Re: problem with HostbasedAuthentication



Try disabling KeySign and set it to no in the config files and restart SSHD. Try it again.
Seems to be solved. Thanks Sharad. It is now bidirectional.

// Naderan *Mahmood;


----- Original Message -----
From: Sharad <sharad2011@xxxxxxxxx>
To: Mahmood Naderan <nt_mahmood@xxxxxxxxx>
Cc:
Sent: Friday, April 29, 2011 9:41 PM
Subject: Re: problem with HostbasedAuthentication

Hello Mahmood,

Try disabling KeySign and set it to no in the config files and restart SSHD. Try it again.

Regards,
Sharad
--- On Fri, 29/4/11, Mahmood Naderan <nt_mahmood@xxxxxxxxx> wrote:

From: Mahmood Naderan <nt_mahmood@xxxxxxxxx>
Subject: Re: problem with HostbasedAuthentication
To: "Sharad" <sharad2011@xxxxxxxxx>
Cc: "secureshell@xxxxxxxxxxxxxxxxx" <secureshell@xxxxxxxxxxxxxxxxx>
Date: Friday, 29 April, 2011, 5:31 PM
On the client:
 
mahmood@client:~$ sudo service ssh stop
[sudo] password for mahmood:
ssh stop/waiting
 
mahmood@client:~$ sudo /usr/sbin/sshd -ddd
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 649
debug2: parse_server_config: config /etc/ssh/sshd_config
len 649
debug3: /etc/ssh/sshd_config:5 setting Port 22
debug3: /etc/ssh/sshd_config:9 setting Protocol 2
debug3: /etc/ssh/sshd_config:11 setting HostKey
/etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:12 setting HostKey
/etc/ssh/ssh_host_dsa_key
debug3: /etc/ssh/sshd_config:14 setting
UsePrivilegeSeparation yes
debug3: /etc/ssh/sshd_config:17 setting
KeyRegenerationInterval 3600
debug3: /etc/ssh/sshd_config:18 setting ServerKeyBits 768
debug3: /etc/ssh/sshd_config:21 setting SyslogFacility
AUTH
debug3: /etc/ssh/sshd_config:22 setting LogLevel INFO
debug3: /etc/ssh/sshd_config:25 setting LoginGraceTime 120
debug3: /etc/ssh/sshd_config:26 setting PermitRootLogin
yes
debug3: /etc/ssh/sshd_config:27 setting StrictModes yes
debug3: /etc/ssh/sshd_config:29 setting RSAAuthentication
yes
debug3: /etc/ssh/sshd_config:30 setting
PubkeyAuthentication yes
debug3: /etc/ssh/sshd_config:34 setting IgnoreRhosts no
debug3: /etc/ssh/sshd_config:36 setting
RhostsRSAAuthentication no
debug3: /etc/ssh/sshd_config:38 setting
HostbasedAuthentication yes
debug3: /etc/ssh/sshd_config:43 setting
PermitEmptyPasswords no
debug3: /etc/ssh/sshd_config:47 setting
ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:62 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:63 setting X11DisplayOffset
10
debug3: /etc/ssh/sshd_config:64 setting PrintMotd no
debug3: /etc/ssh/sshd_config:65 setting PrintLastLog yes
debug3: /etc/ssh/sshd_config:66 setting TCPKeepAlive yes
debug3: /etc/ssh/sshd_config:73 setting AcceptEnv LANG
LC_*
debug3: /etc/ssh/sshd_config:75 setting Subsystem sftp
/usr/lib/openssh/sftp-server
debug3: /etc/ssh/sshd_config:86 setting UsePAM yes
debug1: sshd version OpenSSH_5.3p1 Debian-3ubuntu6
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: Checking blacklist file
/usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file
/etc/ssh/blacklist.RSA-2048
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: Checking blacklist file
/usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file
/etc/ssh/blacklist.DSA-1024
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
 
 

