Re: Connection Problem - Debian to Freebsd

From: Martin (marty_at_supine.com)
Date: 08/28/03

  • Next message: Nico Kadel-Garcia: "Re: Two simple openssh questions..."
    Date: 28 Aug 2003 09:49:06 +0950
    
    

    $author = "Darren Tucker <dtucker@dodgy.net.au>" ;
    >
    > Now it really sounds like that's it. You changed the MTU of the machine
    > behind the ADSL, not the ADSL itself? I can't see how that would cause
    > the ADSL itself to be unstable.

    neither can i, but the problem went away when i restored the MTU of all the
    ethernet interfaces. coincidence?

    >>note: i can ssh from my mac, so i don't think it's an MTU problem, unless
    >>mac's use a smaller MTU.
    >
    > I don't know Macs, but you said you're using password authentication and
    > that generally produces smaller packets during authentication.

    well, trying password authentication from any of the debian machines (by
    logging in as a different user without keys in .ssh) doesn't work.

    i think it might be a problem with either protocol negotiation or host key
    exchange as taking down the daemon and putting it in debug mode, a login
    attempt from one of the debian machines only goes this far:

    ------------------------------
    # /usr/sbin/sshd -d -d -d
    debug1: sshd version OpenSSH_3.4p1 FreeBSD-20020702
    debug1: private host key: #0 type 0 RSA1
    debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
    debug1: read PEM private key done: type DSA
    debug1: private host key: #1 type 2 DSA
    debug1: Bind to port 22 on 0.0.0.0.
    Server listening on 0.0.0.0 port 22.
    Generating 768 bit RSA key.
    RSA key generation complete.
    debug1: Server will not fork when running in debugging mode.
    Connection from 150.101.120.75 port 3140
    ------------------------------

    before hanging while a login attempt from the mac results in full host key
    exchange and a successful login:

