SSH AIX 4.3.3 Problem
From: Greg Dick (gregoryd@isc.upenn.edu)
Date: 01/10/03
- Previous message: Mak, Andrew: "Automating scp within script without passphrase"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 10 Jan 2003 10:07:18 -0500 To: secureshell@securityfocus.com From: Greg Dick <gregoryd@isc.upenn.edu>
Hi All,
I have this problem with SSH 3.2.0, it seems that I can not login to
it. I have attached the e-mail I sent ssh then regarding this. Any help
would be appreciated.
> (Product: SSH Secure Shell for Servers)
>
>
> === System Information
> ========================================================
>
> Server Version: SSH Secure Shell 3.2.0 (non-commercial version)
> on powerpc-ibm-aix4.3.3.0
>
> Operating System: AIX 4.3.x
>
> Compiled from source code
>
>
> Client Version:
>
> Operating System:
>
>
>
>
> === Problem Description
> =======================================================
>
> Authentication: Problems login in
>
>
> it will not take our passwords. When you log in it just keeps
> asking for you password over and over, never authenticating.
>
>
> --- Server configuration
> ------------------------------------------------------
>
> src@poplar(/etc/ssh2):more sshd2_config
> ## SSH CONFIGURATION FILE FORMAT VERSION 1.1
> ## REGEX-SYNTAX egrep
> ## end of metaconfig
> ## (leave above lines intact!)
> ## sshd2_config
> ## SSH 3.2 Server Configuration File
> ##
>
> ## General
>
> # HostKeyFile hostkey
> # PublicHostKeyFile hostkey.pub
> # RandomSeedFile random_seed
> # BannerMessageFile /etc/ssh2/ssh_banner_message
> # BannerMessageFile /etc/issue.net
> #
> # VerboseMode no
> # QuietMode no
> # SyslogFacility AUTH
> # SyslogFacility LOCAL7
> # SftpSyslogFacility LOCAL7
>
> ## Network
>
> # Port is not commented out, as it is needed by the example startup
> # scripts. Well, the default won't likely change.
> Port 22
> # ListenAddress any
> # ResolveClientHostName yes
> # RequireReverseMapping no
> # MaxBroadcastsPerSecond 0
> # MaxBroadcastsPerSecond 1
> # NoDelay no
> # KeepAlive yes
> # MaxConnections 50
> # MaxConnections 0
> # 0 == number of connections not limited
>
> ## Crypto
>
> # Ciphers AnyCipher
> # Ciphers AnyStdCipher
> # Ciphers 3des
> # Following includes "none" 'cipher':
> # Ciphers AnyStd
> #
> # MACs AnyMAC
> # MACs AnyStdMAC
> # Following includes "none" 'mac':
> # MACs AnyStd
> #
> # RekeyIntervalSeconds 3600
>
> ## User
>
> # PrintMotd yes
> # CheckMail yes
> # StrictModes yes
> # Specifies 1 hour (you can also use 'w' for week, 'd' for day, 'm' for
> # minute, 's' for seconds)
> # IdleTimeOut 1h
> # without specifier, the default number is in seconds
> # IdleTimeOut 3600
> #
> # UserConfigDirectory "%D/.ssh2"
> # UserConfigDirectory "/etc/ssh2/auth/%U"
> # AuthorizationFile authorization
> # This variable is set here, because by default it's empty, and so no
> # variables can be set. Because of that, we set a few common ones here.
> SettableEnvironmentVars
> LANG,LC_(ALL|COLLATE|CTYPE|MONETARY|NUMERIC|TIME),PATH,TERM,TZ
>
> ## Tunneling
>
> # AllowX11Forwarding yes
> # AllowTcpForwarding yes
> # AllowTcpForwardingForUsers sjl, cowboyneal@slashdot\.org
> # DenyTcpForwardingForUsers 2[[:digit:]]*4,peelo
> # AllowTcpForwardingForGroups privileged_tcp_forwarders
> # DenyTcpForwardingForGroups coming_from_outside
> #
> # Local port forwardings to host 10.1.0.25 ports 143 and 25 are
> # allowed for all users in group users.
