Strange behavior of ssh

Dan.Johansson_at_swisscom.com
Date: 04/30/03

  • Next message: Max Gregis: "Re: Compiling errors with Zlib"
    Date: Wed, 30 Apr 2003 07:48:17 +0200
    To: <secureshell@securityfocus.com>
    
    

    Hi,
     
    I'm experiencing a strange behavior of ssh (in my opinion).

    I'm having the following setup:
    Host-A - HP-UX, OpenSSH 3.5p1, authorized_keys contains public keys for
    user@Host-C, root@Host-A and root@Host-B
    Host-B - HP-UX, OpenSSH 3.6.1p1, authorized_keys contains public keys
    for user@Host-C, root@Host-A and root@Host-B
    Host-C - Win-NT4, PuTTY 0.53

    Here's my scenario:
    ssh (PuTTY) user@Host-C to root@Host-A OK
    ssh (PuTTY) user@Host-C to root@Host-B OK
    ssh root@Host-A to root@Host-A OK
    ssh root@Host-A to root@Host-B FAIL *
    ssh root@Host-B to root@Host-A OK
    ssh root@Host-B to root@Host-B FAIL
    scp root@Host-A to root@Host-A OK
    scp root@Host-A to root@Host-B OK
    scp root@Host-B to root@Host-A OK
    scp root@Host-B to root@Host-B OK

    * And here is the output of "ssh -v -v root@HostB" from HostA:
    OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
    debug1: Reading configuration data /etc/opt/ssh/ssh_config
    debug1: Applying options for *
    debug1: Rhosts Authentication disabled, originating port will not be
    trusted.
    debug1: ssh_connect: needpriv 0
    debug1: Connecting to HostB [123.123.123.2] port 22.
    debug1: Connection established.
    debug1: identity file /.ssh/identity type 0
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug2: key_type_from_name: unknown key type '-----END'
    debug1: identity file /.ssh/id_rsa type 1
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug2: key_type_from_name: unknown key type '-----END'
    debug1: identity file /.ssh/id_dsa type 2
    debug1: Remote protocol version 1.99, remote software version
    OpenSSH_3.6.1p1
    debug1: match: OpenSSH_3.6.1p1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_3.5p1
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit:
    diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
    bc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
    bc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
    6,hmac-md5-96
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
    6,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit:
    diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
    bc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
    bc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
    6,hmac-md5-96
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
    6,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_init: found hmac-md5
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug2: mac_init: found hmac-md5
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: dh_gen_key: priv key bits set: 136/256
    debug1: bits set: 1575/3191
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'HostB' is known and matches the RSA host key.
    debug1: Found key in /.ssh/known_hosts:127
    debug1: bits set: 1571/3191
    debug1: ssh_rsa_verify: signature correct
    debug1: kex_derive_keys
    debug1: newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: waiting for SSH2_MSG_NEWKEYS
    debug1: newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: done: ssh_kex2.
    debug1: send SSH2_MSG_SERVICE_REQUEST
    debug1: service_accept: ssh-userauth
    debug1: got SSH2_MSG_SERVICE_ACCEPT
    debug1: authentications that can continue:
    publickey,password,keyboard-interactive
    debug1: next auth method to try is publickey
    debug2: userauth_pubkey_agent: no keys at all
    debug2: userauth_pubkey_agent: no more keys
    debug2: userauth_pubkey_agent: no message sent
    debug1: try pubkey: /.ssh/id_rsa
    debug2: we sent a publickey packet, wait for reply
    debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 4001a0c0
    hint 1
    debug2: input_userauth_pk_ok: fp
    f4:26:12:76:df:3f:66:8a:b9:82:ce:7a:33:93:1a:f2
    debug1: read PEM private key done: type RSA
    debug1: ssh-userauth2 successful: method publickey
    debug1: channel 0: new [client-session]
    debug1: send channel open 0
    debug1: Entering interactive session.
    debug2: callback start
    debug1: ssh_session2_setup: id 0
    debug1: channel request 0: pty-req
    debug2: x11_get_proto: /usr/bin/X11/xauth list U64632:0.0 2>/dev/null
    Warning: No xauth data; using fake authentication data for X11
    forwarding.
    debug1: Requesting X11 forwarding with authentication spoofing.
    debug1: channel request 0: x11-req
    debug1: Requesting authentication agent forwarding.
    debug1: channel request 0: auth-agent-req@openssh.com
    debug1: channel request 0: shell
    debug1: fd 4 setting TCP_NODELAY
    debug2: callback done
    debug1: channel 0: open confirm rwindow 0 rmax 32768
    debug1: channel_free: channel 0: client-session, nchannels 1
    Connection to HostB closed by remote host.
    Connection to HostB closed.
    debug1: Transferred: stdin 0, stdout 0, stderr 79 bytes in 0.1 seconds
    debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 1098.7
    debug1: Exit status -1

    Any suggestions?
    Regards,

    Dan Johansson
    Unix Systems Engineer
    MC-TO-MIT-SYI-UNS

    Mobile +41 (0)79 663 13 48
    Dan.Johansson@swisscom.com

    Swisscom Mobile Ltd, MC-TO-MIT-SYI-UNS, CH-3050 Bern
    Location: Poststrasse 25, CH-3072 Ostermundigen
    Phone +41 (0)31 342 51 57, Fax +41 (0)31 342 16 98,
    www.swisscom-mobile.ch

    This e-mail may contain confidential and/or privileged information. If
    you are not the intended recipient (or have received this e-mail in
    error) please notify the sender immediately and delete this e-mail. Any
    unauthorised copying, disclosure or distribution of the material in this
    e-mail is strictly forbidden.


  • Next message: Max Gregis: "Re: Compiling errors with Zlib"

    Relevant Pages

    • Solaris->Fedora6 unidirectional problem
      ... I have a strange unsolved unidirectional problem using ssh from Solaris to Fedora6: ... I have a couple FC6 behind the Solaris boxes ... debug2: fd 4 setting O_NONBLOCK ... debug1: fd 4 clearing O_NONBLOCK ...
      (SSH)
    • Problem with password-less logins and OS X Panther
      ... I frequently SSH from my Linux ... debug1: Rhosts Authentication disabled, originating port will not be trusted. ... debug2: ssh_connect: needpriv 0 ...
      (SSH)
    • public key problems
      ... I have two accounts on the destination machine (Solaris 7, ... ssh-agent keys and prompts me for a password. ... < debug1: bits set: 1587/3191 ... < debug2: userauth_pubkey_agent: no message sent ...
      (comp.security.ssh)
    • beginner cant get public key auth.
      ... I am a beginner with SSH, and I'd like ssh without typing my password ... debug1: SSH2_MSG_NEWKEYS received ... debug2: we sent a publickey packet, ...
      (comp.security.ssh)
    • Re: Re: ssh connection to an ldap server
      ... I am using OpenSSH_3.5p1, SSH protocols 1.5/2.0, ... debug1: Reading configuration data /etc/ssh/ssh_config ... debug2: kex_parse_kexinit: ... debug3: check_host_in_hostfile: match line 1 ...
      (SSH)