Keyboard-interactive authentication refused?

From: Dan Gapinski (dan.gapinski_at_qsi-r2.com)
Date: 07/28/03

  • Next message: Reid Johnson: "Bootable CD Problems" 
    To: <secureshell@securityfocus.com>
Date: Mon, 28 Jul 2003 09:07:40 -0500

    Hello,

    I could connect to my OpenSSH server (3.6.1 on Redhat 9) on the LAN, and
    just recently got my firewall to forward the port to it successfully. Now
    when I try to connect (from the internet as well as from the LAN) I get
    access granted, then failed authentication messages in my WinSCP client log.
    What can I check now? I am using a SCPonly shell in a chrooted environment,
    which again worked fin on the LAN.

    Here is the client's logfile entry:
    . Looking up host "192.168.0.13"
    . Connecting to 192.168.0.13 port 49813
    . Server version: SSH-2.0-OpenSSH_3.5p1
    . We claim version: SSH-2.0-PuTTY-Local: Apr 23 2003 11:38:40
    . Using SSH protocol version 2
    . Doing Diffie-Hellman group exchange
    . Doing Diffie-Hellman key exchange
    . Host key fingerprint is:
    . ssh-rsa 1024 eb:76:a9:59:32:c8:2d:83:7f:b4:d8:a2:3d:ac:66:9e
    . Initialised zlib (RFC1950) compression
    . Initialised zlib (RFC1950) decompression
    . Initialised Blowfish client->server encryption
    . Initialised Blowfish server->client encryption
    ! Using username "jailbird2".
    . Keyboard-interactive authentication refused
    . Sent password
    . Access granted
    . Network error: Connection reset by peer
    * (ESshFatal) Authentication failed.

    The fact that local connections could be made before the firewall began
    forwarding remote connections has me a little confused. Any thoughts?

    Many thanks,
    Dan Gapinski

  • Next message: Reid Johnson: "Bootable CD Problems"

    Relevant Pages

    • Re: Reasons behind defaulting atd and sendmail
      ... You cannot send mail to the LAN. ... The rules are for incoming port 25 connections, ... the stock setup of Sendmail will send mail to the Internet. ...
      (Fedora)
    • Re: Can only connect to local RWW, over internet cannot
      ... I have been testing from inside the LAN and getting someone ocasionally from ... when try to Connect to the Server this is when it fails ... 'loopback' connections (ie. a connection from their LAN side to the WAN IP ... I am testing this tool from my own lan and says 4125 port is closed, ...
      (microsoft.public.windows.server.sbs)
    • Re: Windows 2003 RDP will not work with WAN but port 3389 is listening
      ... RD connections from LAN only. ... Wan connections fail with that "Can't ... You must have a port forwarding rule from the outside to the TS internal IP on port 3389. ...
      (microsoft.public.windows.terminal_services)
    • iptables - opening an inbound port but allowing access to all machines outbound
      ... I want to open up a port on my iptables router to allow a connection from ... WAN to a specific machine on my LAN. ... I modify this to allow outgoing connections on this port from all machines ...
      (comp.os.linux.networking)
    • Re: pf and ftp from gateway
      ... # ephemeral port, so that the remote SIP proxy knows what session we belong ... pass in quick on $ext_if inet proto udp from any port bootps to ... pass out quick on $ext_if inet proto udp from $ext_if to any port bootps ... # allow lan requests from lan clients to exit EXT ...
      (comp.unix.bsd.openbsd.misc)