> # Note that forwardings using the name of this host will be allowed (if
> # it can be resolved from the DNS).
> #
> # ForwardACL allow local .*%users \i10\.1\.0\.25%(143|25)
> #
> # Local port forwardings requested exactly to host proxy.company.com
> # port 8080 are allowed for users that have 's' as first character
> # and belong to the group with group id 10:
> #
> # ForwardACL allow local s.*%10 proxy\.company\.com%8080
> #
> # Remote port forwarding is denied for all users to all hosts:
> # ForwardACL deny remote .* .*
>
>
> ## Authentication
> ## publickey and password allowed by default
>
> # AllowedAuthentications publickey,password
> # AllowedAuthentications hostbased,publickey,password
> # AllowedAuthentications
> hostbased,publickey,keyboard-interactive
> # RequiredAuthentications publickey,password
> # LoginGraceTime 600
> # AuthInteractiveFailureTimeout 2
> #
> # HostbasedAuthForceClientHostnameDNSMatch no
> # UserKnownHosts yes
> #
> # AuthPublicKey.MaxSize 0
> # AuthPublicKey.MinSize 0
> # AllowAgentForwarding yes
> #
> # AuthKbdInt.NumOptional 0
> # AuthKbdInt.Optional pam,password
> # AuthKbdInt.Required password
> # AuthKbdInt.Retries 3
> #
> # PermitEmptyPasswords no
> # PasswordGuesses 3
>
> ## Host restrictions
>
> # AllowHosts localhost, foobar.com,
> friendly.org
> #
> ## Next one matches with, for example, taulu.foobar.com, tuoli.com, but
> ## not tuoli1.com. Note that you have to input string "\." when
> you want it
> ## to match only a literal dot. You also have to escape "," when you
> ## want to use it in the pattern, because otherwise it is
> considered a list
> ## separator.
> ##
> ## AllowHosts t..l.\..*
> ##
> ## The following matches any numerical IP-address (yes, it is cumbersome)
> ##
> ## AllowHosts ([[:digit:]]{1\,3}\.){3}[[:digit:]]{1\,3}
> ##
> ## Same thing is achieved with using the special prefix "\i" in a
> ## pattern. This means that the pattern is only used to match
> ## IP-addresses.
> ##
> ## Using the above example:
> ##
> ## AllowHosts \i.*
> ##
> ## You can probably see the difference between the two.
> ##
> ## Also, you can use subnet masks, by using prefix "\m"
> ##
> ## AllowHosts \m127.0/8
> ## and
> ## AllowHosts \m127.0.0.0/24
> ##
> ## would match localhost ("127.0.0.1").
> ##
> # DenyHosts evil\.org, aol\.com
> # AllowSHosts trusted\.host\.org
> # DenySHosts not\.quite\.trusted\.org
> # IgnoreRhosts no
> # IgnoreRootRHosts no
> # (the above, if not set, is defaulted to the value of IgnoreRHosts)
>
> ## User restrictions
>
> # AllowUsers sj.*,s[[:digit:]]*,s(jl|amza)
> # DenyUsers skuuppa,warezdude,31373
> # DenyUsers don@untrusted\.org
> # AllowGroups staff,users
> # DenyGroups guest,anonymous
> # PermitRootLogin yes
> # PermitRootLogin nopwd
>
> ## Chrooted environment
>
> # ChRootUsers anonymous,ftp,guest
> # ChRootGroups sftp,guest
>
> ## SSH1 compatibility
>
> # Ssh1Compatibility no
> # Sshd1Path <set by configure by default>
> #
> # This is given as argument to sshd1 with "-f" if sshd2 is invoked
> # with "-f", otherwise the default configuration for sshd1 is used.
> # Sshd1ConfigFile /etc/sshd_config_alternate
>
> ## subsystem definitions
>
> # Subsystems don't have defaults, so this is needed here (uncommented).
> subsystem-sftp sftp-server
> # Also internal sftp-server subsystem can be used.
