openssh-3.4p1 rejects all passwords

From: John Chambers (jmchambers@rcn.com)
Date: 07/26/02


From: John Chambers <jmchambers@rcn.com>
Date: Fri, 26 Jul 2002 12:04:39 -0400

Looks like installing this was a major mistake, and looking around c.s.s shows
a number of similar questions, but no answers ...

I grabbed the latest zlib and sll, too, and everything compiled and installed
without any complaints at all. The new ssh works calling out from this RedHat
6.2 machine and a nearby RedHat 7.1 machine. But ssh or scp into either of
them (including locally) gets rejected with "Permission denied, please try again."
for all users and all passwords.

When I fire up /usr/local/sbin/sshd here's what appears in /var/log/messages:

Jul 26 11:51:29 kendy sshd[8612]: socket: Invalid argument
Jul 26 11:51:29 kendy sshd[8612]: Server listening on 0.0.0.0 port 22.
Jul 26 11:51:29 kendy sshd[8612]: Generating 768 bit RSA key.
Jul 26 11:51:29 kendy sshd[8612]: RSA key generation complete.

The "socket: Invalid argument" is a bit unnerving, but it does in fact open
a listener on port 22 who wasn't there a few seconds earlier, so it seems to
have worked. Next, I go to another machine and attempt to ssh in. I have
a tail -f running on /var/log/messages, and as soon as I type the ssh
command (and get a ... password: prompt), it says:

Jul 26 11:54:40 kendy sshd[8655]: Connection from 18.62.1.54 port 4792
Jul 26 11:54:40 kendy sshd[8655]: Enabling compatibility mode for protocol 2.0
Jul 26 11:54:40 kendy sshd[8655]: Failed none for jc from 18.62.1.54 port 4792 ssh2

There's already something that looks wrong, the "Failed none for jc" message.
I don't seem to find any clues about what this "none" might be, so I can't
tell what is failing here. Anyway, I type a password, and /var/log/messages
then says:

Jul 26 11:56:57 kendy sshd[8655]: Failed password for jc from 18.62.1.54 port 4792 ssh2

Simultaneously the ssh command gets "Permission denied, please try again."

I've also tried it with "ssh -v", and I could post that, but I thought that maybe
I wouldn't flood y'all with that at first, with the hope that someone will look
at the above and say "Well, dummy; you obviously forgot ...."

Have I missed something obvious here?

Oh, yeah; it worked fine with the earlier openssh-3.3p1 and openssh-3.2.3p1
that had been used here. I kept the old config files for comparison, but that
didn't lead to any enlightenment, since the new config file doesn't look very
much like the old. And, of course, I have relatively few clues as to what most
of the stuff in sshd_config actually means. Leaving everything commented out and
taking the default for everything results in exactly the same rejections.

I have, of course, done a whole lotta tweaking with sshd_config. I can verify
that someone reads it when I fire up sshd, and by inserting obvious syntax errors
I can verify that sshd reads it, so I'm editing the right config file. But nothing
I do (aside from obvious syntax errors) seems to produce any change in sshd's
behavior. Of course, its behavior is to totally reject everything, so there's
no way to get comparative information out of the tests.