Re: OpenSSH_3.5p1 server, PC clients cannot connect
From: John Mendenhall (john@surfutopia.net)
Date: 02/21/03
- Previous message: qing.lu@kodak.com: "make x.509 certificate authentication work with ssh"
- In reply to: Ben Lindstrom: "Re: OpenSSH_3.5p1 server, PC clients cannot connect"
- Next in thread: John Mendenhall: "Re: OpenSSH_3.5p1 server, some PC clients cannot connect"
- Reply: John Mendenhall: "Re: OpenSSH_3.5p1 server, some PC clients cannot connect"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 Feb 2003 16:14:19 -0800 From: John Mendenhall <john@surfutopia.net> To: Ben Lindstrom <mouring@etoh.eviladmin.org>
Ben,
> It would be helpful if you could post somewhere a run of sshd -d -d -d
> for each version. Also disable compression and try it.
>
> SunOS 4.1.4 falls under those bad/missing mmap() platforms.
I have included a run of sshd -d -d -d for both WS_FTP Pro 7.62 and
CuteFTP Pro v3 below my signature. I have also include the client
messages while debugging on the client side.
I had PrivSep and Compression disabled for these runs. I also fixed
my host keys pub files (they were incorrect, thanks Greg!).
However, it appears I still have some sort of problem. The WS_FTP
client does not ask the user to save the keys. Is it supposed to?
And, when the CuteFTP actually gets the keys, it drops the connection.
Perhaps my keys are bad? I believe the sshd is not accessing my
pub keys. When I do a ls -laurt on my keys, they have not been
accessed for two days?
% ls -laurt ssh_host*
-rw-r--r-- 1 root wheel 221 Feb 18 22:03 ssh_host_rsa_key.pub
-rw-r--r-- 1 root wheel 330 Feb 18 22:03 ssh_host_key.pub
-rw-r--r-- 1 root wheel 601 Feb 18 22:03 ssh_host_dsa_key.pub
-rw------- 1 root wheel 887 Feb 20 15:48 ssh_host_rsa_key
-rw------- 1 root wheel 526 Feb 20 15:48 ssh_host_key
-rw------- 1 root wheel 668 Feb 20 15:48 ssh_host_dsa_key
Perhaps the server is looking elsewhere for my public keys. How do
I find out or configure this information?
Any other ideas?
Thank you in advance for your assistance.
JohnM
-- John Mendenhall john@surfutopia.net surf utopia internet services ----- sftp logs ----- ------- WS_FTP 7.62 *** client window/dialog box after attempting to connect: Failed SSH Key Exchange ssh transport closed % sudo /usr/local/sbin/sshd -u0 -d -d -d debug3: RNG is ready, skipping seeding debug1: sshd version OpenSSH_3.5p1 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /usr/local/etc/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug3: Not a RSA1 key file /usr/local/etc/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: Server will not fork when running in debugging mode. Connection from 209.76.14.67 port 1323 debug1: Client protocol version 2.0; client software version WS_FTP-7.62-2002.12.18 debug1: no match: WS_FTP-7.62-2002.12.18 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.5p1 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss,ssh-rsa debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: zlib,none debug2: kex_parse_kexinit: zlib,none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: client->server 3des-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: server->client 3des-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: dh_gen_key: priv key bits set: 176/384 debug1: bits set: 1633/3191 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 1607/3191 debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS Connection closed by 209.76.14.67 debug1: Calling cleanup 0x2f438(0x0) % ------- CuteFTP client asked to save keys user hits yes gets error message in dialog box: error = #0 can't connect to sanmarcos.surfutopia.net client messages: *** CuteFTP Pro 3.0 - build Nov 4 2002 *** STATUS:> Getting listing "/home/city"... STATUS:> Initializing SFTP21 module... STATUS:> Resolving host name sanmarcos.surfutopia.net... STATUS:> Host name sanmarcos.surfutopia.net resolved: ip = 66.27.49.27. STATUS:> Connecting to sftp server sanmarcos.surfutopia.net:22 (ip = 66.27.49.27)... ERROR:> A timeout occurred. ERROR:> Can't connect to sanmarcos.surfutopia.net:22. SFTP21 error = #0. STATUS:> SFTP21 connection closed. server messages: % sudo /usr/local/sbin/sshd -u0 -d -d -d debug3: RNG is ready, skipping seeding debug1: sshd version OpenSSH_3.5p1 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /usr/local/etc/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug3: Not a RSA1 key file /usr/local/etc/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: Server will not fork when running in debugging mode. Connection from 209.76.14.67 port 1335 debug1: Client protocol version 1.99; client software version 1.0 debug1: no match: 1.0 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.5p1 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: 3des-cbc,arcfour,cast128-cbc,twofish-cbc,blowfish-cbc debug2: kex_parse_kexinit: 3des-cbc,arcfour,cast128-cbc,twofish-cbc,blowfish-cbc debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: zlib,none debug2: kex_parse_kexinit: zlib,none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: client->server 3des-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: server->client 3des-cbc hmac-md5 none debug1: dh_gen_key: priv key bits set: 177/384 debug1: bits set: 536/1024 debug1: expecting SSH2_MSG_KEXDH_INIT debug1: bits set: 499/1024 debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done Read from socket failed: Connection reset by peer debug1: Calling cleanup 0x2f438(0x0) %
- Next message: Peter Richard: "Re: scp2 standard error in cron script"
- Previous message: qing.lu@kodak.com: "make x.509 certificate authentication work with ssh"
- In reply to: Ben Lindstrom: "Re: OpenSSH_3.5p1 server, PC clients cannot connect"
- Next in thread: John Mendenhall: "Re: OpenSSH_3.5p1 server, some PC clients cannot connect"
- Reply: John Mendenhall: "Re: OpenSSH_3.5p1 server, some PC clients cannot connect"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
