Problem with scp

Melanie.Berg_at_bafin.de
Date: 12/07/04

  • Next message: Hari S: "scp library"
    To: secureshell@securityfocus.com
    Date: Tue, 7 Dec 2004 09:59:27 +0100 
    
    

    Hi there,

    we are currently having a little problem concerning file transfer using scp.

    We are using pubkey authentication, and this was working now for quite
    some time already. Yesterday we wanted to add a second SSH server,
    that one now running on Redhat (old system's Solaris 8), and that one is
    having problems.

    It looks to me like host and user authentications are both working fine,
    then a channel for the transfer is opened - and then something goes wrong.

    Might it be a version conflict maybe? Old server's still running version
    3.5p1.
    We have no influence on which versions our users are using, as there are
    simply too many..
    Maybe I should add that our users are having a kind of a reduced shell as
    login shell, no bash or sh. But we tested before and it *looked* like it was
    working. Anyway, might this be a cause as well?

    Logfile's not helping me out, as it's not really giving an error message.

    Any help is gratefully appreciated.

    TIA,
    Mel.

    Here's the server's output when started in debug mode:

    [root@koblfi01 ]# sshd -f /etc/ssh/sshd_config_10026 -ddd
    debug2: read_server_config: filename /etc/ssh/sshd_config_10026
    debug3: cipher ok: 3des-cbc [3des-cbc]
    debug3: ciphers ok: [3des-cbc]
    debug1: sshd version OpenSSH_3.6.1p2
    debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
    debug1: read PEM private key done: type DSA
    debug1: private host key: #0 type 2 DSA
    debug1: Bind to port 10026 on 10.254.254.134.
    Server listening on 10.254.254.134 port 10026.
    debug1: Server will not fork when running in debugging mode. Connection from
    10.254.250.1 port 46688
    debug1: Client protocol version 2.0; client software version OpenSSH_3.5p1
    debug1: match: OpenSSH_3.5p1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
    debug3: privsep user:group 74:74
    debug1: permanently_set_uid: 74/74
    debug1: list_hostkey_types: ssh-dss
    debug1: SSH2_MSG_KEXINIT sent
    debug2: Network child is on pid 5999
    debug3: preauth child monitor started
    debug3: mm_request_receive entering
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit:
    diffie-hellman-group-exchange-sha1,diffie-hellman-gro
    up1-sha1
    debug2: kex_parse_kexinit: ssh-dss
    debug2: kex_parse_kexinit: 3des-cbc
    debug2: kex_parse_kexinit: 3des-cbc
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
    ssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
    ssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit:
    diffie-hellman-group-exchange-sha1,diffie-hellman-gro
    up1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
    aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
    aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
    ssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
    ssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_init: found hmac-md5
    debug1: kex: client->server 3des-cbc hmac-md5 none
    debug2: mac_init: found hmac-md5
    debug1: kex: server->client 3des-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
    debug3: mm_request_send entering: type 0
    debug3: monitor_read: checking request 0
    debug3: mm_answer_moduli: got parameters: 1024 4096 8192
    debug3: mm_request_send entering: type 1
    debug2: monitor_read: 0 used once, disabling now
    debug3: mm_request_receive entering
    debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
    debug3: mm_request_receive_expect entering: type 1
    debug3: mm_request_receive entering
    debug3: mm_choose_dh: remaining 0
    debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
    debug2: dh_gen_key: priv key bits set: 198/384
    debug2: bits set: 2043/4095
    debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
    debug2: bits set: 2069/4095
    debug3: mm_key_sign entering
    debug3: mm_request_send entering: type 4
    debug3: monitor_read: checking request 4
    debug3: mm_answer_sign
    debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
    debug3: mm_request_receive_expect entering: type 5
    debug3: mm_request_receive entering
    debug3: mm_answer_sign: signature 0x6000000000022100(55)
    debug3: mm_request_send entering: type 5
    debug2: monitor_read: 4 used once, disabling now
    debug3: mm_request_receive entering
    debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    Connection closed by 10.254.250.1
    debug1: Calling cleanup 0x4000000000081ac0(0x0)

    Here's the output the client gets when connecting to the machine:

