/ Forside / Teknologi / Operativsystemer / Linux / Nyhedsindlæg
Login
Glemt dit kodeord?
Brugernavn

Kodeord


Reklame
Top 10 brugere
Linux
#NavnPoint
o.v.n. 11177
peque 7911
dk 4814
e.c 2359
Uranus 1334
emesen 1334
stone47 1307
linuxrules 1214
Octon 1100
10  BjarneD 875
OpenSSH 3.4 på Redhat 6.0: Failed password
Fra : Allan Olesen


Dato : 01-07-02 17:04

Jeg har på min gamle RedHat 6.0 installeret OpenSSH 3.4 fra
source.

Den kræver OpenSSL og zlib, så jeg har også installeret OpenSSL
l-0.9.6d fra source, samt zlib-1.1.3-6.i386.rpm og
zlib-devel-1.1.3-6.i386.rpm som binære filer fra RedHat.

Efter endt installation har jeg kopieret
openssh-3.4p1/contrib/redhat/sshd.pam (og forsøgvis sshd.pam.old)
til /etc/pam.d/sshd , og jeg har kørt init-scriptet i
openssh-3.4p1/contrib/redhat/sshd.init .

I /etc/ssh/config_sshd har jeg ikke pillet, bortset fra, at jeg
har slået kompression fra, da jeg fik en fejlmelding.

Ssh-klienten fungerer fint. Jeg kan forbinde til andre maskiner.

Sshd vil derimod ikke snakke med nogen, hverken PuTTY eller en
anden openssh-klient. Hvis jeg forsøger password-logon, bliver
jeg afvist. Hvis jeg forsøger nøgleudveksling, fortæller PuTTY
mig, at den ikke kan finde min private nøglefil (hvilket er noget
vrøvl, eftersom den selvsamme private nøglefil fint kan læses,
når PuTTY tilgår andre maskiner), og derefter falder den tilbage
på password-login.

Nogen forslag?


--
Allan

 
 
Thorbjoern Ravn Ande~ (01-07-2002)
Kommentar
Fra : Thorbjoern Ravn Ande~


Dato : 01-07-02 17:07

Allan Olesen <aolesen@post3.tele.dk> writes:

> Nogen forslag?

-v så den fortæller dig noget mere?

--
Thorbjørn Ravn Andersen
http://unixsnedkeren.dk - Unix, Java, Web, Netværk, Århus

Allan Olesen (01-07-2002)
Kommentar
Fra : Allan Olesen


Dato : 01-07-02 17:31

Thorbjoern Ravn Andersen <thunderbear@bigfoot.com> wrote:

>-v så den fortæller dig noget mere?

Nok nærmere -d, hvis det er serverens verdensopfattelse, vi
finder interessant. Her er med 3x -d:

>
>[root@aho1 /root]# sshd -d -d -d
>debug1: sshd version OpenSSH_3.4p1
>debug1: private host key: #0 type 0 RSA1
>debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
>debug1: read PEM private key done: type RSA
>debug1: private host key: #1 type 1 RSA
>debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
>debug1: read PEM private key done: type DSA
>debug1: private host key: #2 type 2 DSA
>debug1: Bind to port 4022 on 0.0.0.0.
>Server listening on 0.0.0.0 port 4022.
>Generating 768 bit RSA key.
>RSA key generation complete.
>debug1: Server will not fork when running in debugging mode.
>Connection from 10.0.3.10 port 2251
>debug1: Client protocol version 2.0; client software version OpenSSH_3.0.2p1 Debian 1:3.0.2p1-9
>debug1: match: OpenSSH_3.0.2p1 Debian 1:3.0.2p1-9 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
>Enabling compatibility mode for protocol 2.0
>debug1: Local version string SSH-1.99-OpenSSH_3.4p1
>debug2: Network child is on pid 11645
>debug3: preauth child monitor started
>debug3: mm_request_receive entering
>debug3: privsep user:group 508:508
>debug1: list_hostkey_types: ssh-rsa,ssh-dss
>debug1: SSH2_MSG_KEXINIT sent
>debug1: SSH2_MSG_KEXINIT received
>debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
>debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>debug2: kex_parse_kexinit: none
>debug2: kex_parse_kexinit: none
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit: first_kex_follows 0
>debug2: kex_parse_kexinit: reserved 0
>debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
>debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>debug2: kex_parse_kexinit: none
>debug2: kex_parse_kexinit: none
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit: first_kex_follows 0
>debug2: kex_parse_kexinit: reserved 0
>debug2: mac_init: found hmac-md5
>debug1: kex: client->server aes128-cbc hmac-md5 none
>debug2: mac_init: found hmac-md5
>debug1: kex: server->client aes128-cbc hmac-md5 none
>debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
>debug3: mm_request_send entering: type 0
>debug3: monitor_read: checking request 0
>debug3: mm_answer_moduli: got parameters: 1024 2048 8192
>debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
>debug3: mm_request_receive_expect entering: type 1
>debug3: mm_request_receive entering
>debug3: mm_request_send entering: type 1
>debug3: mm_choose_dh: remaining 0
>debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
>debug2: monitor_read: 0 used once, disabling now
>debug3: mm_request_receive entering
>debug1: dh_gen_key: priv key bits set: 124/256
>debug1: bits set: 1593/3191
>debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
>debug1: bits set: 1577/3191
>debug3: mm_key_sign entering
>debug3: mm_request_send entering: type 4
>debug3: monitor_read: checking request 4
>debug3: mm_answer_sign
>debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
>debug3: mm_request_receive_expect entering: type 5
>debug3: mm_request_receive entering
>debug3: mm_answer_sign: signature 0x810a990(143)
>debug3: mm_request_send entering: type 5
>debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
>debug1: kex_derive_keys
>debug1: newkeys: mode 1
>debug1: SSH2_MSG_NEWKEYS sent
>debug1: waiting for SSH2_MSG_NEWKEYS
>debug2: monitor_read: 4 used once, disabling now
>debug3: mm_request_receive entering
>debug1: newkeys: mode 0
>debug1: SSH2_MSG_NEWKEYS received
>debug1: KEX done
>debug1: userauth-request for user allan service ssh-connection method none
>debug1: attempt 0 failures 0
>debug3: mm_getpwnamallow entering
>debug3: mm_request_send entering: type 6
>debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
>debug3: mm_request_receive_expect entering: type 7
>debug3: mm_request_receive entering
>debug3: monitor_read: checking request 6
>debug3: mm_answer_pwnamallow
>debug3: allowed_user: today 11869 sp_expire -1 sp_lstchg 10892 sp_max 99999
>debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
>debug3: mm_request_send entering: type 7
>debug2: input_userauth_request: setting up authctxt for allan
>debug3: mm_inform_authserv entering
>debug3: mm_request_send entering: type 3
>debug2: input_userauth_request: try method none
>debug3: mm_auth_password entering
>debug3: mm_request_send entering: type 10
>debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
>debug3: mm_request_receive_expect entering: type 11
>debug3: mm_request_receive entering
>debug2: monitor_read: 6 used once, disabling now
>debug3: mm_request_receive entering
>debug3: monitor_read: checking request 3
>debug3: mm_answer_authserv: service=ssh-connection, style=
>debug2: monitor_read: 3 used once, disabling now
>debug3: mm_request_receive entering
>debug3: monitor_read: checking request 10
>debug3: mm_answer_authpassword: sending result 0
>debug3: mm_request_send entering: type 11
>debug3: mm_auth_password: user not authenticated
>Failed none for allan from 10.0.3.10 port 2251 ssh2
>Failed none for allan from 10.0.3.10 port 2251 ssh2
>debug3: mm_request_receive entering
>debug1: userauth-request for user allan service ssh-connection method keyboard-interactive
>debug1: attempt 1 failures 1
>debug2: input_userauth_request: try method keyboard-interactive
>debug1: keyboard-interactive devs
>debug1: auth2_challenge: user=allan devs=
>debug1: kbdint_alloc: devices ''
>debug2: auth2_challenge_start: devices
>Failed keyboard-interactive for allan from 10.0.3.10 port 2251 ssh2
>debug1: userauth-request for user allan service ssh-connection method password
>debug1: attempt 2 failures 2
>debug2: input_userauth_request: try method password
>debug3: mm_auth_password entering
>debug3: mm_request_send entering: type 10
>debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
>debug3: mm_request_receive_expect entering: type 11
>debug3: mm_request_receive entering
>debug3: monitor_read: checking request 10
>debug3: mm_answer_authpassword: sending result 0
>debug3: mm_request_send entering: type 11
>debug3: mm_auth_password: user not authenticated
>Failed password for allan from 10.0.3.10 port 2251 ssh2
>Failed password for allan from 10.0.3.10 port 2251 ssh2
>debug3: mm_request_receive entering
>debug1: userauth-request for user allan service ssh-connection method password
>debug1: attempt 3 failures 3
>debug2: input_userauth_request: try method password
>debug3: mm_auth_password entering
>debug3: mm_request_send entering: type 10
>debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
>debug3: mm_request_receive_expect entering: type 11
>debug3: mm_request_receive entering
>debug3: monitor_read: checking request 10
>debug3: mm_answer_authpassword: sending result 0
>debug3: mm_request_send entering: type 11
>debug3: mm_auth_password: user not authenticated
>Failed password for allan from 10.0.3.10 port 2251 ssh2
>Failed password for allan from 10.0.3.10 port 2251 ssh2
>debug3: mm_request_receive entering


