sshd discriminates between users?
From: bill davidsen (davidsen@tmr.com)Date: 01/23/02
- Next message: Richard E. Silverman: "Re: sshd discriminates between users?"
- Previous message: Bob Murry: "Newbie problem: scp&sftp fail when ssh 3.1.0 works on IRIX 6.5.9"
- Next in thread: Richard E. Silverman: "Re: sshd discriminates between users?"
- Reply: Richard E. Silverman: "Re: sshd discriminates between users?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: davidsen@tmr.com (bill davidsen) Date: Wed, 23 Jan 2002 19:47:46 +0000 (UTC)
I have a most odd thing happening, I have two users on a machine, both
have the identical authorized_keys file, and from my user account on a
second machine I can login into one without password but not the other.
- obviously both users have the same sshd (3.0.2p1)
- they have the same files in .ssh (I copied them)
- they have the same permissions
- I'm using the sam ssh (also 3.0.2p1) on the initial machine
I thought I had something in sshd_config wrong, but it doesn't seem that
there could be anything which would only affect one user on a machine.
Three files follow, first the diffs between the output from ssh -v to
the two accounts, so you don't have to look at the others, which I
attach for completeness.
I deliberately didn't attach the sshd_config, because I am looking for a
reason why the users do not behave the same, not how I could do
something else. Unless there's a "WorkOnRandomUsers" parameter, they
should both work or not. And the config does work on other machines, I
created this machine for testing and just found this while logging into
the accounts to do something else.
================ diff file
1,2c1,2
< Script started on Wed Jan 23 14:25:37 2002
< oregan0:davidsen> ssh -v user1@testbed4 ls -ld .; exit
--- > Script started on Wed Jan 23 14:26:10 2002 > oregan0:davidsen> ssh -v user2@testbed4 ls -ld .; exit 31,32c31,32 < debug1: dh_gen_key: priv key bits set: 125/256 < debug1: bits set: 518/1024 --- > debug1: dh_gen_key: priv key bits set: 116/256 > debug1: bits set: 493/1024 37c37 < debug1: bits set: 483/1024 --- > debug1: bits set: 517/1024 52,54c52,59 < debug1: input_userauth_pk_ok: pkalg ssh-dss blen 434 lastkey 0x8101550 hint 1 < debug1: read PEM private key done: type DSA < debug1: ssh-userauth2 successful: method publickey --- > debug1: authentications that can continue: publickey,password,keyboard-interactive,hostbased > debug1: try privkey: /home/davidsen/.ssh/id_rsa > debug1: next auth method to try is keyboard-interactive > debug1: authentications that can continue: publickey,password,keyboard-interactive,hostbased > debug1: next auth method to try is password > user2@testbed4's password: > debug1: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64) > debug1: ssh-userauth2 successful: method password 60a66,67 > drwx--x--x 3 user2 users 4096 Jan 23 13:46 . > debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 63d69 < debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 67d72 < drwxr-xr-x 3 user1 users 4096 Jan 23 13:06 . 78c83 < debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.2 seconds --- > debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds 82c87 < Script done on Wed Jan 23 14:26:02 2002 --- > Script done on Wed Jan 23 14:26:40 2002================ working user script output
Script started on Wed Jan 23 14:25:37 2002 oregan0:davidsen> ssh -v user1@testbed4 ls -ld .; exit OpenSSH_3.0.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f debug1: Reading configuration data /etc/ssh3/ssh_config debug1: Applying options for * debug1: Seeding random number generator debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: restore_uid debug1: ssh_connect: getuid 1000 geteuid 0 anon 1 debug1: Connecting to testbed4 [192.168.240.83] port 22. debug1: temporarily_use_uid: 1000/100 (e=0) debug1: restore_uid debug1: temporarily_use_uid: 1000/100 (e=0) debug1: restore_uid debug1: Connection established. debug1: read PEM private key done: type DSA debug1: read PEM private key done: type RSA debug1: identity file /home/davidsen/.ssh/identity type 0 debug1: identity file /home/davidsen/.ssh/id_dsa type 2 debug1: identity file /home/davidsen/.ssh/id_rsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.0.2p1 debug1: match: OpenSSH_3.0.2p1 pat ^OpenSSH Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.0.2p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 125/256 debug1: bits set: 518/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'testbed4' is known and matches the RSA host key. debug1: Found key in /home/davidsen/.ssh/known_hosts:89 debug1: bits set: 483/1024 debug1: ssh_rsa_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password,keyboard-interactive,hostbased debug1: next auth method to try is publickey