Running OpenSSH 3.4p1 on Linux. Here's the contents of ~/.ssh/options: Host * UsePrivilegedPort no Protocol 1 Host shevy HostName shevy.roaringpenguin.com User dfs Protocol 2 Port 23 When I do "ssh -v shevy", we see: OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f debug1: Reading configuration data /home/dfs/.ssh/config debug1: Applying options for * debug1: Applying options for shevy debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to shevy.roaringpenguin.com [192.168.2.1] port 23. debug1: Connection established. debug1: identity file /home/dfs/.ssh/identity type 0 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1 debug1: match: OpenSSH_3.4p1 pat OpenSSH* debug1: Local version string SSH-1.5-OpenSSH_3.4p1 debug1: Waiting for server public key. debug1: Received server public key (768 bits) and host key (1024 bits). debug1: Host 'shevy.roaringpenguin.com' is known and matches the RSA1 host key. debug1: Found key in /home/dfs/.ssh/known_hosts:7 debug1: Encryption type: 3des debug1: Sent encrypted session key. debug1: cipher_init: set keylen (16 -> 32) debug1: cipher_init: set keylen (16 -> 32) debug1: Installing crc compensation attack detector. debug1: Received encrypted confirmation. debug1: Trying RSA authentication via agent with 'dfs@shishi.skoll.ca' debug1: Received RSA challenge from server. debug1: Sending response to RSA challenge. debug1: Remote: RSA authentication accepted. debug1: RSA authentication accepted by server. debug1: Requesting pty. debug1: fd 3 setting TCP_NODELAY debug1: Requesting shell. debug1: Entering interactive session. Last login: Wed Jul 17 10:47:58 2002 from shishi.roaringpenguin.com As you see, it used Protocol 1 instead of Protocol 2. When I explicitly put -2 on the command line, it works as expected: $ ssh -v -2 shevy OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f debug1: Reading configuration data /home/dfs/.ssh/config debug1: Applying options for shevy debug1: Reading configuration data /etc/ssh/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to shevy.roaringpenguin.com [192.168.2.1] port 23. debug1: Connection established. debug1: identity file /home/dfs/.ssh/id_rsa type -1 debug1: identity file /home/dfs/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1 debug1: match: OpenSSH_3.4p1 pat OpenSSH* Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.4p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 119/256 debug1: bits set: 1598/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY ...
Sorry; my illustrated output for the second case was wrong. It should look like this: $ ssh -v -2 shevy OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f debug1: Reading configuration data /home/dfs/.ssh/config debug1: Applying options for * debug1: Applying options for shevy debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to shevy.roaringpenguin.com [192.168.2.1] port 23. debug1: Connection established. debug1: identity file /home/dfs/.ssh/id_rsa type 0 debug1: identity file /home/dfs/.ssh/id_dsa type 2 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1 debug1: match: OpenSSH_3.4p1 pat OpenSSH* Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.4p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 115/256 debug1: bits set: 1559/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'shevy.roaringpenguin.com' is known and matches the RSA host key. debug1: Found key in /home/dfs/.ssh/known_hosts:6 debug1: bits set: 1597/3191 debug1: ssh_rsa_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey debug1: next auth method to try is publickey debug1: userauth_pubkey_agent: testing agent key /home/dfs/.ssh/id_dsa debug1: input_userauth_pk_ok: pkalg ssh-dss blen 433 lastkey 0x80890f0 hint -1 debug1: ssh-userauth2 successful: method publickey debug1: channel 0: new [client-session] debug1: send channel open 0 debug1: Entering interactive session. debug1: ssh_session2_setup: id 0 debug1: channel request 0: pty-req debug1: channel request 0: shell debug1: fd 3 setting TCP_NODELAY debug1: channel 0: open confirm rwindow 0 rmax 32768 Last login: Wed Jul 17 10:54:41 2002 from shishi.roaringpenguin.com
first match counts, see the documentation.
Mass change of RESOLVED bugs to CLOSED