more problems with host-based authentication
From: Chris (ijkdc_at_spamhater.hotmail.com)
Date: 12/29/04
- Next message: barf: "Re: Wireless Card"
- Previous message: Geoffrey King: "Re: Log into an NT Domain"
- Next in thread: Allen McIntosh: "Re: more problems with host-based authentication"
- Reply: Allen McIntosh: "Re: more problems with host-based authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 29 Dec 2004 00:45:12 -0600
I'm still having problems with this dumb thing. I changed the hosts files
so everything matches. On both machines, it is blade-0.power -- no period
at the end. It seems to try a couple of keys, both of whcih the server
doesn't like... ??? Here's what I get on the server:
blade-1:~ # /etc/init.d/sshd stop
Shutting down SSH daemon done
blade-1:~ # sshd -d
debug1: sshd version OpenSSH_3.8p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from ::ffff:192.168.70.130 port 32818
debug1: Client protocol version 2.0; client software version OpenSSH_3.8p1
debug1: match: OpenSSH_3.8p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_3.8p1
debug1: permanently_set_uid: 71/65
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 failures 0
debug1: PAM: initializing for "root"
Failed none for root from ::ffff:192.168.70.130 port 32818 ssh2
debug1: userauth-request for user root service ssh-connection method
hostbased
debug1: attempt 1 failures 1
debug1: userauth_hostbased: cuser root chost blade-0.power. pkalg ssh-dss
slen 55
debug1: PAM: setting PAM_RHOST to "blade-0.power"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: restore_uid: 0/0
Failed hostbased for root from ::ffff:192.168.70.130 port 32818 ssh2
debug1: userauth-request for user root service ssh-connection method
hostbased
debug1: attempt 2 failures 2
debug1: userauth_hostbased: cuser root chost blade-0.power. pkalg ssh-rsa
slen 143
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: restore_uid: 0/0
Failed hostbased for root from ::ffff:192.168.70.130 port 32818 ssh2
debug1: userauth-request for user root service ssh-connection method
keyboard-interactive
debug1: attempt 3 failures 3
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=root devs=
debug1: kbdint_alloc: devices 'pam'
debug1: auth2_challenge_start: trying authentication method 'pam'
Postponed keyboard-interactive for root from ::ffff:192.168.70.130 port
32818 ssh2
Connection closed by ::ffff:192.168.70.130
debug1: do_cleanup
debug1: PAM: cleanup
Here's what I get on the client:
chris@blade-0:~> ssh -v -v blade-1
OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to blade-1 [192.168.70.131] port 22.
debug1: connect to address 192.168.70.131 port 22: Connection refused
ssh: connect to host blade-1 port 22: Connection refused
chris@blade-0:~> ssh -v -v blade-1
OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to blade-1 [192.168.70.131] port 22.
debug1: Connection established.
debug1: identity file /home/chris/.ssh/identity type -1
debug1: identity file /home/chris/.ssh/id_rsa type -1
debug1: identity file /home/chris/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.8p1
debug1: match: OpenSSH_3.8p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
ijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
ijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
ac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
ac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
ijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
ijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
ac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
ac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 116/256
debug2: bits set: 522/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'blade-1' is known and matches the RSA host key.
debug1: Found key in /home/chris/.ssh/known_hosts:1
debug2: bits set: 504/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/chris/.ssh/identity ((nil))
debug2: key: /home/chris/.ssh/id_rsa ((nil))
debug2: key: /home/chris/.ssh/id_dsa ((nil))
debug1: Authentications that can continue:
publickey,keyboard-interactive,hostbased
debug1: Next authentication method: hostbased
debug2: userauth_hostbased: chost blade-0.power.
debug2: ssh_keysign called
debug2: we sent a hostbased packet, wait for reply
debug1: Authentications that can continue:
publickey,keyboard-interactive,hostbased
debug2: userauth_hostbased: chost blade-0.power.
debug2: ssh_keysign called
debug2: we sent a hostbased packet, wait for reply
debug1: Authentications that can continue:
publickey,keyboard-interactive,hostbased
debug1: No more client hostkeys for hostbased authentication.
debug2: we did not send a packet, disable method
debug1: Next authentication method: publickey
debug1: Trying private key: /home/chris/.ssh/identity
debug1: Trying private key: /home/chris/.ssh/id_rsa
debug1: Trying private key: /home/chris/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
Any help is greatly appreciated. Thanks!
- Next message: barf: "Re: Wireless Card"
- Previous message: Geoffrey King: "Re: Log into an NT Domain"
- Next in thread: Allen McIntosh: "Re: more problems with host-based authentication"
- Reply: Allen McIntosh: "Re: more problems with host-based authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
