SSH failure, putty client log has 2005-10-10 17:19:27 Keyboard-interactive authentication refused
From: Alvin Wong (alvin.wong_at_cassis-intl.com)
Date: 10/11/05
- Previous message: bobby temper: "setting env. var in authorized_keys, 3.5p1"
- Next in thread: Bartek Krajnik: "Re: SSH failure, putty client log has 2005-10-10 17:19:27 Keyboard-interactive authentication refused"
- Reply: Bartek Krajnik: "Re: SSH failure, putty client log has 2005-10-10 17:19:27 Keyboard-interactive authentication refused"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 11 Oct 2005 09:50:14 +0800 To: secureshell@securityfocus.com
Hi All,
I'm having problems accessing ssh for the following version , installed
on Solaris 8
OpenSSH_4.2p1, OpenSSL 0.9.8 05 Jul 2005
When i ssh in from my LAN
<http://www.experts-exchange.com/Security/Unix_Security/Q_21589363.html#>,
it does not give me any problems. However when i set up a NAT from an
external ip
<http://www.experts-exchange.com/Security/Unix_Security/Q_21589363.html#>
to this ip and i perform ssh to this external ip, i get the following
error in putty client log
2005-10-10 17:19:27 Keyboard-interactive authentication
<http://www.experts-exchange.com/Security/Unix_Security/Q_21589363.html#>
refused
also, i get "access denied" from the console and any passwords for any
user account fails.
In addition, 1 thing funny is that i noticed there is this message when
i login via external ip:
****USAGE WARNING****
This is a private computer system
<http://www.experts-exchange.com/Security/Unix_Security/Q_21589363.html#>.
This computer
<http://www.experts-exchange.com/Security/Unix_Security/Q_21589363.html#>
system, including all
related equipment, networks, and network devices (specifically including
Internet access) are provided only for authorized use. This computer system
may be monitored for all lawful purposes, including to ensure that its use
is authorized, for management of the system, to facilitate protection
against
unauthorized access, and to verify security procedures, survivability, and
operational security. Monitoring includes active attacks by authorized
entities
to test or verify the security of this system. During monitoring,
information
may be examined, recorded, copied and used for authorized purposes. All
information, including personal information, placed or sent over this system
may be monitored.
Use of this computer system, authorized or unauthorized, constitutes consent
to monitoring of this system. Unauthorized use may subject you to criminal
prosecution. Evidence of unauthorized use collected during monitoring may be
used for administrative, criminal, or other adverse action. Use of this
system
constitutes consent to monitoring for these purposes.
-------------------------------------------------------------
Here's my sshd config below, is there anything that i've done wrong here?
Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /usr/local/etc/ssh_host_key
HostKey /usr/local/etc/ssh_host_rsa_key
HostKey /usr/local/etc/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
KeepAlive yes
# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging
#RhostsAuthentication no
#
# For this to work you will also need host keys in
/usr/local/etc/ssh_known_hosts
RhostsRSAAuthentication no
#
RSAAuthentication yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
#AllowedAuthentications keyboard-interactive
# Comment to enable s/key passwords or PAM interactive authentication
# NB. Neither of these are compiled in by default. Please read the
# notes in the sshd(8) manpage before enabling this on a PAM system.
ChallengeResponseAuthentication no
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
#CheckMail yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
ReverseMappingCheck no
Subsystem sftp /usr/local/libexec/sftp-server
I also added tcp wrappers though, i'm not sure if that's the reason why
the whole thing is failing though cos i can still ssh in without any
problems.
As in, i get the prompt except authentication fails when i type in the
password.
Any ssh experts out there who can shed light on this problem? Or is
there some setting i need to set in my firewall to allow other ports
than port 22 to come in?
Thanks in Advance,
Alvin
- Previous message: bobby temper: "setting env. var in authorized_keys, 3.5p1"
- Next in thread: Bartek Krajnik: "Re: SSH failure, putty client log has 2005-10-10 17:19:27 Keyboard-interactive authentication refused"
- Reply: Bartek Krajnik: "Re: SSH failure, putty client log has 2005-10-10 17:19:27 Keyboard-interactive authentication refused"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
