel's password:
Received signal 2. (no core)

Received signal 2. (no core)

Received signal 2. (no core)

Received signal 6. (no core)

Received signal 6. (no core)

Received signal 6. (no core)
Kill Thread

simon:
1) are you sure you're using the right pw?
2) does the user account you're using have the correct permissions to
use the key?

debug: SshConfig/sshconfig.c:2704/ssh2_parse_config_ext: Unable to
open /boot/home/.ssh2/identification

debug: Ssh2AuthClient/sshauthc.c:319/ssh_authc_completion_proc: Method 
'publickey' disabled.

> 1) are you sure you're using the right pw?

Yes. It's the same one that was used to create the key...

>debug: SshConfig/sshconfig.c:2704/ssh2_parse_config_ext: Unable to
>open /boot/home/.ssh2/identification

... but I don't have this 'identification' file, if it is supposed to exist.

>2) does the user account you're using have the correct permissions to
>use the key?
>debug: Ssh2AuthClient/sshauthc.c:319/ssh_authc_completion_proc: Method 
>'publickey' disabled.

There are no other accounts other than the one I have, and the files and 
directory are set as my account as the owner with full permission.

Simon:
can you try the "-i keyname" option as well?
when using the -i option you'll have to use the full path to your key

I added the -i option and it seems to fail to read the file...

----------------------------------------------
$ ssh2 -vvv -x -i /boot/home/.ssh2/id_dsa_2048_c.pub -L 2401:localhost:2401 
tunnel@openoffice.org
debug: Connecting to openoffice.org, port 22... (SOCKS not used)
debug: Ssh2/ssh2.c:2311/main: Entering event loop.
debug: BeOSfdStream/sshbeosfdstream.c:221/beos_write_fd_func: Write thread for 
filedescriptor 1 started. thread=34172
debug: Ssh2Client/sshclient.c:1421/ssh_client_wrap: Creating transport 
protocol.
debug: BeOSfdStream/sshbeosfdstream.c:183/beos_read_fd_func: Read thread for 
filedescriptor 0 started. thread=34171
debug: SshAuthMethodClient/sshauthmethodc.c:85/
ssh_client_authentication_initialize: Added "publickey" to usable methods.
debug: SshAuthMethodClient/sshauthmethodc.c:85/
ssh_client_authentication_initialize: Added "keyboard-interactive" to usable 
methods.
debug: SshAuthMethodClient/sshauthmethodc.c:85/
ssh_client_authentication_initialize: Added "password" to usable methods.
debug: Ssh2Client/sshclient.c:1462/ssh_client_wrap: Creating userauth protocol.
debug: client supports 3 auth methods: 'publickey,keyboard-
interactive,password'
debug: Ssh2Common/sshcommon.c:530/ssh_common_wrap: local ip = 129.173.67.61, 
local port = 50646
debug: Ssh2Common/sshcommon.c:532/ssh_common_wrap: remote ip = 64.125.133.202, 
remote port = 22
debug: SshConnection/sshconn.c:1945/ssh_conn_wrap: Wrapping...
debug: SshReadLine/sshreadline.c:2420/ssh_readline_eloop_initialize: 
Initializing ReadLine...
debug: Remote version: SSH-1.99-OpenSSH_3.4p1
debug: OpenSSH: Major: 3 Minor: 4 Revision: 0
debug: Ssh2Transport/trcommon.c:1518/ssh_tr_input_version: All versions of 
OpenSSH handle kex guesses incorrectly.
debug: Ssh2Transport/trcommon.c:1901/ssh_tr_negotiate: lang s to c: `', lang c 
to s: `'
debug: Ssh2Transport/trcommon.c:1967/ssh_tr_negotiate: c_to_s: cipher aes128-
cbc, mac hmac-sha1, compression none
debug: Ssh2Transport/trcommon.c:1970/ssh_tr_negotiate: s_to_c: cipher aes128-
cbc, mac hmac-sha1, compression none
debug: Remote host key found from database.
debug: Ssh2Common/sshcommon.c:331/ssh_common_special: Received 
SSH_CROSS_STARTUP packet from connection protocol.
debug: Ssh2Common/sshcommon.c:381/ssh_common_special: Received 
SSH_CROSS_ALGORITHMS packet from connection protocol.
debug: server offers auth methods 'publickey,password'.
warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 4: parsing line failed.
warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 5: parsing line failed.
warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 6: parsing line failed.
warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 7: parsing line failed.
warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 8: parsing line failed.
warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 9: parsing line failed.
warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 10: parsing line failed.
warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 11: parsing line failed.
warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 12: parsing line failed.
warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 13: parsing line failed.
warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 14: parsing line failed.
warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 15: parsing line failed.
warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 16: parsing line failed.
warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 17: parsing line failed.
warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 18: parsing line failed.
debug: Ssh2AuthClient/sshauthc.c:319/ssh_authc_completion_proc: Method 
'publickey' disabled.
debug: server offers auth methods 'publickey,password'.
debug: Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd: Starting 
password query...
tunnel's password:
debug: server offers auth methods 'publickey,password'.
debug: Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd: Starting 
password query...
tunnel's password:
debug: server offers auth methods 'publickey,password'.
debug: Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd: Starting 
password query...
tunnel's password:

Simon, 
could you please generate a new key by typing:
"ssh-keygen -d"
and attaching the key to this issue please?
Once we get that we'll put it on the server.

I don't have a -d option... here is what I have in BeOS.

$ssh-keygen2 --help
Usage: ssh-keygen [options] [key1 key2 ...]
Where `options' are:
 -b nnn         Specify key strength in bits (e.g. 1024)
 -t dsa | rsa   Choose the key type.
 -c comment     Provide the comment.
 -e file        Edit the comment/passphrase of the key.
 -p passphrase  Provide passphrase.
 -P             Assume empty passphrase.
 -?
 -h             Print this help text.
 -q             Suppress the progress indicator.
 -1             Convert a SSH 1.x key.
 -i file        Load and display information on `file'.
 -D file        Derive the public key from the private key 'file'.
 -B number      The number base for displaying key information (default 10).
 -V             Print ssh-keygen version number.
 -r file        Stir data from file to random pool.
 -F file        Dump fingerprint of file.

I took the -d options from the cygwin instructions here-
http://www.openoffice.org/docs/ddSSHGuide.html as I thought you were
using cygwin to generate your key.
Just make a new dsa key per those instructions using the options
specific to your OS. Do not add any extra options or extend the key size.

Here is the public key file. It was generated using the -t dsa option as per 
the Linux instructions, which the BeOS ssh-keygen is a ported from.

---- BEGIN SSH2 PUBLIC KEY ----
Subject: simon
Comment: "2048-bit dsa, simon@SGauvin, Thu Jun 05 2003 17:01:31 -0300"
AAAAB3NzaC1kc3MAAAEBANfRveaQqYMDcPRSMctUOMsOdSPfdUjym12IRxHdTbfjNAbHQa
QJTQnXdqUjxB3iBsR0bPlhWFeKTT2ojP9g64wRL6NJU0xyvSKhxLX/tkE+s0gYehPGjj3n
G4etZvUL179d7BaHhbhYuERbOk+qn4uNNqW2Qm3jiqfMBHs0mDdb3BNNo/fBwgKEmNzNQW
V//h3fz/M4mzIbgDtJsm5NX1jzaQIESKegRO/d7UFPP9nCsEyz5Ys5DT9Sv1GuNu/SDYqd
uH1aWDZzjLmjpBlJHz56uT6WhS+WlZP15M3n021GUUTANrvk2EHPfxKEoltG78LkVSTLVw
i3JXmMh7iVIbcAAAAVANMgOxaQwag/Cxl/8FckSmnOxdSlAAABAQCainMW2mRzZSuWO1xY
HH8/cWkZ9l1/X16VOZ4p/hbFpLMjFMmpSFXDbG/iv3jG1EnmbriTamhoEYbu1B0lRr+5DC
MmnYpI4IsUukNTuu3r58u6HpWht/elgQUDyY+xooEegAgrXJ1QtaAobX5lat5jjQaUB3w3
yTAHF1+xtNNB72zj2/SHVc6+WWzy45L4rQjxeQYESb180BgsNh7arpUu8maAEji3tpWOyL
sQtGcvQlCfQIE0HQlzdg95/e+/beGvGTgyXeX1huokw7o9tmitcovWdaRuuW29KmIjtNd5
Kfk5gCRnkJ03P0TqeHrvOFlVP+IYJlmff1bWdHVhszJYAAABAQCPZM9zKoIO6frieXmVMK
7G6sEBXK62rsmEMjyiduPHGIRXws5OI/ZTYdI/RTqxpNiLo8INUzksA03Ww+KNukS/zy+D
C/T2T+KVxd6rMmKEDkKbyp+/k1CtOgEtk5MBb+Wb1n06vMVPlhTOlcYB4gqRtcbz4pS0cI
duN1z0ELOmVENF0gKtmevXaOxBWqYU2VjVks+jqZ6Lol1OoBEh4DrIghJakh6Y0Tzwn5ti
/79hqR0teQ3+m/T3u8Ck7CmJI4QjqYeAwMDEX2P2NECDmHsRgQsxxovCK+O0T1ynZuFCL5
Frf1xayaTmcfDukbT/OEm4QqJSE3Y5O/MR9z3alnyM
---- END SSH2 PUBLIC KEY ----