> # subsystem-sftp internal://sftp-server
>
> ## Subconfiguration
> # There are no default subconfiguration files. When specified the last
> # obtained keyword value will prevail. Note that the host specific files
> # are read before the user specific files.
>
> # Following matches (from) any host
> #
> # HostSpecificConfig .* /etc/ssh2/subconfig/host_ext.example
> #
> # Following matches to subnet mask:
> #
> # HostSpecificConfig \m192.168.0.0/16
> /etc/ssh2/subconfig/host_int.example
> #
> # Following matches to users from ssh.com that have two character long
> # username or is sjl and belong to group wheel or wheel[0-9]
> #
> # UserSpecificConfig (..|sjl)%wheel[[:digit:]]?@ssh\.com
> /etc/ssh2/subconfig/user.example
> #
> # Following matches to the user anonymous from any host
> #
> # UserSpecificConfig anonymous@.*
> /etc/ssh2/subconfig/anonymous.example
>
> --- Client configuration
> ------------------------------------------------------
>
> ## SSH CONFIGURATION FILE FORMAT VERSION 1.1
> ## REGEX-SYNTAX egrep
> ## end of metaconfig
> ## (leave above lines intact!)
> ## ssh2_config
> ## SSH 3.2 Client Configuration File
> ##
>
> ## The ".*" is used for all hosts, but you can use other hosts as
> ## well. See examples at the end of the file.
> .*:
>
> ## General
>
> # VerboseMode no
> # QuietMode no
> # DontReadStdin no
> # BatchMode no
> # Compression no
> # ForcePTTYAllocation no
> # GoBackground no
> # EscapeChar ~
> # PasswordPrompt "%U@%H's password: "
> # PasswordPrompt "%U's password: "
> # AuthenticationSuccessMsg yes
> # SetRemoteEnv FOOBAR=baz
>
> ## Network
>
> # Port 22
> # NoDelay no
> # KeepAlive yes
> # SocksServer
> socks://mylogin@socks.ssh.com:1080/203.123.0.0/16,198.74.23.0/24
> # UseSocks5 no
>
> ## Crypto
>
> # Ciphers AnyStdCipher
> # MACs AnyStdMAC
> # StrictHostKeyChecking ask
> # RekeyIntervalSeconds 3600
>
> ## User public key authentication
>
> # IdentityFile identification
> # RandomSeedFile random_seed
>
> ## Tunneling
>
> # GatewayPorts no
> # ForwardAgent yes
> # ForwardX11 yes
> # TrustX11Applications no
> # XauthPath <set by configure by default>
>
> # Tunnels that are set up upon login
> #
> # LocalForward "110:pop3.company.com:110"
> # LocalForward "143:imap.company.com:143"
> # LocalForward "25:smtp.company.com:25"
> # RemoteForward "3000:localhost:22"
>
> ## SSH1 Compatibility
>
> # Ssh1InternalEmulation yes
> # Ssh1Compatibility no
> # Ssh1AgentCompatibility none
> # Ssh1AgentCompatibility traditional
> # Ssh1AgentCompatibility ssh2
> # Ssh1Path /usr/local/bin/ssh1
> # Ssh1MaskPasswordLength yes
>
> ## Authentication
> ## publickey, keyboard-interactive and password allowed by default
> ## Least interactive method should be usually attempted first.
>
> # AllowedAuthentications
> publickey,keyboard-interactive,password
> # AllowedAuthentications
> hostbased,publickey,keyboard-interactive,password
>
>
> # For ssh-signer2 (only effective if set in the global configuration
> # file, usually /etc/ssh2/ssh2_config)
>
> # DefaultDomain foobar.com
> # SshSignerPath ssh-signer2
>
> ## Examples of per host configurations
>
> #alpha.*:
> # Host alpha.oof.fi
> # User username_at_alpha
> # PasswordPrompt "%U:s password at %H: "
> # Ciphers aes
>
> #foobar:
> # Host foo.bar
> # User foo_user
>
> --- Server debug output
> -------------------------------------------------------
>
> sshd: SSH Secure Shell 3.2.0 (non-commercial version) on
> powerpc-ibm-aix4.3.3.0
> debug[60244]: Host key pair is not specified, trying to use
> default 'hostkey'.
