Re: SSH: trying the simplest configuration with no success

From: Chris Skelsey (chris.skelsey_at_esands.com)
Date: 02/24/04

• Next message: Ravi Parimi: "Handling SSH yes/no message"
• Previous message: Mike Delaney: "Re: [URG] SSH & PAM"
• In reply to: Per Hedeland: "Re: SSH: trying the simplest configuration with no success"
• Next in thread: Chris Skelsey: "Re: SSH: trying the simplest configuration with no success"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 24 Feb 2004 11:50:39 +1100

Setting UsePrivilegedPort to yes has got me a little further.

The server now states:

Connection from 172.16.2.30 port 1023
debug1: Client protocol version 1.5; client software version OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
debug1: Local version string SSH-1.99-OpenSSH_3.4p1
debug2: Network child is on pid 9601
debug1: Sent 768 bit server key and 1024 bit host key.
debug1: Encryption type: blowfish
debug2: monitor_read: 28 used once, disabling now
debug1: Received session key; encryption turned on.
debug2: monitor_read: 30 used once, disabling now
debug1: Installing crc compensation attack detector.
debug2: monitor_read: 6 used once, disabling now
debug1: Attempting authentication for ess.
debug1: Starting up PAM with username "ess"
debug1: PAM setting rhost to "ows1.esands.com"
debug2: monitor_read: 37 used once, disabling now
Failed none for ess from 172.16.2.30 port 1023
Could not reverse map address 172.16.2.30.
debug2: auth_rhosts2: clientuser ess hostname 172.16.2.30 ipaddr 172.16.2.30
debug1: temporarily_use_uid: 501/100 (e=94)
debug1: restore_uid
Failed rhosts for ess from 172.16.2.30 port 1023 ruser ess
debug1: rcvd SSH_CMSG_AUTH_TIS
Failed challenge-response for ess from 172.16.2.30 port 1023

and the client:

ebug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: restore_uid
debug1: ssh_connect: getuid 500 geteuid 0 anon 0
debug1: Connecting to hurricane [172.16.2.18] port 22.
debug1: Allocated local port 1022.
debug1: temporarily_use_uid: 500/500 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: identity file /home/ess/.ssh/identity type 0
debug1: identity file /home/ess/.ssh/id_rsa type -1
debug1: identity file /home/ess/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat OpenSSH*
debug1: Local version string SSH-1.5-OpenSSH_3.1p1
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'hurricane' is known and matches the RSA1 host key.
debug1: Found key in /home/ess/.ssh/known_hosts:1
debug1: Encryption type: blowfish
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying rhosts authentication.
debug1: Doing challenge response authentication.
debug1: No challenge.
debug1: Doing password authentication.

> But using Rhosts is not the "simplest" - it needs things that no other
> scheme needs, and as Richard says, it's also a really bad idea. The
> "basics" is obviously password authentication which should "just work"
> out of the box, from there you might go to RhostsRSA or more usefully
> Hostbased which is the version 2 "equivalent" (RhostsRSA is version 1
> only).

I'd really like to get Rhosts working before I consider moving onto
another form of non-interactive login (which I need since I'm scripting
this up). However, if problems associated with the method are
troublesome to track down, I'll move to RhostsRSA or hostbased.

Thanks for the help - any further pointers would be great.

Chris Skelsey.

  - Chris Skelsey ------------------------------------
| Environmental Systems & Services, Australia
| chris.skelsey@esands.com +61 3 8420 8926
| www.esands.com

• Next message: Ravi Parimi: "Handling SSH yes/no message"
• Previous message: Mike Delaney: "Re: [URG] SSH & PAM"
• In reply to: Per Hedeland: "Re: SSH: trying the simplest configuration with no success"
• Next in thread: Chris Skelsey: "Re: SSH: trying the simplest configuration with no success"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: OPENSSH 3.4p1-3 on AIX 4.3.3 ... Teh debug output from the server is exactly the same, ... >another port. ... >reverse dns setup properly for that client? ... >debug1: Server will not fork when running in debugging mode. ... (SSH) Re: Server refusing connection. ... the command line through my PuTTY client, but I cannot load the URLs ... I need some assistance to figure out why my ssh server is refusing my ... debug1: read PEM private key done: type RSA ... Server listening on 0.0.0.0 port 22. ... (comp.security.ssh) OpenSSH 3.5p1 port forwarding problem on Solaris 2.8 ... I'm trying to use port forwarding to get a SqlNet connections back thru ... This gets a Connection refused. ... debug1: Rhosts Authentication disabled, ... (comp.security.ssh) Re: Problems using gssapi authentication from FreeBSD to Linux machines ... More information as to why will be in the debug logs from the server. ... debug1: read PEM private key done: type RSA ... Server listening on:: port 2222. ... (SSH) Re: OPENSSH 3.4p1-3 on AIX 4.3.3 ... Teh debug output from the server is exactly the same, ... another port. ... reverse dns setup properly for that client? ... debug1: Server will not fork when running in debugging mode. ... (SSH)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint