Re: Cannot authenticate from RedHat 7.1

From: jms (jmshack@yahoo.com)
Date: 12/28/01


From: jmshack@yahoo.com (jms)
Date: 28 Dec 2001 13:53:26 -0800

Richard Silverman <res@des.jhy.us.ml.com> wrote in message news:<m1l7krscff3.fsf@sys1.des.jhy.us.ml.com>...
> >>>>> "JK" == Jacob Kjelstrup <jacob@iicnet.com> writes:
>
> JK> I think the issue is that I'm going through the AT&T Broadband
> JK> network and sshd is trying to do a reverse DNS lookup on the IP
> JK> address and not finding anything. Apparently this additional
> JK> check only takes place for protocol 1 and not for protocol 2. Is
> JK> this true or am I confused?
>
> Neither protocol requires DNS lookups; some implementations may be
> configured to. SSH2 can have RequireReverseMapping set -- however, it
> doesn't give the behavior you're seeing; you would just get "permission
> denied."
>
> JK> In any event, by forcing the protocol to 1 I was able to use both
> JK> password authentication and public key authentication.
>
> I would troubleshoot this further and get it fixed -- protocol 1 has known
> security weaknesses and is deprecated.

I have the same problem, RedHat 7.2, going to home intranet at @home
(now attbi) going through a NetGear router. I did look at the
/var/log/messages
output on the sshd NAT redirect, and see that INDEED I get a
authentication failure, specifically:

log: Could not reverse map address [some.ip.address.atattbi]

And, yes, giving the -1 option to ssh "fixes" the problem as well.
I'm going
to try and set the RequireReverseMapping in sshd2.config to "no" and
see
if that does indeed fix the problem.



Relevant Pages

  • Re: sshd
    ... # RSA and DSA keys for protocol v2 are created by /etc/init.d/sshd if they ... # if you wish to restrict the interfaces sshd listens on for a multi homed host. ... # Banner to be printed before authentication starts. ... # Note that the client may also be sending keep alive messages to the server. ...
    (comp.unix.solaris)
  • Re: ssh configuration problem
    ... Run sshd with debug option, ... mc> Protocol 2 ... mc> # To disable tunneled clear text passwords, ... mc> # Kerberos TGT Passing only works with the AFS kaserver ...
    (SSH)
  • SSHD
    ... i'm having 'strange' problem with my sshd. ... # HostKeys for protocol version 2 ... # To enable empty passwords, ... # Kerberos TGT Passing does only work with the AFS kaserver ...
    (Debian-User)
  • Re: sshd exploit
    ... permissions on the server running sshd. ... mistake in code intended to work around a protocol flaw in the SSH1 ... This vulnerability was corrected in OpenSSH 2.3.0, ... I think there's terrible confusion here about the problem; ...
    (FreeBSD-Security)
  • Re: Cannot authenticate from RedHat 7.1
    ... JK> network and sshd is trying to do a reverse DNS lookup on the IP ... JK> check only takes place for protocol 1 and not for protocol 2. ... JK> password authentication and public key authentication. ...
    (comp.security.ssh)