> debug[60244]: Becoming server.
> debug[60244]: Creating listener
> debug[60244]: Listener created
> debug[60244]: no udp listener created.
> <84>Jan 9 15:47:30 sshd[60244]: Listener created on port 22.
>
> <84>Jan 9 15:47:30 sshd[60244]: Daemon is running.
>
> debug[60244]: Running event loop
> debug[60244]: ssh_sigchld_real_callback
> <86>Jan 9 15:47:36 sshd[60244]: connection from "165.123.245.20"
>
> debug[60244]: ssh_server_wrap: creating transport protocol
> debug[60244]: ssh_server_wrap: creating userauth protocol
> debug[60244]: Ssh2Common/sshcommon.c:530/ssh_common_wrap: local
> ip = 165.123.245.20, local port = 22
> debug[60244]: Ssh2Common/sshcommon.c:532/ssh_common_wrap: remote
> ip = 165.123.245.20, remote port = 53231
> debug[60244]: new_connection_callback returning
> debug[60244]: Remote version: SSH-1.99-3.2.0 SSH Secure Shell
> (non-commercial)
> debug[60244]: Major: 3 Minor: 2 Revision: 0
> <84>Jan 9 15:47:45 sshd[60244]: password authentication failed.
> Login to account gregoryd not allowed or account non-existent.
>
> <84>Jan 9 15:47:51 sshd[60244]: password authentication failed.
> Login to account gregoryd not allowed or account non-existent.
>
> <84>Jan 9 15:47:56 sshd[60244]: password authentication failed.
> Login to account gregoryd not allowed or account non-existent.
>
> <86>Jan 9 15:47:58 sshd[60244]: Remote host disconnected: No
> further authentication methods available.
>
> debug[60244]: Sshd2/sshd2.c:269/server_disconnect:
> locally_generated = FALSE
> <86>Jan 9 15:47:58 sshd[60244]: no more authentication methods
> on remote: 'No further authentication methods available.'
>
> src@poplar(/usr/local/src):
>
> --- Client debug output
> -------------------------------------------------------
>
> gregoryd@poplar(/home/gregoryd):/usr/local/bin/ssh -d 2 poplar
>
> debug:
> SshAppCommon/sshappcommon.c:138/ssh_app_get_global_regex_context:
> Allocating global SshRegex context.
> debug: SshConfig/sshconfig.c:2797/ssh2_parse_config_ext:
> Metaconfig parsing stopped at line 3.
> debug: SshConfig/sshconfig.c:2704/ssh2_parse_config_ext: Unable
> to open /home/gregoryd/.ssh2/ssh2_config
> debug: Connecting to poplar, port 22... (SOCKS not used)
> debug: Ssh2/ssh2.c:2297/main: Entering event loop.
> debug: Ssh2Client/sshclient.c:1421/ssh_client_wrap: Creating
> transport protocol.
> debug:
> SshAuthMethodClient/sshauthmethodc.c:85/ssh_client_authentication_
> initialize: Added "publickey" to usable methods.
> debug:
> SshAuthMethodClient/sshauthmethodc.c:85/ssh_client_authentication_
> initialize: Added "keyboard-interactive" to usable methods.
> debug:
> SshAuthMethodClient/sshauthmethodc.c:85/ssh_client_authentication_
> initialize: Added "password" to usable methods.
> debug: Ssh2Client/sshclient.c:1462/ssh_client_wrap: Creating
> userauth protocol.
> debug: client supports 3 auth methods:
> 'publickey,keyboard-interactive,password'
> debug: Ssh2Common/sshcommon.c:530/ssh_common_wrap: local ip =
> 165.123.245.20, local port = 53178
> debug: Ssh2Common/sshcommon.c:532/ssh_common_wrap: remote ip =
> 165.123.245.20, remote port = 22
> debug: SshConnection/sshconn.c:1945/ssh_conn_wrap: Wrapping...
> debug:
> SshReadLine/sshreadline.c:2414/ssh_readline_eloop_initialize:
> Initializing ReadLine...
