SSH Troubles - Help!

From: unixman (segruber_at_bellsouth.net)
Date: 06/07/05


Date: 7 Jun 2005 12:53:14 -0700

I have one system, AIX 5.1, running OpenSSH_3.8.1p1, OpenSSL 0.9.6m 17
Mar 2004. I'll call this system SOURCE.

The other system, I'll call TARGET, is the same OS and SSH level. Both
the systems are running the ssh from IBM that is located in
sourceforge.net.

When I, from the SOURCE, run : ssh TARGET It always asks me for the
password.

Here's what I did so far, all to no avail :

I ensured that :

- $HOME and $HOME/.ssh were set to 700
- All files in $HOME/.ssh are set to 600
- The SOURCE identity.pub and TARGET authorized_keys file match
- The TARGET system key file is in the SOURCE known_hosts file
- Made sure on TARGET in /etc/security/lastlog, the
  unsuccessful_login_count = 0 for the respective user
- in /etc/security/user that daemon and rlogin=true
- I noticed that on the TARGET there was an $HOME/.ssh/prng_seed, I
  removed this
- The users account is not locked on the TARGET

I can, however, access the TARGET system from the SOURCE system under a
different userid with no problems. Also the SOURCE system can ssh to a
number of different systems with no problems.

So this leads me to the userid on the TARGET system having problems is
the culprit, but, for the like of me I cannot find what the cause is.

Below is the TARGET side sshd debug with the names and IP addresses
changed for anonynimity :

[TARGET] # /usr/sbin/sshd -d -d -d

debug3: Seeding PRNG from /usr/sbin/ssh-rand-helper
debug2: read_server_config: filename /etc/ssh/sshd_config
debug1: sshd version OpenSSH_3.8.1p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from SOURCE_SYSTEM_IP port 40992
debug1: Client protocol version 2.0; client software version
OpenSSH_3.8.1p1
debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_3.8.1p1
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): A file or
directory in the path name does not exist.

debug1: Error loading Kerberos, disabling Kerberos auth.
debug3: privsep user:group 1671:1
debug1: permanently_set_uid: 1671/1
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: Network child is on pid 36040
debug3: preauth child monitor started
debug3: mm_request_receive entering
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug3: mm_request_send entering: type 0
debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
debug3: mm_request_receive_expect entering: type 1
debug3: mm_request_receive entering
debug3: monitor_read: checking request 0
debug3: mm_answer_moduli: got parameters: 1024 1024 8192
debug3: mm_request_send entering: type 1
debug3: mm_choose_dh: remaining 0
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug2: dh_gen_key: priv key bits set: 126/256
debug2: bits set: 506/1024
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 519/1024
debug2: monitor_read: 0 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_key_sign entering
debug3: mm_request_send entering: type 4
debug3: monitor_read: checking request 4
debug3: mm_answer_sign
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
debug3: mm_request_receive_expect entering: type 5
debug3: mm_request_receive entering
debug3: mm_answer_sign: signature 2022ca68(143)
debug3: mm_request_send entering: type 5
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug2: monitor_read: 4 used once, disabling now
debug3: mm_request_receive entering
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user [USERID] service ssh-connection
method none
debug1: attempt 0 failures 0
debug3: mm_getpwnamallow entering
debug3: mm_request_send entering: type 6
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
debug3: mm_request_receive_expect entering: type 7
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_pwnamallow
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: mm_request_receive entering
debug2: input_userauth_request: setting up authctxt for [USERID]
debug3: mm_inform_authserv entering
debug3: mm_request_send entering: type 3
debug2: input_userauth_request: try method none
debug3: mm_auth_password entering
debug3: mm_request_send entering: type 10
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
debug3: mm_request_receive_expect entering: type 11
debug3: mm_request_receive entering
debug3: monitor_read: checking request 3
debug3: mm_answer_authserv: service=ssh-connection, style=
debug2: monitor_read: 3 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 10
debug3: mm_answer_authpassword: sending result 0
debug3: mm_request_send entering: type 11
debug3: mm_auth_password: user not authenticated
Failed none for [USERID] from SOURCE_SYSTEM_IP port 40992 ssh2
debug1: userauth-request for user [USERID] service ssh-connection
method publickey
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 20
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 21
debug3: mm_request_receive entering
Failed none for [USERID] from SOURCE_SYSTEM_IP port 40992 ssh2
debug3: mm_request_receive entering
debug3: monitor_read: checking request 20
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 2022f918
debug1: temporarily_use_uid: 567/210 (e=0/0)
debug1: trying public key file $HOME/[USERID]/.ssh/authorized_keys
Authentication refused: realpath $HOME/[USERID]/.ssh/authorized_keys
failed: Error 0
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 567/210 (e=0/0)
debug1: trying public key file $HOME/[USERID]/.ssh/authorized_keys2
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: key 2022f918 is disallowed
debug3: mm_request_send entering: type 21
debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss
Failed publickey for [USERID] from SOURCE_SYSTEM_IP port 40992 ssh2
debug3: mm_request_receive entering
debug1: userauth-request for user [USERID] service ssh-connection
method keyboard-interactive
debug1: attempt 2 failures 2
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=[USERID] devs=
debug1: kbdint_alloc: devices ''
debug2: auth2_challenge_start: devices
Failed keyboard-interactive for [USERID] from SOURCE_SYSTEM_IP port
40992 ssh2
Connection closed by SOURCE_SYSTEM_IP
debug1: do_cleanup
debug1: do_cleanup

I have been scratching my head on this one. Any and all help is
appreciated.

Thanks,
Scott



Relevant Pages

  • Unable to get shell prompt after logon
    ... debug1: Reading configuration data /etc/ssh/ssh_config ... debug1: Entering interactive session. ... debug2: Network child is on pid 950 ... debug3: preauth child monitor started ...
    (SSH)
  • Problem with some user autentification error on sshd
    ... debug1: Reading configuration data /etc/ssh/ssh_config ... debug2: kex_parse_kexinit: none,zlib ... debug3: check_host_in_hostfile: match line 3 ... debug1: Next authentication method: keyboard-interactive ...
    (SSH)
  • ssh works, scp hangs
    ... debug1: read PEM private key done: type RSA ... debug2: Network child is on pid 8182 ... debug3: preauth child monitor started ... debug3: mm_request_send entering: type 0 ...
    (Debian-User)
  • Openssh 3.7.1p2 hangs on Solaris 2.6
    ... debug1: read PEM private key done: type RSA ... debug2: Network child is on pid 2466 ... debug3: preauth child monitor started ... debug3: mm_request_send entering: type 0 ...
    (SSH)
  • RE: trying to use keys...been asked a bunch, didnt find many solutio ns
    ... debug1: read PEM private key done: type RSA ... debug3: preauth child monitor started ... debug2: kex_parse_kexinit: ... debug3: entering: type 0 ...
    (SSH)