While it is listenning, in another shell I ran

mahmood@server:~$ ssh -vvv 192.168.1.3
 
Then in the first terminal (which -ddd is on) I see
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging
mode.
debug3: send_rexec_state: entering fd = 8 config len 649
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.1.1 port 42036
debug1: Client protocol version 2.0; client software
version OpenSSH_5.3p1 Debian-3ubuntu4
debug1: match: OpenSSH_5.3p1 Debian-3ubuntu4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1
Debian-3ubuntu6
debug2: fd 3 setting O_NONBLOCK
debug2: Network child is on pid 2829
debug3: preauth child monitor started
debug3: mm_request_receive entering
debug3: privsep user:group 103:65534
debug1: permanently_set_uid: 103/65534
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 784 bytes for a total of 823
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx
debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib
debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug3: mm_request_send entering: type 0
debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
debug3: mm_request_receive_expect entering: type 1
debug3: mm_request_receive entering
debug3: monitor_read: checking request 0
debug3: mm_answer_moduli: got parameters: 1024 1024 8192
debug3: mm_request_send entering: type 1
debug2: monitor_read: 0 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_choose_dh: remaining 0
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug3: Wrote 152 bytes for a total of 975
debug2: dh_gen_key: priv key bits set: 129/256
debug2: bits set: 504/1024
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 551/1024
debug3: mm_key_sign entering
debug3: mm_request_send entering: type 5
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
debug3: mm_request_receive_expect entering: type 6
debug3: mm_request_receive entering
debug3: monitor_read: checking request 5
debug3: mm_answer_sign
debug3: mm_answer_sign: signature 0x7f0bb6bdfbf0(271)
debug3: mm_request_send entering: type 6
debug2: monitor_read: 5 used once, disabling now
debug3: mm_request_receive entering
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 720 bytes for a total of 1695
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug3: Wrote 48 bytes for a total of 1743
debug1: userauth-request for user mahmood service
ssh-connection method none
debug1: attempt 0 failures 0
debug3: mm_getpwnamallow entering
debug3: mm_request_send entering: type 7
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
debug3: mm_request_receive_expect entering: type 8
debug3: mm_request_receive entering
debug3: monitor_read: checking request 7
debug3: mm_answer_pwnamallow
debug3: Trying to reverse map address 192.168.1.1.
debug2: parse_server_config: config reprocess config len
649
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 8
debug2: monitor_read: 7 used once, disabling now
debug3: mm_request_receive entering
debug2: input_userauth_request: setting up authctxt for
mahmood
debug3: mm_start_pam entering
debug3: mm_request_send entering: type 50
debug3: mm_inform_authserv entering
debug3: monitor_read: checking request 50
debug3: mm_request_send entering: type 3
debug1: PAM: initializing for "mahmood"
debug2: input_userauth_request: try method none
debug3: mm_auth_password entering
debug3: mm_request_send entering: type 11
debug3: mm_auth_password: waiting for
MONITOR_ANS_AUTHPASSWORD
debug3: mm_request_receive_expect entering: type 12
debug3: mm_request_receive entering
debug1: PAM: setting PAM_RHOST to "server"
debug1: PAM: setting PAM_TTY to "ssh"
debug2: monitor_read: 50 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 3
debug3: mm_answer_authserv: service=ssh-connection, style=,
role=
debug2: monitor_read: 3 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 11
debug3: mm_answer_authpassword: sending result 0
debug3: mm_request_send entering: type 12
Failed none for mahmood from 192.168.1.1 port 42036 ssh2
debug3: mm_request_receive entering
debug3: mm_auth_password: user not authenticated
debug3: Wrote 64 bytes for a total of 1807
 
 
 

and in the second shell that I used -vvv, I see
 
OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.3 [192.168.1.3] port 22.
debug1: Connection established.
debug1: identity file /home/mahmood/.ssh/identity type -1
debug1: identity file /home/mahmood/.ssh/id_rsa type -1
debug1: identity file /home/mahmood/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software
version OpenSSH_5.3p1 Debian-3ubuntu6
debug1: match: OpenSSH_5.3p1 Debian-3ubuntu6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1
Debian-3ubuntu4
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 831
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib
debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx
debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)
sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 855
debug2: dh_gen_key: priv key bits set: 131/256
debug2: bits set: 551/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 999
debug3: check_host_in_hostfile: filename
/home/mahmood/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host '192.168.1.3' is known and matches the RSA
host key.
debug1: Found key in /home/mahmood/.ssh/known_hosts:1
debug2: bits set: 504/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1015
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1063
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/mahmood/.ssh/identity ((nil))
debug2: key: /home/mahmood/.ssh/id_rsa ((nil))
debug2: key: /home/mahmood/.ssh/id_dsa ((nil))
debug3: Wrote 64 bytes for a total of 1127
debug1: Authentications that can continue:
publickey,password,hostbased
debug3: start over, passed a different list
publickey,password,hostbased
debug3: preferred
gssapi-keyex,gssapi-with-mic,gssapi,hostbased,publickey,keyboard-interactive,password
debug3: authmethod_lookup hostbased
debug3: remaining preferred:
publickey,keyboard-interactive,password
debug3: authmethod_is_enabled hostbased
debug1: Next authentication method: hostbased
get_socket_address: getnameinfo 8 failed: Name or service
not known
debug2: userauth_hostbased: chost server.
debug2: ssh_keysign called
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug1: permanently_drop_suid: 1000
get_socket_address: getnameinfo 8 failed: Name or service
not known
cannot get sockname for fd
ssh_keysign: no reply
key_sign failed
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/mahmood/.ssh/identity
debug3: no such identity: /home/mahmood/.ssh/identity
debug1: Trying private key: /home/mahmood/.ssh/id_rsa
debug3: no such identity: /home/mahmood/.ssh/id_rsa
debug1: Trying private key: /home/mahmood/.ssh/id_dsa
debug3: no such identity: /home/mahmood/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
mahmood@xxxxxxxxxxx's password:
 

Hope that is the correct information you need.
Thanks.
 
// Naderan *Mahmood;





Relevant Pages

  • Problem with some user autentification error on sshd
    ... debug1: Reading configuration data /etc/ssh/ssh_config ... debug2: kex_parse_kexinit: none,zlib ... debug3: check_host_in_hostfile: match line 3 ... debug1: Next authentication method: keyboard-interactive ...
    (SSH)
  • ssh works, scp hangs
    ... debug1: read PEM private key done: type RSA ... debug2: Network child is on pid 8182 ... debug3: preauth child monitor started ... debug3: mm_request_send entering: type 0 ...
    (Debian-User)
  • Openssh 3.7.1p2 hangs on Solaris 2.6
    ... debug1: read PEM private key done: type RSA ... debug2: Network child is on pid 2466 ... debug3: preauth child monitor started ... debug3: mm_request_send entering: type 0 ...
    (SSH)
  • RE: trying to use keys...been asked a bunch, didnt find many solutio ns
    ... debug1: read PEM private key done: type RSA ... debug3: preauth child monitor started ... debug2: kex_parse_kexinit: ... debug3: entering: type 0 ...
    (SSH)
  • SSH Troubles - Help!
    ... debug1: read PEM private key done: type RSA ... debug2: kex_parse_kexinit: ... debug3: preauth child monitor started ... debug3: mm_request_send entering: type 0 ...
    (comp.security.ssh)