    ------------------------------
    # /usr/sbin/sshd -d -d -d
    debug1: sshd version OpenSSH_3.4p1 FreeBSD-20020702
    debug1: private host key: #0 type 0 RSA1
    debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
    debug1: read PEM private key done: type DSA
    debug1: private host key: #1 type 2 DSA
    debug1: Bind to port 22 on 0.0.0.0.
    Server listening on 0.0.0.0 port 22.
    Generating 768 bit RSA key.
    RSA key generation complete.
    debug1: Server will not fork when running in debugging mode.
    Connection from 150.101.126.76 port 2980
    debug1: Client protocol version 2.0; client software version lsh_1.2 lsh - a free ssh2 on MacOS9
    debug1: no match: lsh_1.2 lsh - a free ssh2 on MacOS9
    Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-1.99-OpenSSH_3.4p1 FreeBSD-20020702
    debug1: list_hostkey_types: ssh-dss
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-dss
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit: diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,spki-sign-rsa,spki-sign-dss
    debug2: kex_parse_kexinit: 3des-cbc,twofish-cbc,cast128-cbc,serpent-cbc@lysator.liu.se,rijndael-cbc@lysator.liu.se,blowfish-cbc,arcfour
    debug2: kex_parse_kexinit: 3des-cbc,twofish-cbc,cast128-cbc,serpent-cbc@lysator.liu.se,rijndael-cbc@lysator.liu.se,blowfish-cbc,arcfour
    debug2: kex_parse_kexinit: hmac-md5
    debug2: kex_parse_kexinit: hmac-md5
    debug2: kex_parse_kexinit: zlib
    debug2: kex_parse_kexinit: zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_init: found hmac-md5
    debug1: kex: client->server 3des-cbc hmac-md5 zlib
    debug2: mac_init: found hmac-md5
    debug1: kex: server->client 3des-cbc hmac-md5 zlib
    debug1: dh_gen_key: priv key bits set: 192/384
    debug1: bits set: 508/1024
    debug1: expecting SSH2_MSG_KEXDH_INIT
    debug1: bits set: 496/1024
    debug1: kex_derive_keys
    debug1: newkeys: mode 1
    debug1: Enabling compression at level 6.
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: waiting for SSH2_MSG_NEWKEYS
    debug1: newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: KEX done
    debug3: Trying to reverse map address 150.101.126.76.
    debug1: userauth-request for user marty service ssh-connection method publickey
    debug1: attempt 0 failures 0
    debug2: input_userauth_request: setting up authctxt for marty
    debug1: Starting up PAM with username "marty"
    debug1: PAM setting rhost to "ppp126-76.lns1.syd3.internode.on.net"
    debug2: input_userauth_request: try method publickey
    debug1: test whether pkalg/pkblob are acceptable
    debug1: trying public key file /home/marty/.ssh/authorized_keys
    debug3: secure_filename: checking '/usr/home/marty/.ssh'
    debug3: secure_filename: checking '/usr/home/marty'
    debug3: secure_filename: terminating check at '/usr/home/marty'
    debug1: restore_uid
    debug2: key not found
    debug1: trying public key file /home/marty/.ssh/authorized_keys2
    debug1: restore_uid
    debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss
    Failed publickey for marty from 150.101.126.76 port 2980 ssh2
    debug1: userauth-request for user marty service ssh-connection method publickey
    debug1: attempt 1 failures 1
    debug2: input_userauth_request: try method publickey
    debug2: key_type_from_name: unknown key type 'spki-sign-dss'
    userauth_pubkey: unsupported public key algorithm: spki-sign-dss
    debug2: userauth_pubkey: authenticated 0 pkalg spki-sign-dss
    Failed publickey for marty from 150.101.126.76 port 2980 ssh2
    debug1: userauth-request for user marty service ssh-connection method password
    debug1: attempt 2 failures 2
    debug2: input_userauth_request: try method password
    debug1: PAM Password authentication accepted for user "marty"
    debug2: pam_acct_mgmt() = 0
    Accepted password for marty from 150.101.126.76 port 2980 ssh2
    debug1: Entering interactive session for SSH2.
    debug1: fd 3 setting O_NONBLOCK
    debug1: fd 7 setting O_NONBLOCK
    debug1: server_init_dispatch_20
    debug1: server_input_channel_open: ctype session rchan 0 win 10000 max 32668
    debug1: input_session_request
    debug1: channel 0: new [server-session]
    debug1: session_new: init
    debug1: session_new: session 0
    debug1: session_open: channel 0
    debug1: session_open: session 0: link with channel 0
    debug1: server_input_channel_open: confirm session
    debug1: server_input_channel_req: channel 0 request pty-req reply 1
    debug1: session_by_channel: session 0 channel 0
    debug1: session_input_channel_req: session 0 req pty-req
    debug1: Allocating pty.
    debug1: session_pty_req: session 0 alloc /dev/ttypf
    debug3: tty_parse_modes: SSH2 n_bytes 231
    debug3: tty_parse_modes: 1 3
    debug3: tty_parse_modes: 2 28
    debug3: tty_parse_modes: 3 127
    debug3: tty_parse_modes: 4 21
    debug3: tty_parse_modes: 5 4
    debug3: tty_parse_modes: 6 0
    debug3: tty_parse_modes: 7 0
    debug3: tty_parse_modes: 8 17
    debug3: tty_parse_modes: 9 19
    debug3: tty_parse_modes: 10 26
    debug3: tty_parse_modes: 12 18
    debug3: tty_parse_modes: 13 23
    debug3: tty_parse_modes: 14 22
    debug3: tty_parse_modes: 18 21
    debug3: tty_parse_modes: 30 0
    debug3: tty_parse_modes: 31 0
    debug3: tty_parse_modes: 32 0
    debug3: tty_parse_modes: 33 0
    debug3: tty_parse_modes: 34 0
    debug3: tty_parse_modes: 35 0
    debug3: tty_parse_modes: 36 1
    debug3: tty_parse_modes: 38 1
    debug3: tty_parse_modes: 40 0
    debug3: tty_parse_modes: 50 1
    debug3: tty_parse_modes: 51 1
    debug1: Ignoring unsupported tty mode opcode 52 (0x34)
    debug3: tty_parse_modes: 53 1
    debug3: tty_parse_modes: 54 1
    debug3: tty_parse_modes: 55 1
    debug3: tty_parse_modes: 56 0
    debug3: tty_parse_modes: 57 0
    debug3: tty_parse_modes: 58 0
    debug3: tty_parse_modes: 59 1
    debug3: tty_parse_modes: 60 1
    debug3: tty_parse_modes: 61 1
    debug3: tty_parse_modes: 62 0
    debug3: tty_parse_modes: 70 1
    debug1: Ignoring unsupported tty mode opcode 71 (0x47)
    debug3: tty_parse_modes: 72 1
    debug3: tty_parse_modes: 73 0
    debug3: tty_parse_modes: 74 0
    debug3: tty_parse_modes: 75 0
    debug3: tty_parse_modes: 90 1
    debug3: tty_parse_modes: 91 1
    debug3: tty_parse_modes: 92 0
    debug3: tty_parse_modes: 93 0
    debug1: server_input_channel_req: channel 0 request shell reply 1
    debug1: session_by_channel: session 0 channel 0
    debug1: session_input_channel_req: session 0 req shell
    debug1: PAM setting tty to "/dev/ttypf"
    debug1: PAM establishing creds
    debug1: fd 4 setting TCP_NODELAY
    debug1: Setting controlling tty using TIOCSCTTY.
    debug1: channel 0: rfd 9 isatty
    debug1: fd 9 setting O_NONBLOCK
    debug2: fd 8 is O_NONBLOCK
    debug2: channel 0: rcvd adjust 906
    debug2: channel 0: rcvd adjust 136
    debug1: server_input_channel_req: channel 0 request window-change reply 0
    debug1: session_by_channel: session 0 channel 0
    debug1: session_input_channel_req: session 0 req window-change
    debug2: channel 0: rcvd adjust 20
    ------------------------------


  • Next message: Nico Kadel-Garcia: "Re: Two simple openssh questions..."

    Relevant Pages

    • openssh3.7p1 chroot patch not work on solaris 7
      ... debug1: monitor_child_preauth: test has been authenticated by privileged process ... debug3: mm_get_keystate: Waiting for new keys ... debug2: mac_init: found hmac-sha1 ... debug1: channel 0: new ...
      (comp.unix.solaris)
    • openssh3.7p1 chroot patch not work on solaris 7
      ... debug1: monitor_child_preauth: test has been authenticated by privileged process ... debug3: mm_get_keystate: Waiting for new keys ... debug2: mac_init: found hmac-sha1 ... debug1: channel 0: new ...
      (comp.security.ssh)
    • openssh3.7p1 chroot patch not work on solaris 7
      ... debug1: monitor_child_preauth: test has been authenticated by privileged process ... debug3: mm_get_keystate: Waiting for new keys ... debug2: mac_init: found hmac-sha1 ... debug1: channel 0: new ...
      (comp.security.ssh)
    • Problem with some user autentification error on sshd
      ... debug1: Reading configuration data /etc/ssh/ssh_config ... debug2: kex_parse_kexinit: none,zlib ... debug3: check_host_in_hostfile: match line 3 ... debug1: Next authentication method: keyboard-interactive ...
      (SSH)
    • Re: ssh xterm -> HPUX fails
      ... debug1: read PEM private key done: type RSA ... debug3: preauth child monitor started ... debug2: monitor_read: 0 used once, ... debug2: channel 0: sent ext data 106 ...
      (comp.security.ssh)