--
Allan

Alex Holst (01-07-2002)
Kommentar
Fra : Alex Holst


Dato : 01-07-02 17:18

Allan Olesen <aolesen@post3.tele.dk> wrote:
[..]
> Nogen forslag?

What Thunderbear said, dog med en lille tilfoejelse:

server# sshd -D -ddd -p 2022

client$ ssh -vvv -p 2022 user@host

Lad os se begge debug logs.

--
I prefer the dark of the night, after midnight and before four-thirty,
when it's more bare, more hollow. http://a.area51.dk/


Allan Olesen (01-07-2002)
Kommentar
Fra : Allan Olesen


Dato : 01-07-02 17:46

Alex Holst <a@mongers.org> wrote:

>What Thunderbear said, dog med en lille tilfoejelse:

Damned. Nu har jeg ellers lige svaret ham. Vi prøver igen:

>server# sshd -D -ddd -p 2022

Den giver:
>[root@aho1 /root]# sshd -D -ddd -p 2022
>debug1: sshd version OpenSSH_3.4p1
>debug1: private host key: #0 type 0 RSA1
>debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
>debug1: read PEM private key done: type RSA
>debug1: private host key: #1 type 1 RSA
>debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
>debug1: read PEM private key done: type DSA
>debug1: private host key: #2 type 2 DSA
>debug1: Bind to port 2022 on 0.0.0.0.
>Server listening on 0.0.0.0 port 2022.
>Generating 768 bit RSA key.
>RSA key generation complete.
>debug1: Server will not fork when running in debugging mode.
>Connection from 10.0.3.10 port 2253
>debug1: Client protocol version 2.0; client software version OpenSSH_3.0.2p1 Debian 1:3.0.2p1-9
>debug1: match: OpenSSH_3.0.2p1 Debian 1:3.0.2p1-9 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
>Enabling compatibility mode for protocol 2.0
>debug1: Local version string SSH-1.99-OpenSSH_3.4p1
>debug2: Network child is on pid 11673
>debug3: privsep user:group 508:508
>debug3: preauth child monitor started
>debug3: mm_request_receive entering
>debug1: list_hostkey_types: ssh-rsa,ssh-dss
>debug1: SSH2_MSG_KEXINIT sent
>debug1: SSH2_MSG_KEXINIT received
>debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
>debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>debug2: kex_parse_kexinit: none
>debug2: kex_parse_kexinit: none
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit: first_kex_follows 0
>debug2: kex_parse_kexinit: reserved 0
>debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
>debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>debug2: kex_parse_kexinit: none
>debug2: kex_parse_kexinit: none
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit: first_kex_follows 0
>debug2: kex_parse_kexinit: reserved 0
>debug2: mac_init: found hmac-md5
>debug1: kex: client->server aes128-cbc hmac-md5 none
>debug2: mac_init: found hmac-md5
>debug1: kex: server->client aes128-cbc hmac-md5 none
>debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
>debug3: mm_request_send entering: type 0
>debug3: monitor_read: checking request 0
>debug3: mm_answer_moduli: got parameters: 1024 2048 8192
>debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
>debug3: mm_request_receive_expect entering: type 1
>debug3: mm_request_receive entering
>debug3: mm_request_send entering: type 1
>debug3: mm_choose_dh: remaining 0
>debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
>debug2: monitor_read: 0 used once, disabling now
>debug3: mm_request_receive entering
>debug1: dh_gen_key: priv key bits set: 128/256
>debug1: bits set: 1585/3191
>debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
>debug1: bits set: 1575/3191
>debug3: mm_key_sign entering
>debug3: mm_request_send entering: type 4
>debug3: monitor_read: checking request 4
>debug3: mm_answer_sign
>debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
>debug3: mm_request_receive_expect entering: type 5
>debug3: mm_request_receive entering
>debug3: mm_answer_sign: signature 0x810a800(143)
>debug3: mm_request_send entering: type 5
>debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
>debug1: kex_derive_keys
>debug1: newkeys: mode 1
>debug1: SSH2_MSG_NEWKEYS sent
>debug1: waiting for SSH2_MSG_NEWKEYS
>debug2: monitor_read: 4 used once, disabling now
>debug3: mm_request_receive entering
>debug1: newkeys: mode 0
>debug1: SSH2_MSG_NEWKEYS received