    Executing: program /usr/local/bin/ssh host 10.254.253.254, user xxxxxxx,
    command scp -v -t test.xml OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL
    0x0090607f
    debug1: Reading configuration data /usr/local/etc/ssh_config
    debug1: Rhosts Authentication disabled, originating port will not be
    trusted.
    debug1: ssh_connect: needpriv 0
    debug1: Connecting to 10.254.253.254 [10.254.253.254] port 22.
    debug1: Connection established.
    debug1: identity file /mandanten/BAK_NR_xxxxxxx/v_home/.ssh/identity type -1
    debug3: Not a RSA1 key file /mandanten/BAK_NR_xxxxxxx/v_home/.ssh/id_rsa.
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug3: key_read: no key found
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug2: key_type_from_name: unknown key type '-----END'
    debug3: key_read: no key found
    debug1: identity file /mandanten/BAK_NR_xxxxxx/v_home/.ssh/id_rsa type 1
    debug1: identity file /mandanten/BAK_NR_xxxxxx/v_home/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_3.5p1
    debug1: match: OpenSSH_3.5p1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_3.5p1
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit:
    diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
    ijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
    ijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
    ac-md5-96
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
    ac-md5-96
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit:
    diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-dss
    debug2: kex_parse_kexinit: 3des-cbc
    debug2: kex_parse_kexinit: 3des-cbc
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
    ac-md5-96
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
    ac-md5-96
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_init: found hmac-md5
    debug1: kex: server->client 3des-cbc hmac-md5 none
    debug2: mac_init: found hmac-md5
    debug1: kex: client->server 3des-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: dh_gen_key: priv key bits set: 181/384
    debug1: bits set: 2051/4095
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug3: check_host_in_hostfile: filename
    /mandanten/BAK_NR_xxxxxxx/v_home/.ssh/known_hosts2
    debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts2
    debug3: check_host_in_hostfile: match line 1
    debug1: Host '10.254.253.254' is known and matches the DSA host key.
    debug1: Found key in /usr/local/etc/ssh_known_hosts2:1
    debug1: bits set: 2064/4095
    debug1: ssh_dss_verify: signature correct
    debug1: kex_derive_keys
    debug1: newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: waiting for SSH2_MSG_NEWKEYS
    debug1: newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: done: ssh_kex2.
    debug1: send SSH2_MSG_SERVICE_REQUEST
    debug1: service_accept: ssh-userauth
    debug1: got SSH2_MSG_SERVICE_ACCEPT
    debug1: authentications that can continue: publickey
    debug3: start over, passed a different list publickey
    debug3: preferred publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: next auth method to try is publickey
    debug1: try privkey: /mandanten/BAK_NR_xxxxxxx/v_home/.ssh/identity
    debug3: no such identity: /mandanten/BAK_NR_xxxxxxx/v_home/.ssh/identity
    debug1: try pubkey: /mandanten/BAK_NR_xxxxxxx/v_home/.ssh/id_rsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 10ef88 hint 1
    debug2: input_userauth_pk_ok: fp
    d1:65:1c:ec:e5:20:2b:1f:21:54:21:a8:23:e5:ef:d4
    debug3: sign_and_send_pubkey
    debug1: read PEM private key done: type RSA
    debug1: ssh-userauth2 successful: method publickey
    debug1: fd 5 setting O_NONBLOCK
    debug1: fd 6 setting O_NONBLOCK
    debug1: fd 7 setting O_NONBLOCK
    debug1: channel 0: new [client-session]
    debug3: ssh_session2_open: channel_new: 0
    debug1: send channel open 0
    debug1: Entering interactive session.
    debug2: callback start
    debug1: ssh_session2_setup: id 0
    debug1: Sending command: scp -v -t test.xml
    debug1: channel request 0: exec
    debug2: callback done
    debug1: channel 0: open confirm rwindow 0 rmax 32768
    debug2: channel 0: rcvd adjust 131072
    Sending file modes: C0644 0 test.xml
    debug1: channel 0: read<=0 rfd 5 len 0
    debug1: channel 0: read failed
    debug1: channel 0: close_read
    debug1: channel 0: input open -> drain
    debug1: channel 0: ibuf empty
    debug1: channel 0: send eof
    debug1: channel 0: input drain -> closed
    debug1: channel 0: rcvd eof
    debug1: channel 0: output open -> drain
    debug1: channel 0: obuf empty
    debug1: channel 0: close_write
    debug1: channel 0: output drain -> closed
    debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
    debug1: channel 0: rcvd close
    debug3: channel 0: will not send data after close
    debug1: channel 0: almost dead
    debug1: channel 0: gc: notify user
    debug1: channel 0: gc: user detached
    debug1: channel 0: send close
    debug1: channel 0: is dead
    debug1: channel 0: garbage collecting
    debug1: channel_free: channel 0: client-session, nchannels 1
    debug3: channel_free: status: The following connections are open:
      #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1)

    debug3: channel_close_fds: channel 0: r -1 w -1 e 7
    debug1: fd 0 clearing O_NONBLOCK
    debug1: fd 1 clearing O_NONBLOCK
    debug1: fd 2 clearing O_NONBLOCK
    debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.3 seconds
    debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
    debug1: Exit status 0


  • Next message: Hari S: "scp library"

    Relevant Pages

    • openssh3.7p1 chroot patch not work on solaris 7
      ... debug1: monitor_child_preauth: test has been authenticated by privileged process ... debug3: mm_get_keystate: Waiting for new keys ... debug2: mac_init: found hmac-sha1 ... debug1: channel 0: new ...
      (comp.unix.solaris)
    • openssh3.7p1 chroot patch not work on solaris 7
      ... debug1: monitor_child_preauth: test has been authenticated by privileged process ... debug3: mm_get_keystate: Waiting for new keys ... debug2: mac_init: found hmac-sha1 ... debug1: channel 0: new ...
      (comp.security.ssh)
    • openssh3.7p1 chroot patch not work on solaris 7
      ... debug1: monitor_child_preauth: test has been authenticated by privileged process ... debug3: mm_get_keystate: Waiting for new keys ... debug2: mac_init: found hmac-sha1 ... debug1: channel 0: new ...
      (comp.security.ssh)
    • Problem with some user autentification error on sshd
      ... debug1: Reading configuration data /etc/ssh/ssh_config ... debug2: kex_parse_kexinit: none,zlib ... debug3: check_host_in_hostfile: match line 3 ... debug1: Next authentication method: keyboard-interactive ...
      (SSH)
    • Re: Public key Authentication broken under HP-UX?
      ... debug3: cipher ok: blowfish-cbc ... debug1: read PEM private key done: type DSA ... debug2: kex_parse_kexinit: ssh-dss ... debug1: channel 0: new ...
      (SSH)