Re: Permission denied (publickey,keyboard-interactive).

From: Thorsten Peter (boba_at_apt.mine.nu)
Date: 05/29/05 

Date: Sun, 29 May 2005 17:17:06 +0200

Vincent wrote:
> Hi,
>
> I try to use ssh but I receive the message quote in the title.
>
> After reading the mailing list, I ckecked theses points :
> in sshd_config, I have PermitRootLogin yes
> my /dev/tty doesn't have a problem because I can say yes when ssh ask me
> : "Are you sure you want to continue connecting (yes/no)?"
>
>
> When I make a test with 'ssh -vvv root@127.0.0.1' I have :
>
> OpenSSH_3.9p1, OpenSSL 0.9.7g 11 Apr 2005
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22.
> debug1: Connection established.
> debug1: permanently_set_uid: 0/0
> debug1: identity file /root/.ssh/identity type -1
> debug1: identity file /root/.ssh/id_rsa type -1
> debug1: identity file /root/.ssh/id_dsa type -1
> debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9p1
> debug1: match: OpenSSH_3.9p1 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.9p1
> debug2: fd 3 setting O_NONBLOCK
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
>
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
>
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
>
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
>
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
>
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
>
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug2: dh_gen_key: priv key bits set: 130/256
> debug2: bits set: 978/2048
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
> debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
> debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
> debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
> debug2: no key of type 0 for host 127.0.0.1
> debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts2
> debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts2
> debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
> debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
> debug2: no key of type 2 for host 127.0.0.1
> Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts.
> debug2: bits set: 1036/2048
> debug1: ssh_rsa_verify: signature correct
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug2: key: /root/.ssh/identity ((nil))
> debug2: key: /root/.ssh/id_rsa ((nil))
> debug2: key: /root/.ssh/id_dsa ((nil))
> debug1: Authentications that can continue: publickey,keyboard-interactive
> debug3: start over, passed a different list publickey,keyboard-interactive
> debug3: preferred publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /root/.ssh/identity
> debug3: no such identity: /root/.ssh/identity
> debug1: Trying private key: /root/.ssh/id_rsa
> debug3: no such identity: /root/.ssh/id_rsa
> debug1: Trying private key: /root/.ssh/id_dsa
> debug3: no such identity: /root/.ssh/id_dsa
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup keyboard-interactive
> debug3: remaining preferred: password
> debug3: authmethod_is_enabled keyboard-interactive
> debug1: Next authentication method: keyboard-interactive
> debug2: userauth_kbdint
> debug2: we sent a keyboard-interactive packet, wait for reply
> debug1: Authentications that can continue: publickey,keyboard-interactive
> debug3: userauth_kbdint: disable: no info_req_seen
> debug2: we did not send a packet, disable method
> debug1: No more authentication methods to try.
> Permission denied (publickey,keyboard-interactive).
>
>
> Is anyone have a idea ?
>
> Thanks,
>
> Vincent LE GARREC

did you modify your sshd_config yet in any other way, cept for permitrootlogin?
would be good to know. otherwise it's hard to tell what your problem is.
with a default install of actual openssh version (4.0p1) i dont have a prob
logging in as root with the default config after install.
it could be that your problem is PAM related. did u activate pam in sshd_config?

Thorsten

Relevant Pages

  • RE: How do I install & set up RADIUS?
    ... Best regards, ... Vincent Xu ... Microsoft Online Partner Support ... How do I install & set up RADIUS? ...
    (microsoft.public.windows.server.general)
  • RE: How do I install & set up RADIUS?
    ... Best regards, ... Vincent Xu ... Microsoft Online Partner Support ... How do I install & set up RADIUS? ...
    (microsoft.public.windows.server.general)
  • RE: Printers dont work after W2K3 install
    ... the driver installed in Windows 2K system and Windows 2003 system. ... Thks Vincent. ... Can you print any documents on the new print server? ... Printers don't work after W2K3 install ...
    (microsoft.public.windows.server.migration)
  • Re: py2exe windows apps path question
    ... Vincent, I'm not sure I completely understand your question but this ... Then I use curdir to build all of the paths in my app: ... > | the install directory as the current working directory. ... > module for the current process lives in for dlls. ...
    (comp.lang.python)
  • Re: Checking for update error
    ... Vincent, I don't think that article applies as I'm not trying to install ... >>There is a network problem and the detection catalog used by the Office ... >>Windows Installer patch files from previously applied Office ...
    (microsoft.public.officeupdate)