Re: Newbie problem: scp&sftp fail when ssh 3.1.0 works on IRIX 6.5.9

From: Jeff Long (long@ukans.edu)
Date: 01/29/02 

From: Jeff Long <long@ukans.edu>
Date: Tue, 29 Jan 2002 09:30:58 -0600

Richard Silverman wrote:
>
> Check what is happening on the server side: examine the syslog, and/or put
> sshd in debug mode.

I can help continue this thread. IRIX 6.5.14f is the server OS. ssh
3.1.0 on the server. Using either ssh 3.1.0 as the client (actually the
same machine as the server) or ssh 2.4.0 on the client I get the
following:

sshd2: SSH Secure Shell 3.1.0 (non-commercial version) on
mips-sgi-irix6.5
debug[146872]: SshHostKeyIO/sshhostkeyio.c:168: Reading public host key
from /etc/ssh2/hostkey.pub
debug[146872]: SshHostKeyIO/sshhostkeyio.c:253: Host key algorithms:
ssh-dss
debug[146872]: Becoming server.
debug[146872]: Creating listener
debug[146872]: Listener created
debug[146872]: no udp listener created.
sshd2[146872]: Listener created on port 22.
sshd2[146872]: Daemon is running.
debug[146872]: Running event loop
debug[146872]: ssh_sigchld_real_callback
sshd2[146872]: connection from "129.237.17.38"
debug[146872]: Sshd2/sshd2.c:1062: new_connection_callback
debug[146872]: Sshd2/sshd2.c:1220: Wrapping stream with
ssh_server_wrap...
debug[146872]: ssh_server_wrap: creating transport protocol
debug[146872]: Ssh2Transport/trcommon.c:2268: Allocating cipher: name:
none, key_len: 16.
debug[146872]: Ssh2Transport/trcommon.c:2268: Allocating cipher: name:
none, key_len: 16.
debug[146872]: SshAuthMethodServer/sshauthmethods.c:64: Added
"publickey" to usable methods.
debug[146872]: SshAuthMethodServer/sshauthmethods.c:64: Added "password"
to usable methods.
debug[146872]: SshAuthMethodServer/sshauthmethods.c:64: Added
"hostbased" to usable methods.
debug[146872]: ssh_server_wrap: creating userauth protocol
debug[146872]: Ssh2Common/sshcommon.c:559: local ip = 129.237.17.38,
local port = 22
debug[146872]: Ssh2Common/sshcommon.c:561: remote ip = 129.237.17.38,
remote port = 19866
debug[146872]: Ssh2Common/sshcommon.c:397: remote hostname is
"kestrel.cc.ukans.edu".
debug[146872]: SshConnection/sshconn.c:1930: Wrapping...
debug[146872]: Sshd2/sshd2.c:1254: done.
debug[146872]: new_connection_callback returning
debug[146872]: Remote version: SSH-1.99-3.1.0 SSH Secure Shell
(non-commercial)
debug[146872]: Major: 3 Minor: 1 Revision: 0
debug[146872]: Ssh2Transport/trcommon.c:1461: Computing algorithms from
key exchange.
debug[146872]: Ssh2Transport/trcommon.c:1647: lang s to c: `', lang c to
s: `'
debug[146872]: Ssh2Transport/trcommon.c:1712: c_to_s: cipher aes128-cbc,
mac hmac-sha1, compression none
debug[146872]: Ssh2Transport/trcommon.c:1715: s_to_c: cipher aes128-cbc,
mac hmac-sha1, compression none
debug[146872]: Ssh2Transport/trcommon.c:2268: Allocating cipher: name:
aes128-cbc, key_len: 16.
debug[146872]: Ssh2Transport/trcommon.c:2268: Allocating cipher: name:
aes128-cbc, key_len: 16.
debug[146872]: Sshd2/sshd2.c:591: user 'long' service 'ssh-connection'
client_ip '129.237.17.38' client_port '19866' completed ''
debug[146872]: Sshd2/sshd2.c:875: output: publickey,password
debug[146872]: Ssh2AuthPubKeyServer/auths-pubkey.c:1316: Public key
algorithm is ssh-dss
debug[146872]: SshConfig/sshconfig.c:2394: Configuration file
`/home/long/.ssh2/authorization' is old-style. (1.0)
debug[146872]: Ssh2AuthPubKeyServer/auths-pubkey.c:802: unable to read
the long's public key /home/long/.ssh2/long-dv06m58.lawrence.ks.us.pub
debug[146872]: Ssh2AuthPubKeyServer/auths-pubkey.c:1316: Public key
algorithm is ssh-dss
debug[146872]: SshConfig/sshconfig.c:2394: Configuration file
`/home/long/.ssh2/authorization' is old-style. (1.0)
debug[146872]: Ssh2AuthPubKeyServer/auths-pubkey.c:802: unable to read
the long's public key /home/long/.ssh2/long-dv06m58.lawrence.ks.us.pub
sshd2[146872]: Public key /home/long/.ssh2/id_dsa_1024_b.pub used.
sshd2[146872]: Public key authentication for user long accepted.
debug[146872]: Sshd2/sshd2.c:591: user 'long' service 'ssh-connection'
client_ip '129.237.17.38' client_port '19866' completed 'publickey'
debug[146872]: Sshd2/sshd2.c:780: Using old-style authentication policy
configuration.
debug[146872]: Ssh2AuthServer/sshauths.c:336: no_more_needed=TRUE
debug[146872]: Ssh2Common/sshcommon.c:317: Received SSH_CROSS_STARTUP
packet from connection protocol.
debug[146872]: Ssh2Common/sshcommon.c:367: Received SSH_CROSS_ALGORITHMS
packet from connection protocol.
debug[146872]: Ssh2Common/sshcommon.c:285: Received
SSH_CROSS_AUTHENTICATED packet from connection protocol.
sshd2[146872]: User long, coming from kestrel.cc.ukans.edu,
authenticated.
debug[146872]: Ssh2Common/sshcommon.c:829: num_channels now 1
debug[146872]: Ssh2ChannelSession/sshchsession.c:1350: Forking without
pty
debug[146872]: Ssh2ChannelSession/sshchsession.c:1400: Executed
subsystem is "sftp"; performing crud removal (from shell output)
debug[146872]: Ssh2ChannelSession/sshchsession.c:1231: less than 9 bytes
received (8 bytes)

