Adriana Rodean wrote:
> Hi Roumen,
>
> I fixed the certificate validation, so it return 1(trusted) now, but I
> still can?t go on. After everything seem to be OK, certificate
> validated,
> Client tries to authenticate with keyboard.interactive. This of course
> doesn?t work and connection is closed.
>
> Here is output from server (started with option -d):
> debug1: ssh_set_validator: ignore responder url
> debug1: sshd version OpenSSH_5.1p1
> debug1: read PEM private key begin
> debug1: read X509 certificate done: type RSA+cert
> debug1: read PEM private key done: type RSA+cert
> debug1: private host key: #0 type 3 RSA+cert
[SNIP]
> method keyboard-interactive
[SNIP]

> and ouput from client (started with option -v):
> OpenSSH_5.1p1, OpenSSL 0.9.8j 07 Jan 2009
> debug1: Reading configuration data c:\\openssh\\bin\\ssh_config
> debug1: ssh_set_validator: ignore responder url
> debug1: Connecting to 10.3.3.12 [10.3.3.12] port 22.
> debug1: Connection established.
> debug1: identity file C:/OpenSSH/Certs/id_rsa type 3
> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1
> debug1: match: OpenSSH_5.1 pat OpenSSH*
[SNIP]
> debug1: Host '10.3.3.12' is known and matches the RSA+cert host key.
> debug1: Found key in /home/Administrator.JOGE/.ssh/known_hosts:1
[SNIP]
> debug1: Authentications that can continue: keyboard-interactive
> debug1: Next authentication method: keyboard-interactive
> debug1: Authentications that can continue: keyboard-interactive
[SNIP]
> What did I miss?

Check the client option PreferredAuthentications. In you case may be is
only keyboard-interactive. The default is "hostbased, publickey,
keyboard-interactive, password". For certificates it has to contain
publickey or hostbased. Lets start with publickey.
Also check client options PubkeyAuthentication and PubkeyAlgorithms.

On the server check server options PubkeyAuthentication and
PubkeyAlgorithms.

Initially you may left PubkeyAlgorithms as default.

[SNIP]

Roumen

[ reply ]