again, this key is in the improper format, and I cannot accept this
for usage. 

I'd recommend that you convert the pub key to openssh format. (I tried
again, as I had back on 4/15 but was not successful).

If you cat the key file it'll be one line and usually end w/
simon@machinename.

Here's a copy of mine:
[kenneth@dhcp117 oookeys]$ cat ~/personal/keys/kenneth-oo.pub 
ssh-dss
AAAAB3NzaC1kc3MAAACBAMGJTWa3yZ1i8pH4emE9MimDSgMIpnP+Wugu/+LNJijPxxbCVS+2dZSaJvulf0ekEZZqr2nFyv+dTqs6pQmaBb2mPhoQQvOdnw/5srJcR0tnplheiKf+MH1jdfCbTfRSQNCuM8kNgLb5vAqDlaFqUuZNk8wBLv8WkI5OmBPv5JdDAAAAFQCIT6e9LBXa66rIZW/Uwsey/QoZbQAAAIAG4eZotYF77Msm/U2LZQdhb3yKLRaTajCZFMMKBnYdIe1ONwkd3PDRIn/5QQjzglaTkxLwQH311Jx+nnOF2vwRMhltbAt+DwcCDShgBSsfF42KAIFLZ9C5I96yTbV0Xmzi4YPsyVWNouYiBEs4iAyOt5udL1CL6p+x7x6ARxKxyAAAAIAvlOXIo7f6kU1naZnaEdoHyyx3lFVkjC1PMCiGkgGANugeszZNug6KTD6Mm9EwlzDX/TWNMW1RB1fzpkdMc5Vt4fGZs7MTJo42DL079YmDU8vipL/HKBMCIoKgks8Gf0iRY23BrGbjj/Tv2ecTpm+HHnEY8gUviHwzrv54V9MQ7A==
Kenneth@NEWUSER1

reassigning to Simon, cc'ing Louis. He may be able to provide more
guidance. 

simon, eliminating the comment might help matters but it is possible that the key 
was generated using a different version of OpenSSH.  Can you enter bash and try the 
command there?
louis

This file was created by the ssh-keygen program that ran in a bash shell on 
BeOS. All I did was open the file and copy/paste it into this web page as it 
appeared in the file... 

perhaps the problem is the ssh-keygen program?

hi
it may be, but I have not had issues, but am using mac os x.  try this:
ssh-keygen -d
louis

Louis,

I think we're going in circles now. That's what Kenneth asked me to do 7 
messages ago... and BeOS does not have a -d option. It used -t dsa, which is 
the same thing, and what I used that last key I created.

Please advise.

hi
well, I did get a chuckle out of your last message :)  first, please confirm that the -d 
does not work.  It is not stipulated as working on my system anyway but it works all 
the same.
Second, is there any way to simply use a linux box (or some other) to generate the 
key that you then keep in your .ssh folder? I'll even do it for you.
louis
ps, please don't reassign to support, but to me.

