authentication problem with OpenSSH on Win2000

From: Alex Kholodenko (xolx_at_xdimax.com)
Date: 08/10/05

  • Next message: Jeff Rosowski: "Re: Anyone with a technique for accomplishing chroot using sftp" 
    Date: Wed, 10 Aug 2005 16:50:42 +0200
To: secureshell@securityfocus.com

    Hi.
    I have win2000 with cygwin.
    I had run
    mkpasswd > /etc/passwd
    mkgroup.exe -l > /etc/group
    Next I try to use ssh. I'm 'Administrator' user
    I run sshd as
    /usr/sbin/sshd -d -d -d -e
    and next try to connect to sshd as
    ssh -v localhost
    As a result I get Permission denied
    (publickey,password,keyboard-interactive).

    Following is the full log of client and demon.
    What can be wrong? And how to fix it?
    Thank you in advance.

    This is what I see on client side:
    ----------------------------------
    OpenSSH_4.1p1, OpenSSL 0.9.8 05 Jul 2005
    debug1: Reading configuration data /usr/local/etc/ssh_config
    debug1: Connecting to localhost [127.0.0.1] port 22.
    debug1: Connection established.
    debug1: identity file /home/Administrator/.ssh/identity type -1
    debug1: identity file /home/Administrator/.ssh/id_rsa type -1
    debug1: identity file /home/Administrator/.ssh/id_dsa type -1
    debug1: Remote protocol version 1.99, remote software version OpenSSH_4.1
    debug1: match: OpenSSH_4.1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.1
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'localhost' is known and matches the RSA host key.
    debug1: Found key in /home/Administrator/.ssh/known_hosts:1
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue:
    publickey,password,keyboard-interactive
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/Administrator/.ssh/identity
    debug1: Trying private key: /home/Administrator/.ssh/id_rsa
    debug1: Trying private key: /home/Administrator/.ssh/id_dsa
    debug1: Next authentication method: keyboard-interactive
    debug1: Authentications that can continue:
    publickey,password,keyboard-interactive
    debug1: Next authentication method: password
    Administrator@localhost's password:
    debug1: Authentications that can continue:
    publickey,password,keyboard-interactive
    Permission denied, please try again.
    Administrator@localhost's password:
    debug1: Authentications that can continue:
    publickey,password,keyboard-interactive
    Permission denied, please try again.
    Administrator@localhost's password:
    debug1: Authentications that can continue:
    publickey,password,keyboard-interactive
    debug1: No more authentication methods to try.
    Permission denied (publickey,password,keyboard-interactive).

    On demon side:
    -------------
    debug2: load_server_config: filename /etc/sshd_config
    debug2: load_server_config: done config len = 221
    debug2: parse_server_config: config /etc/sshd_config len 221
    debug1: sshd version OpenSSH_4.1p1
    debug1: private host key: #0 type 0 RSA1
    debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
    debug1: read PEM private key done: type RSA
    debug1: private host key: #1 type 1 RSA
    debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
    debug1: read PEM private key done: type DSA
    debug1: private host key: #2 type 2 DSA
    debug1: rexec_argv[0]='/usr/sbin/sshd'
    debug1: rexec_argv[1]='-d'
    debug1: rexec_argv[2]='-d'
    debug1: rexec_argv[3]='-d'
    debug1: rexec_argv[4]='-e'
    debug2: fd 3 setting O_NONBLOCK
    debug1: Bind to port 22 on 0.0.0.0.
    Server listening on 0.0.0.0 port 22.
    Generating 768 bit RSA key.
    RSA key generation complete.
    debug1: fd 4 clearing O_NONBLOCK
    debug1: Server will not fork when running in debugging mode.
    debug3: send_rexec_state: entering fd = 7 config len 221
    debug3: ssh_msg_send: type 0
    debug3: send_rexec_state: done
    debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
    debug3: recv_rexec_state: entering fd = 5
    debug3: ssh_msg_recv entering
    debug3: recv_rexec_state: done
    debug2: parse_server_config: config rexec len 221
    rexec line 80: Unsupported option UsePAM
    debug1: sshd version OpenSSH_4.1p1
    debug1: private host key: #0 type 0 RSA1
    debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
    debug1: read PEM private key done: type RSA
    debug1: private host key: #1 type 1 RSA
    debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
    debug1: read PEM private key done: type DSA
    debug1: private host key: #2 type 2 DSA
    debug1: inetd sockets after dupping: 3, 3
    Connection from 127.0.0.1 port 1372
    debug1: Client protocol version 2.0; client software version OpenSSH_4.1
    debug1: match: OpenSSH_4.1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-1.99-OpenSSH_4.1
    debug2: fd 3 setting O_NONBLOCK
    debug1: list_hostkey_types: ssh-rsa,ssh-dss
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit:
    diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit:
    diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_init: found hmac-md5
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug2: mac_init: found hmac-md5
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
    debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
    debug2: dh_gen_key: priv key bits set: 116/256
    debug2: bits set: 505/1024
    debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
    debug2: bits set: 506/1024
    debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: KEX done
    debug1: userauth-request for user Administrator service ssh-connection
    method none
    debug1: attempt 0 failures 0
    debug2: input_userauth_request: setting up authctxt for Administrator
    debug2: input_userauth_request: try method none
    Failed none for Administrator from 127.0.0.1 port 1372 ssh2
    debug1: userauth-request for user Administrator service ssh-connection
    method keyboard-interactive
    debug1: attempt 1 failures 1
    debug2: input_userauth_request: try method keyboard-interactive
    debug1: keyboard-interactive devs
    debug1: auth2_challenge: user=Administrator devs=
    debug1: kbdint_alloc: devices ''
    debug2: auth2_challenge_start: devices
    Failed keyboard-interactive for Administrator from 127.0.0.1 port 1372 ssh2
    debug1: userauth-request for user Administrator service ssh-connection
    method password
    debug1: attempt 2 failures 2
    debug2: input_userauth_request: try method password
    Failed password for Administrator from 127.0.0.1 port 1372 ssh2
    debug1: userauth-request for user Administrator service ssh-connection
    method password
    debug1: attempt 3 failures 3
    debug2: input_userauth_request: try method password
    Failed password for Administrator from 127.0.0.1 port 1372 ssh2
    debug1: userauth-request for user Administrator service ssh-connection
    method password
    debug1: attempt 4 failures 4
    debug2: input_userauth_request: try method password
    Failed password for Administrator from 127.0.0.1 port 1372 ssh2
    Connection closed by 127.0.0.1
    debug1: do_cleanup

  • Next message: Jeff Rosowski: "Re: Anyone with a technique for accomplishing chroot using sftp"

    Relevant Pages

    • Problem with some user autentification error on sshd
      ... debug1: Reading configuration data /etc/ssh/ssh_config ... debug2: kex_parse_kexinit: none,zlib ... debug3: check_host_in_hostfile: match line 3 ... debug1: Next authentication method: keyboard-interactive ...
      (SSH)
    • Re: Problem: passwordless SSH-login with Kerberos doesnt work
      ... I can do Kerberos password authentication now and that's already a huge step forward, but single signon is what I want. ... debug1: sshd version OpenSSH_5.1p1 Debian-5 ... debug2: fd 3 setting O_NONBLOCK ... debug3: ...
      (comp.protocols.kerberos)
    • Re: Problem: passwordless SSH-login with Kerberos doesnt work
      ... I installed 2 testmachines, configured MIT Kerberos, OpenLDAP and PAM and got to the point where we all can login on to the SSH server using our Active Directory credentials. ... debug1: Connection established. ... debug2: fd 3 setting O_NONBLOCK ... debug1: Offering GSSAPI proposal: ...
      (comp.protocols.kerberos)
    • Re: SSH on Fedora 16
      ... debug1: Connection established. ... debug2: fd 3 setting O_NONBLOCK ... debug3: check_host_in_hostfile: host 172.25.0.1 filename ... debug1: Next authentication method: gssapi-keyex ...
      (Fedora)
    • Re: ssh xterm -> HPUX fails
      ... debug1: read PEM private key done: type RSA ... debug3: preauth child monitor started ... debug2: monitor_read: 0 used once, ... debug2: channel 0: sent ext data 106 ...
      (comp.security.ssh)