Then on the client I get:

long@kestrel[09:25:55]~ $ scp tt.conf kestrel:/tmp/
debug[145102]: Ssh2ChannelSession/sshchsession.c:793:
ssh_channel_session_child: now running as user 'long'
debug[145102]: Environment:
debug[145102]: HOME=/home/long
debug[145102]: USER=long
debug[145102]: LOGNAME=long
debug[145102]:
PATH=/usr/sbin:/usr/bsd:/sbin:/usr/bin:/usr/bin/X11::/usr/local/bin
debug[145102]: MAIL=/var/mail/long
debug[145102]: TZ=CST6CDT
debug[145102]: SSH2_CLIENT=129.237.17.38 19866 129.237.17.38 22
debug[145102]: SSH2_SFTP_LOG_FACILITY=-1

Here's the syslog output:

Jan 29 09:25:52 4E:kestrel sshd2[146872]: Listener created on port 22.
Jan 29 09:25:52 4E:kestrel sshd2[146872]: Daemon is running.
Jan 29 09:26:03 6E:kestrel sshd2[146872]: connection from
"129.237.17.38"
Jan 29 09:26:04 5E:kestrel sshd2[146872]: Public key
/home/long/.ssh2/id_dsa_1024_b.pub used.
Jan 29 09:26:04 5E:kestrel sshd2[146872]: Public key authentication for
user long accepted.
Jan 29 09:26:04 5E:kestrel sshd2[146872]: User long, coming from
kestrel.cc.ukans.edu, authenticated.

Any clues there?

Jeff Long

Relevant Pages

  • Re: TIPS FOR THE NEWCOMER
    ... As long as the private key is readable by the ssh client when it comes ... When the ssh client connects to the server, ... private key which matches the public key. ...
    (SSH)
  • Cryptography and Site Security: Please critique my security idea
    ... get direct access to the server whether ... The public key for each user's private key is stored on an internal ... upload the public keys in to applciation memory. ... this now decrypted key "A" will be used to decrypt the ...
    (sci.crypt)
  • Re: Debian SSH server configuration
    ... I would like to configure a Debian server to only allow clients to ssh ... I don't want any client computers to be able to ssh into ... It sounds like what you are asking for is host based authentication, ... where the server check to make sure that it has the host public key ...
    (Debian-User)
  • Digital signature to e-mail.
    ... Digital Signature to E-mail in Server Side ... to store public key. ... one password to access your SMTP account (SMTP Authentication, ...
    (Security-Basics)
  • Re: Security - ciphers - autentification
    ... is a web server on the firewall or on a trusted, ... firewall. ... > throw filrewall (and process 'real' autentification). ... Communication with services is done by public key ...
    (SecProg)
Quantcast