Louis:
fyi-
in some cases you can convert the keys for the end users by typing:
%ssh-keygen -i -f oookeys/keyname.pub > keyname.pub
but for some reason I can't get it to convert correctly in this case.
I don't know if it's the bytesize of the key or something else.

Louis,

Here is a key that was generated on another machine. Let's see if this
works...

ssh-dss
AAAB3NzaC1kc3MAAACBAMvKx6CeH8KuZht1nm100Eldt+RhnGIPU60BseY2FCf7tM4CRxjByKk/qavFbUa/+GT07DW670jDxbqyQPc8wX/Gi4y+RZnZ7gd2dI1BtSeX533Sm/aFawb88w4URZK13UqC+1p8f3RSW89mTrpSk1YR5f1NmZZ8JgKsxHKDu60/AAAAFQCRy1Zwn5ScbT65Nb9lBb4Z59P9RwAAAIAPsIXIayqRuiFnIP3bKY3BEVgftOOufBKKk2qQjipB63NyFWeZ4lyUscpu9QQTQhg/xuIwa9CAVqM12msXLP6Ar/RY50mTp+NCtWwBGrJk8+sAYX9Xbo3MvRdeeLYkJjOz2yYP4gq+t8UJaD92oS803UFEZrF7bRS+1/duUEUZigAAAIEAxZj6MgGVitOTNwkQSqOQTN/v1dZPpmNGn7XsUI3ppD7BlfRZmOCtj5IfWqQQmSdcdbeEACiKtrp8KXOKvFYsAeYbgg7ekzW9cNbFwnnh2min/bWF/yjSumaDw71z20XdTIvodD3JfxSlwtmS0um0TNRh9ryEmY1rgZ6RuiHSsr0=gauvins@locutus

hi,
simon, can you send it as an attachment?
sorry
louis

Created attachment 8090 [details]
Public ssh2 key

Louis,

Key is now attached.

Simon

hi, thanks
reassigning to support.
louis

Updated the internal issue with the new key.
Action Plan: Assigned the issue to operations and am waiting for 
their response.
Next Update: By end of day Wednesday.
Thanks,
Kristen

The new key has been put in place. 
Thanks,
Kristen

Simon,
Could you verify and mark this issue Closed?
Thanks,
Kristen

This issue is not resolved. As per your previous suggestion I created new keys 
using another system (SunOS) and transfered the keys to my BeOS system to use 
to login. 

The files, called openoffice and openoffice.pub, have been copied to the /home/
.ssh2 directory. Running ssh2 with the following command line: $ssh2 -x -L 
2401:localhost:2401 tunnel@openoffice.org creates a new connection, asks for 
the password, and fails to let me in by repeatedly asking for the password.

At this point I am completely lost...

Simon,
Could you purge your .known_hosts file and try again?
Requesting information from operations on anything else we can try.
Noting that Simon's original key was submitted in issue 11641.
Thanks,
Kristen



 

7521 was the OO issue number. 11641 was the CollabNet tracking number.

Simon,
If purging your known_hosts file doesn't work, you could also try:
ssh -v -i identity_file tunnel@openoffice.org
to make sure that the correct public key is getting presented.
I'll attach an example.
Thanks,
Kristen
 

Created attachment 8324 [details]
example

simon,
this problem intrigues me. out of curiosity, is your passphrase a real phrase or just 
one word?  I ask b/c sometimes phrases as such are actually *not* accepted; try a 
simple word or series of characters uninterrupted by spaces.

louis

Kristen,

I did remove all previous host files before trying to tunnel in on BeOS but 
this did not work. At this point I am resigned that BeOS will not work with 
ssh2 and the port we have is not working. To continue I will use OpenSSH on 
Linux to do our work, and tranfer files to BeOS when we start our port. Curious 
though, using SunOS I was able to establish a tunnel but never let go of the 
connection... any ideas?

Louise,

The passphrase is a single word.

Reasign to Kristen....

reassigning to support
louis

The user needs to re-read the Beos documentation for ssh as well as instructions
for generating the appropriate keys. End user training is out of the scope of
what we're doing, so I'm closing this as wontfix (although the user's key was
added long ago).

Closing this.