ssh authentication woes

From: Michael Sierchio (kudzu_at_tenebras.com)
Date: 08/28/03

Next message: Michael Sierchio: "Re: ssh authentication woes"

Previous message: Mikko: "Re: ssh login with passwords!"
Next in thread: Michael Sierchio: "Re: ssh authentication woes"
Reply: Michael Sierchio: "Re: ssh authentication woes"
Reply: Darren Tucker: "Re: ssh authentication woes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 28 Aug 2003 13:38:28 -0700

Any obvious insights?

Both hosts:

OpenSSH_3.5p1 FreeBSD-20030201, SSH protocols 1.5/2.0, OpenSSL 0x0090701f

FreeBSD 4.8-RELEASE-p4

identical ssh_config, sshd_config

challenge-response auth enabled

pam.conf seems correctly configured

But

Root on mail can ssh to kudzu on sapphire...

mail# whoami
root
mail# ssh -l kudzu sapphire
otp-md5 490 sa8495 ext
Password:
sapphire 201>

kudzu on sapphire can ssh to kudzu on mail

sapphire 293> whoami
kudzu
sapphire 294> ssh mail
otp-md5 490 me5359 ext
Password:

But kudzu on mail can't connect to sapphire (any user)

mail 201> whoami
kudzu
mail 202> ssh sapphire
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboard-interactive).
mail 203> ssh -v sapphire
OpenSSH_3.5p1 FreeBSD-20030201, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to sapphire.tenebras.com [192.168.188.241] port 22.
debug1: Connection established.
debug1: identity file /home/kudzu/.ssh/identity type -1
debug1: identity file /home/kudzu/.ssh/id_rsa type -1
debug1: identity file /home/kudzu/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.5p1 FreeBSD-20030201
debug1: match: OpenSSH_3.5p1 FreeBSD-20030201 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1 FreeBSD-20030201
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client arcfour hmac-md5 none
debug1: kex: client->server arcfour hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 123/256
debug1: bits set: 1571/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'sapphire.tenebras.com' is known and matches the DSA host key.
debug1: Found key in /home/kudzu/.ssh/known_hosts:1
debug1: bits set: 1652/3191
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /home/kudzu/.ssh/identity
debug1: try privkey: /home/kudzu/.ssh/id_rsa
debug1: try privkey: /home/kudzu/.ssh/id_dsa
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is password
debug1: authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
debug1: authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: no more auth methods to try
Permission denied (publickey,password,keyboard-interactive).
debug1: Calling cleanup 0x804c158(0x0)

Next message: Michael Sierchio: "Re: ssh authentication woes"

Previous message: Mikko: "Re: ssh login with passwords!"
Next in thread: Michael Sierchio: "Re: ssh authentication woes"
Reply: Michael Sierchio: "Re: ssh authentication woes"
Reply: Darren Tucker: "Re: ssh authentication woes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: RE : RE : X11Forwarding problem on Solaris.
... The program is using the display environment variable. ... First i use ssh to connect from node2 to node4 and then I start the PROGRAM ... debug1: Connection established. ... Subject: RE: RE: X11Forwarding problem on Solaris. ...
(SSH)
Solaris->Fedora6 unidirectional problem
... I have a strange unsolved unidirectional problem using ssh from Solaris to Fedora6: ... I have a couple FC6 behind the Solaris boxes ... debug2: fd 4 setting O_NONBLOCK ... debug1: fd 4 clearing O_NONBLOCK ...
(SSH)
[SLE] Slow SSH login
... A> ssh B ... second delay no matter the authentication mechanism ... debug1: Authentication succeeded. ...
(SuSE)
UPDATE2: SSH problem to Solaris 10 : Resource temporarily unavailable]
... I truss-ed the client ssh call and managed to identify the exact ... debug1: Rhosts Authentication disabled, originating port will not be trusted. ... debug1: We proposed langtags, ctos: en-US ...
(SunManagers)
Problems with passwordless ssh/scp (W2K client , Solaris 8 server).
... configuration for the ssh client and server. ... The SSH server configuration is a pretty standard configuration (Solaris ... Rhosts Authentication disabled, ... debug1: Connection established. ...
(SSH)