Re: ssh access denied in Suse 9.0 fresh install
From: Gary Spechko (durenthal_at_hotmail.com)
Date: 03/31/04
- Next message: Gary Spechko: "Re: ssh access denied in Suse 9.0 fresh install"
- Previous message: Mike Marshall: "Re: ssh access denied in Suse 9.0 fresh install"
- In reply to: Mike Marshall: "Re: ssh access denied in Suse 9.0 fresh install"
- Next in thread: Gary Spechko: "Re: ssh access denied in Suse 9.0 fresh install"
- Reply: Gary Spechko: "Re: ssh access denied in Suse 9.0 fresh install"
- Reply: Darren Tucker: "Re: ssh access denied in Suse 9.0 fresh install"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 31 Mar 2004 18:14:30 GMT
> Here's part of a message I recently sent a co-worker:
> * suse90# rpm -qf /usr/sbin/sshd
> * openssh-3.7.1p2-1
> * It turns out that a bunch of the pam code in openssh changed at
> * revision 3.7. I made things seem to work with the following
> * /etc/ssh/sshd_config settings:
> * UsePAM yes
> * UsePrivilegeSeparation no
Thanks Mike. I'm running openssh-3.7.1p2-113, and those two settings
are already present in /etc/ssh/sshd_config
I ran sshd in debug mode, as Richard suggested, and got the following:
Successful login from suse 8.2 shell on an adjacent machine:
smtp:/etc/ssh # sshd -d -p 1234
debug1: sshd version OpenSSH_3.7.1p2
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 1234 on ::.
Server listening on :: port 1234.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from ::ffff:192.168.60.254 port 40933
debug1: Client protocol version 2.0; client software version OpenSSH_3.5p1
debug1: match: OpenSSH_3.5p1 pat
OpenSSH_3.2*,OpenSSH_3.3*,OpenSSH_3.4*,OpenSSH_3.5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_3.7.1p2
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user testuser service ssh-connection method
none
debug1: attempt 0 failures 0
debug1: PAM: initializing for "testuser"
debug1: PAM: setting PAM_RHOST to "192.168.60.254"
debug1: PAM: setting PAM_TTY to "ssh"
Failed none for testuser from ::ffff:192.168.60.254 port 40933 ssh2
debug1: userauth-request for user testuser service ssh-connection method
keyboard-interactive
debug1: attempt 1 failures 1
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=testuser devs=
debug1: kbdint_alloc: devices 'pam'
debug1: auth2_challenge_start: trying authentication method 'pam'
Postponed keyboard-interactive for testuser from ::ffff:192.168.60.254
port 40933 ssh2
Postponed keyboard-interactive/pam for testuser from
::ffff:192.168.60.254 port 40933 ssh2
Accepted keyboard-interactive/pam for testuser from
::ffff:192.168.60.254 port 40933 ssh2
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request pty-req reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/pts/2
debug1: server_input_channel_req: channel 0 request shell reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: PAM: setting PAM_TTY to "/dev/pts/2"
debug1: PAM: establishing credentials
debug1: Setting controlling tty using TIOCSCTTY.
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 5663
debug1: session_exit_message: session 0 channel 0 pid 5663
debug1: session_exit_message: release channel 0
debug1: session_close: session 0 pid 5663
debug1: session_pty_cleanup: session 0 release /dev/pts/2
debug1: channel 0: free: server-session, nchannels 1
Connection closed by ::ffff:192.168.60.254
debug1: krb5_cleanup_proc called
Closing connection to ::ffff:192.168.60.254
debug1: PAM: cleanup
Then, failure using putty from a windows xp machine:
smtp:/etc/ssh # sshd -d -p 1234
debug1: sshd version OpenSSH_3.7.1p2
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 1234 on ::.
Server listening on :: port 1234.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from ::ffff:10.1.2.255 port 4232
debug1: Client protocol version 1.5; client software version
PuTTY-Release-0.53
debug1: no match: PuTTY-Release-0.53
debug1: Local version string SSH-1.99-OpenSSH_3.7.1p2
debug1: Sent 768 bit server key and 1024 bit host key.
debug1: Encryption type: blowfish
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug1: PAM: initializing for "testuser"
debug1: PAM: setting PAM_RHOST to "spechko.mydomain.com"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: Attempting authentication for testuser.
Password authentication disabled.
Failed password for testuser from ::ffff:10.1.2.255 port 4232
Connection closed by ::ffff:10.1.2.255
debug1: Calling cleanup 0x8066f50(0x0)
debug1: PAM: cleanup
debug1: Calling cleanup 0x80733b0(0x0)
I'm not sure why I got failed password... but now it looks like the
problem is with putty - I had originally failed to connect from the 8.2
box because I was su at the time I tried, and that transmitted root as
the uid.
Thank you both for taking the time to reply.
- Next message: Gary Spechko: "Re: ssh access denied in Suse 9.0 fresh install"
- Previous message: Mike Marshall: "Re: ssh access denied in Suse 9.0 fresh install"
- In reply to: Mike Marshall: "Re: ssh access denied in Suse 9.0 fresh install"
- Next in thread: Gary Spechko: "Re: ssh access denied in Suse 9.0 fresh install"
- Reply: Gary Spechko: "Re: ssh access denied in Suse 9.0 fresh install"
- Reply: Darren Tucker: "Re: ssh access denied in Suse 9.0 fresh install"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
