Re: Password authentication fails: SSH secure shell to openssh server

• Previous message: Darren Tucker: "Re: Password authentication fails: SSH secure shell to openssh server"
• In reply to: Andrew Muller: "Password authentication fails: SSH secure shell to openssh server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 2 Aug 2005 08:28:49 -0700 (PDT)
To: Andrew Muller <mullera@mcmaster.ca>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 2 Aug 2005 at 09:31 (-0400), Andrew Muller wrote:

> Problem: Can connect to OpenSSH server from openSSH client but not from
> SSH Secure Shell Client
>
> I am running OpenSSH_3.8.1p1_FreeBSD_20040419 on my desktop
> (pc-mullera). I rely on passwords because I've never been able to
> figure out how to do the other authentication methods. I can ssh to the
> desktop from my laptop under cygwin (openSSH_4.1p1) but not from the
> laptop Secure Shell Client under XP (SSH Secure Schell 3.0.0) nor from a
> linux machine running SSH Secure Shell 3.1.2 under mandrake 9. When I
> fail to connect I get shut out with "no further authentication methods
> available" before I have even been asked for my password. I suspect an
> incompatibility between openSSH's keyboard-interactive method and Secure
> SSHs password method.

Andrew,

Have you converted the public key on the openssh system?

The public key formats for SSH Secure Shell and openssh are different.
On the host running openssh, you must run ssh-keygen to convert the public
key as generated under SSH Secure Shell into openssh format (and place the
result as an entry in authorized_keys2). From your log, it appears that
the public key auth method is being disabled, which I assume would be the
case if the public key is not recognized by openssh.

Note the following lines in your log:

> debug: Ssh2AuthClient/sshauthc.c:315/ssh_authc_completion_proc: Method
> 'publickey' disabled.

Mike

================================================================================
> Here is the output of a failed attempt following
> "ssh -v pc-mullera 2> sshcom.log" issued from pc-muller-17
>
> $more sshcom.log
> debug: SshAppCommon/sshappcommon.c:133/ssh_app_get_global_regex_context:
> Allocating global SshRegex context.
> debug: SshConfig/sshconfig.c:2355/ssh2_parse_config: Unable to open
> /home/mullera/.ssh2/ssh2_config
> debug: Connecting to pc-mullera, port 22... (SOCKS not used)
> debug: Ssh2/ssh2.c:2121/main: Entering event loop.
> debug: Ssh2Client/sshclient.c:1403/ssh_client_wrap: Creating transport
> protocol.debug:
> SshAuthMethodClient/sshauthmethodc.c:83/ssh_client_authentication_initialize:
> Added "publickey" to usable methods.
> debug:
> SshAuthMethodClient/sshauthmethodc.c:83/ssh_client_authentication_initialize:
> Added "password" to usable methods.
> debug: Ssh2Client/sshclient.c:1444/ssh_client_wrap: Creating userauth
> protocol.
> debug: client supports 2 auth methods: 'publickey,password'
> debug: Ssh2Common/sshcommon.c:559/ssh_common_wrap: local ip = 130.113.124.23,
> local port = 33035
> debug: Ssh2Common/sshcommon.c:561/ssh_common_wrap: remote ip =
> 130.113.139.33, remote port = 22
> debug: SshConnection/sshconn.c:1930/ssh_conn_wrap: Wrapping...
> debug: Remote version: SSH-2.0-OpenSSH_3.8.1p1 FreeBSD-20040419
> debug: Major: 3 Minor: 8 Revision: 1
> debug: Ssh2Transport/trcommon.c:1306/ssh_tr_input_version: Remote version has
> rekey incompatibility bug.
> debug: Ssh2Transport/trcommon.c:1308/ssh_tr_input_version: Remote version is
> OpenSSH, KEX guesses disabled.
> debug: Ssh2Transport/trcommon.c:1647/ssh_tr_negotiate: lang s to c: `', lang
> c to s: `'
> debug: Ssh2Transport/trcommon.c:1712/ssh_tr_negotiate: c_to_s: cipher
> aes128-cbc, mac hmac-sha1, compression none
> debug: Ssh2Transport/trcommon.c:1715/ssh_tr_negotiate: s_to_c: cipher
> aes128-cbc, mac hmac-sha1, compression none
> debug: Remote host key found from database.
> debug: Ssh2Common/sshcommon.c:317/ssh_common_special: Received
> SSH_CROSS_STARTUP packet from connection protocol.
> debug: Ssh2Common/sshcommon.c:367/ssh_common_special: Received
> SSH_CROSS_ALGORITHMS packet from connection protocol.
> debug: server offers auth methods 'publickey,keyboard-interactive'.
> debug: SshConfig/sshconfig.c:2355/ssh2_parse_config: Unable to open
> /home/mullera/.ssh2/identification
> debug: Ssh2AuthClient/sshauthc.c:315/ssh_authc_completion_proc: Method 'publickey' disabled. <==
> debug: server offers auth methods 'publickey,keyboard-interactive'.
> debug: Ssh2Common/sshcommon.c:155/ssh_common_disconnect: DISCONNECT received:
> No further authentication methods available.
> warning: Authentication failed.
> debug: Ssh2/ssh2.c:130/client_disconnect: locally_generated = TRUE
> Disconnected; no more authentication methods available (No further
> authentication methods available.).
> debug: Ssh2Client/sshclient.c:1478/ssh_client_destroy: Destroying client.
> debug: SshConnection/sshconn.c:1982/ssh_conn_destroy: Destroying SshConn
> object.debug: Ssh2Client/sshclient.c:1540/ssh_client_destroy_finalize:
> Destroying client completed.
> debug:
> SshAuthMethodClient/sshauthmethodc.c:88/ssh_client_authentication_uninitialize:
> Destroying authentication method array.
> debug: SshAppCommon/sshappcommon.c:146/ssh_app_free_global_regex_context:
> Freeing global SshRegex context.
>
> Note the contrast between the lines
> debug: client supports 2 auth methods: 'publickey,password'
> and
> debug: server offers auth methods 'publickey,keyboard-interactive'.
>
> Thanks for any help
>
> --
> Andrew Muller, Professor of Economics, McMaster University
> Hamilton, Ontario, Canada L8S 4M4
> http://socserv.socsci.mcmaster.ca/mullera
>

_____________________________________________________________________
Mike Friedman System and Network Security
mikef@ack.Berkeley.EDU 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu
_____________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBQu+RNa0bf1iNr4mCEQLqfgCgzK0B9renpGWL2QEwWq07yryEFjcAnRYS
1WzfzExq9AavVuDpuS8ElxG5
=M0dI
-----END PGP SIGNATURE-----

• Previous message: Darren Tucker: "Re: Password authentication fails: SSH secure shell to openssh server"
• In reply to: Andrew Muller: "Password authentication fails: SSH secure shell to openssh server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]