> debug: Remote version: SSH-2.0-3.2.0 SSH Secure Shell (non-commercial)
> debug: Major: 3 Minor: 2 Revision: 0
> debug: Ssh2Transport/trcommon.c:1901/ssh_tr_negotiate: lang s to
> c: `', lang c to s: `'
> debug: Ssh2Transport/trcommon.c:1967/ssh_tr_negotiate: c_to_s:
> cipher aes128-cbc, mac hmac-sha1, compression none
> debug: Ssh2Transport/trcommon.c:1970/ssh_tr_negotiate: s_to_c:
> cipher aes128-cbc, mac hmac-sha1, compression none
> debug: SshKeyFile/sshkeyfile.c:373/ssh_blob_read: file
> /home/gregoryd/.ssh2/hostkeys/key_22_poplar.pub does not exist.
> debug: SshKeyFile/sshkeyfile.c:373/ssh_blob_read: file
> /etc/ssh2/hostkeys/key_22_poplar.pub does not exist.
> Host key not found from database.
> Key fingerprint:
> xosat-dubuh-mosob-valen-rydig-dolof-gahor-kamyk-miduk-hebav-mixix
> You can get a public key's fingerprint by running
> % ssh-keygen -F publickey.pub
> on the keyfile.
> Are you sure you want to continue connecting (yes/no)? yes
> Host key saved to /home/gregoryd/.ssh2/hostkeys/key_22_poplar.pub
> host key for poplar, accepted by gregoryd Thu Jan 09 2003 20:21:58
> debug: Ssh2Common/sshcommon.c:331/ssh_common_special: Received
> SSH_CROSS_STARTUP packet from connection protocol.
> debug: Ssh2Common/sshcommon.c:381/ssh_common_special: Received
> SSH_CROSS_ALGORITHMS packet from connection protocol.
> debug: server offers auth methods 'publickey,password'.
> debug: SshConfig/sshconfig.c:2704/ssh2_parse_config_ext: Unable
> to open /home/gregoryd/.ssh2/identification
> debug: Ssh2AuthClient/sshauthc.c:319/ssh_authc_completion_proc:
> Method 'publickey' disabled.
> debug: server offers auth methods 'publickey,password'.
> debug:
> Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd:
> Starting password query...
> gregoryd's password:
> debug: server offers auth methods 'publickey,password'.
> debug:
> Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd:
> Starting password query...
> gregoryd's password:
> debug: server offers auth methods 'publickey,password'.
> debug:
> Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd:
> Starting password query...
> gregoryd's password:
> debug: server offers auth methods 'publickey'.
> debug: Ssh2Common/sshcommon.c:168/ssh_common_disconnect:
> DISCONNECT received: No further authentication methods available.
> debug:
> SshReadLine/sshreadline.c:2472/ssh_readline_eloop_uninitialize:
> Uninitializing ReadLine...
> warning: Authentication failed.
> debug: Ssh2/ssh2.c:168/client_disconnect: locally_generated = TRUE
> Disconnected; no more authentication methods available (No
> further authentication methods available.).
> debug: Ssh2Client/sshclient.c:1497/ssh_client_destroy: Destroying client.
> debug: SshConnection/sshconn.c:1997/ssh_conn_destroy: Destroying
> SshConn object.
> debug: Ssh2Client/sshclient.c:1565/ssh_client_destroy_finalize:
> Destroying client completed.
> debug:
> SshAuthMethodClient/sshauthmethodc.c:89/ssh_client_authentication_
> uninitialize: Destroying authentication method array.
> debug:
> SshAppCommon/sshappcommon.c:151/ssh_app_free_global_regex_context:
> Freeing global SshRegex context.
Greg Dick ( gregoryd@isc.upenn.edu )
UNIX/Linux System Administrator
Systems Programmer
Information Systems and Computing
Systems Engineering and Operations
University of Pennsylvania
3401 Walnut Street - Suite 265C
Philadelphia PA 19104-6228
- Next message: Dr. Poo: "Weird problem with ssh and X"
- Previous message: Mak, Andrew: "Automating scp within script without passphrase"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
