sshd and redhat 6.2 (!)

From: Mauricio <raubvogel@xxxxxxxxx>
Date: Thu, 16 Aug 2007 11:15:52 -0700

Yes, I need to put ssh in a redhat box and canot upgrade its kernel
and/or gcc until I get that running. Long story, but the bottom line
is there are programs we do not know if we can upgrade to begin with.
I got a fairly late version of openssl and the latest version of
openssh. After telling it to configure without selinux, I was able to
get that compiled. I started sshd but I cannot ssh to the machine
even if I do ssh localhost:

[root@localhost /root]# ssh raub@localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is d2:21:b3:c6:77:86:b1:4a:49:2b:9f:
49:b3:01:23:db.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
[root@localhost /root]# ssh raub@localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is d2:21:b3:c6:77:86:b1:4a:49:2b:9f:
49:b3:01:23:db.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known
hosts.
raub@localhost's password:
Permission denied, please try again.
raub@localhost's password:

I did not do much to the sshd_config file; I just told it to ignore
ssh 1
and disallow root login (and allow x11 forwading). But, just to see if
I
missed anything, here it is:

#Port 22
#Protocol 2,1
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /usr/local/etc/ssh_host_key
# HostKeys for protocol version 2
#HostKey /usr/local/etc/ssh_host_rsa_key
#HostKey /usr/local/etc/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in
# /usr/local/etc/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem sftp /usr/local/libexec/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server

/var/log/messages only tells me I have a failed password:

Aug 16 12:19:07 localhost sshd[22503]: Failed password for raub from
127.0.0.1 port 1102 ssh2

/var/log/secure says nothing.

.

Follow-Ups:
- Re: sshd and redhat 6.2 (!)
  - From: Darren Tucker

Prev by Date: SCP only user? (untrusted user, my mother)
Next by Date: Re: SCP only user? (untrusted user, my mother)
Previous by thread: SCP only user? (untrusted user, my mother)
Next by thread: Re: sshd and redhat 6.2 (!)
Index(es):
- Date
- Thread

Relevant Pages

Problem with scp and SSH on Arch Linux
... PasswordAuthentication no ... # Kerberos options ... If this is enabled, PAM authentication will ... # the setting of "PermitRootLogin without-password". ...
(SSH)
sshd problem
... The anoyance is with the public key auth. ... PasswordAuthentication yes ... If this is enabled, PAM authentication will ... # "PermitRootLogin without-password". ...
(Fedora)
sFTP on 7.0-RELEASE no worky
... PasswordAuthentication yes ... # Kerberos options ... # Set this to 'no' to disable PAM authentication, account processing, ... # the setting of "PermitRootLogin without-password". ...
(freebsd-questions)
Re: disable password authentication with openssh
... > PubkeyAuthentication yes ... > PasswordAuthentication no ... > Of course, remember to restart ssh. ... PermitRootLogin param .. ...
(Debian-User)
Able to login with any password
... PasswordAuthentication yes ... GSSAPIAuthentication yes ... If this is enabled, PAM authentication will ... # "PermitRootLogin without-password". ...
(SSH)