debug1: try pubkey: /home/davidsen/.ssh/id_dsa debug1: input_userauth_pk_ok: pkalg ssh-dss blen 434 lastkey 0x8101550 hint 1 debug1: read PEM private key done: type DSA debug1: ssh-userauth2 successful: method publickey debug1: channel 0: new [client-session] debug1: send channel open 0 debug1: Entering interactive session. debug1: ssh_session2_setup: id 0 debug1: Sending command: ls -ld . debug1: channel 0: open confirm rwindow 0 rmax 16384 debug1: channel 0: rcvd eof debug1: channel 0: output open -> drain debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: channel 0: rcvd close debug1: channel 0: input open -> closed debug1: channel 0: close_read drwxr-xr-x 3 user1 users 4096 Jan 23 13:06 . debug1: channel 0: obuf empty debug1: channel 0: output drain -> closed debug1: channel 0: close_write debug1: channel 0: almost dead debug1: channel 0: gc: notify user debug1: channel 0: gc: user detached debug1: channel 0: send close debug1: channel 0: is dead debug1: channel 0: garbage collecting debug1: channel_free: channel 0: client-session, nchannels 1 debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.2 seconds debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0 debug1: Exit status 0
Script done on Wed Jan 23 14:26:02 2002
================ failing user script output
Script started on Wed Jan 23 14:26:10 2002 oregan0:davidsen> ssh -v user2@testbed4 ls -ld .; exit OpenSSH_3.0.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f debug1: Reading configuration data /etc/ssh3/ssh_config debug1: Applying options for * debug1: Seeding random number generator debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: restore_uid debug1: ssh_connect: getuid 1000 geteuid 0 anon 1 debug1: Connecting to testbed4 [192.168.240.83] port 22. debug1: temporarily_use_uid: 1000/100 (e=0) debug1: restore_uid debug1: temporarily_use_uid: 1000/100 (e=0) debug1: restore_uid debug1: Connection established. debug1: read PEM private key done: type DSA debug1: read PEM private key done: type RSA debug1: identity file /home/davidsen/.ssh/identity type 0 debug1: identity file /home/davidsen/.ssh/id_dsa type 2 debug1: identity file /home/davidsen/.ssh/id_rsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.0.2p1 debug1: match: OpenSSH_3.0.2p1 pat ^OpenSSH Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.0.2p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 116/256 debug1: bits set: 493/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'testbed4' is known and matches the RSA host key. debug1: Found key in /home/davidsen/.ssh/known_hosts:89 debug1: bits set: 517/1024 debug1: ssh_rsa_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password,keyboard-interactive,hostbased debug1: next auth method to try is publickey debug1: try pubkey: /home/davidsen/.ssh/id_dsa debug1: authentications that can continue: publickey,password,keyboard-interactive,hostbased debug1: try privkey: /home/davidsen/.ssh/id_rsa debug1: next auth method to try is keyboard-interactive debug1: authentications that can continue: publickey,password,keyboard-interactive,hostbased debug1: next auth method to try is password user2@testbed4's password: debug1: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64) debug1: ssh-userauth2 successful: method password debug1: channel 0: new [client-session] debug1: send channel open 0 debug1: Entering interactive session. debug1: ssh_session2_setup: id 0 debug1: Sending command: ls -ld . debug1: channel 0: open confirm rwindow 0 rmax 16384 drwx--x--x 3 user2 users 4096 Jan 23 13:46 . debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: channel 0: rcvd eof debug1: channel 0: output open -> drain debug1: channel 0: rcvd close debug1: channel 0: input open -> closed debug1: channel 0: close_read debug1: channel 0: obuf empty debug1: channel 0: output drain -> closed debug1: channel 0: close_write debug1: channel 0: almost dead debug1: channel 0: gc: notify user debug1: channel 0: gc: user detached debug1: channel 0: send close debug1: channel 0: is dead debug1: channel 0: garbage collecting debug1: channel_free: channel 0: client-session, nchannels 1 debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0 debug1: Exit status 0
Script done on Wed Jan 23 14:26:40 2002
-- bill davidsen <davidsen@tmr.com> "If I were a diplomat, in the best case I'd go hungry. In the worst case, people would die." -- Robert Lipe
- Next message: Richard E. Silverman: "Re: sshd discriminates between users?"
- Previous message: Bob Murry: "Newbie problem: scp&sftp fail when ssh 3.1.0 works on IRIX 6.5.9"
- Next in thread: Richard E. Silverman: "Re: sshd discriminates between users?"
- Reply: Richard E. Silverman: "Re: sshd discriminates between users?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
