OpenSSH 3.9p1 +Kerberos principal error

From: Cale Fogel (Cale.Fogel_at_escusa.com)
Date: 05/11/05

  • Next message: kareemy: "OpenSSH 4.0p1 ignores password authentication" 
    Date: Wed, 11 May 2005 08:28:30 -0600
To: <secureshell@securityfocus.com>

    I'm having issues setting up OpenSSH to accept kerberos authentication.
    I'm using Win2K AD as my KDC, and I can kinit from the server running
    sshd with no problem. However, when I try using the kerberized version
    of Putty to connect, the debug log shows this:
     
    May 10 16:20:07 dev2 sshd[906]: Connection from 10.1.1.215 port 2325
    May 10 16:20:07 dev2 sshd[906]: debug1: Client protocol version 2.0;
    client software version PuTTY-Release-0.56b2 GSSAPI Enhanced
    May 10 16:20:07 dev2 sshd[906]: debug1: no match: PuTTY-Release-0.56b2
    GSSAPI Enhanced
    May 10 16:20:07 dev2 sshd[906]: debug1: Enabling compatibility mode for
    protocol 2.0
    May 10 16:20:07 dev2 sshd[906]: debug1: Local version string
    SSH-1.99-OpenSSH_3.9p1
    May 10 16:20:07 dev2 sshd[906]: debug2: fd 3 setting O_NONBLOCK
    May 10 16:20:07 dev2 sshd[906]: debug2: Network child is on pid 908
    May 10 16:20:07 dev2 sshd[906]: debug3: preauth child monitor started
    May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_receive entering
    May 10 16:20:07 dev2 sshd[906]: debug3: monitor_read: checking request 0
    May 10 16:20:07 dev2 sshd[906]: debug3: mm_answer_moduli: got
    parameters: 1024 2048 8192
    May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_send entering: type 1
    May 10 16:20:07 dev2 sshd[906]: debug2: monitor_read: 0 used once,
    disabling now
    May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_receive entering
    May 10 16:20:07 dev2 sshd[906]: debug3: monitor_read: checking request 4
    May 10 16:20:07 dev2 sshd[906]: debug3: mm_answer_sign
    May 10 16:20:07 dev2 sshd[906]: debug3: mm_answer_sign: signature
    0x8178aa8(143)
    May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_send entering: type 5
    May 10 16:20:07 dev2 sshd[906]: debug2: monitor_read: 4 used once,
    disabling now
    May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_receive entering
    May 10 16:20:07 dev2 sshd[906]: debug3: monitor_read: checking request 6
    May 10 16:20:07 dev2 sshd[906]: debug3: mm_answer_pwnamallow
    May 10 16:20:07 dev2 sshd[906]: debug3: auth_shadow_acctexpired: today
    12913 sp_expire -1 days left -12914
    May 10 16:20:07 dev2 sshd[906]: debug3: account expiration disabled
    May 10 16:20:07 dev2 sshd[906]: debug3: mm_answer_pwnamallow: sending
    MONITOR_ANS_PWNAM: 1
    May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_send entering: type 7
    May 10 16:20:07 dev2 sshd[906]: debug2: monitor_read: 6 used once,
    disabling now
    May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_receive entering
    May 10 16:20:07 dev2 sshd[906]: debug3: monitor_read: checking request 3
    May 10 16:20:07 dev2 sshd[906]: debug3: mm_answer_authserv:
    service=ssh-connection, style=
    May 10 16:20:07 dev2 sshd[906]: debug2: monitor_read: 3 used once,
    disabling now
    May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_receive entering
    May 10 16:20:07 dev2 sshd[906]: debug3: monitor_read: checking request
    10
    May 10 16:20:07 dev2 sshd[906]: debug3: mm_answer_authpassword: sending
    result 0
    May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_send entering: type
    11
    May 10 16:20:07 dev2 sshd[906]: Failed none for cfogel from 10.1.1.215
    port 2325 ssh2
    May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_receive entering
    May 10 16:20:07 dev2 sshd[906]: debug3: monitor_read: checking request
    37
    May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_send entering: type
    38
    May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_receive entering
    May 10 16:20:07 dev2 sshd[906]: debug3: monitor_read: checking request
    39
    May 10 16:20:07 dev2 sshd[906]: debug1: Miscellaneous failure\nWrong
    principal in request\n
    May 10 16:20:07 dev2 sshd[906]: debug1: Got no client credentials
    May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_send entering: type
    40
    May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_receive entering
    May 10 16:20:09 dev2 sshd[906]: debug3: monitor_read: checking request
    10
    May 10 16:20:09 dev2 sshd[906]: debug3: auth_shadow_pwexpired: today
    12913 sp_lstchg 12907 sp_max 99999
    May 10 16:20:09 dev2 sshd[906]: debug3: mm_answer_authpassword: sending
    result 1
    May 10 16:20:09 dev2 sshd[906]: debug3: mm_request_send entering: type
    11
    May 10 16:20:09 dev2 sshd[906]: Accepted password for cfogel from
    10.1.1.215 port 2325 ssh2
    May 10 16:20:09 dev2 sshd[906]: debug1: monitor_child_preauth: cfogel
    has been authenticated by privileged process
     
    When I provide my local password, connection finishes. What Principal
    should I be using?
     
    Thanks in Advance.

  • Next message: kareemy: "OpenSSH 4.0p1 ignores password authentication"

    Relevant Pages