>debug1: KEX done
>debug1: userauth-request for user allan service ssh-connection method none
>debug1: attempt 0 failures 0
>debug3: mm_getpwnamallow entering
>debug3: mm_request_send entering: type 6
>debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
>debug3: mm_request_receive_expect entering: type 7
>debug3: mm_request_receive entering
>debug3: monitor_read: checking request 6
>debug3: mm_answer_pwnamallow
>debug3: allowed_user: today 11869 sp_expire -1 sp_lstchg 10892 sp_max 99999
>debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
>debug3: mm_request_send entering: type 7
>debug2: input_userauth_request: setting up authctxt for allan
>debug3: mm_inform_authserv entering
>debug3: mm_request_send entering: type 3
>debug2: input_userauth_request: try method none
>debug3: mm_auth_password entering
>debug3: mm_request_send entering: type 10
>debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
>debug3: mm_request_receive_expect entering: type 11
>debug3: mm_request_receive entering
>debug2: monitor_read: 6 used once, disabling now
>debug3: mm_request_receive entering
>debug3: monitor_read: checking request 3
>debug3: mm_answer_authserv: service=ssh-connection, style=
>debug2: monitor_read: 3 used once, disabling now
>debug3: mm_request_receive entering
>debug3: monitor_read: checking request 10
>debug3: mm_answer_authpassword: sending result 0
>debug3: mm_request_send entering: type 11
>debug3: mm_auth_password: user not authenticated
>Failed none for allan from 10.0.3.10 port 2253 ssh2
>Failed none for allan from 10.0.3.10 port 2253 ssh2
>debug3: mm_request_receive entering
>debug1: userauth-request for user allan service ssh-connection method keyboard-interactive
>debug1: attempt 1 failures 1
>debug2: input_userauth_request: try method keyboard-interactive
>debug1: keyboard-interactive devs
>debug1: auth2_challenge: user=allan devs=
>debug1: kbdint_alloc: devices ''
>debug2: auth2_challenge_start: devices
>Failed keyboard-interactive for allan from 10.0.3.10 port 2253 ssh2
>debug1: userauth-request for user allan service ssh-connection method password
>debug1: attempt 2 failures 2
>debug2: input_userauth_request: try method password
>debug3: mm_auth_password entering
>debug3: mm_request_send entering: type 10
>debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
>debug3: mm_request_receive_expect entering: type 11
>debug3: mm_request_receive entering
>debug3: monitor_read: checking request 10
>debug3: mm_answer_authpassword: sending result 0
>debug3: mm_request_send entering: type 11
>debug3: mm_auth_password: user not authenticated
>Failed password for allan from 10.0.3.10 port 2253 ssh2
>Failed password for allan from 10.0.3.10 port 2253 ssh2
>debug3: mm_request_receive entering
>debug1: userauth-request for user allan service ssh-connection method password
>debug1: attempt 3 failures 3
>debug2: input_userauth_request: try method password
>debug3: mm_auth_password entering
>debug3: mm_request_send entering: type 10
>debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
>debug3: mm_request_receive_expect entering: type 11
>debug3: mm_request_receive entering
>debug3: monitor_read: checking request 10
>debug3: mm_answer_authpassword: sending result 0
>debug3: mm_request_send entering: type 11
>debug3: mm_auth_password: user not authenticated
>Failed password for allan from 10.0.3.10 port 2253 ssh2
>Failed password for allan from 10.0.3.10 port 2253 ssh2
>debug3: mm_request_receive entering
>debug1: userauth-request for user allan service ssh-connection method password
>debug1: attempt 4 failures 4
>debug2: input_userauth_request: try method password
>debug3: mm_auth_password entering
>debug3: mm_request_send entering: type 10
>debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
>debug3: mm_request_receive_expect entering: type 11
>debug3: mm_request_receive entering
>debug3: monitor_read: checking request 10
>debug3: mm_answer_authpassword: sending result 0
>debug3: mm_request_send entering: type 11
>debug3: mm_auth_password: user not authenticated
>Failed password for allan from 10.0.3.10 port 2253 ssh2
>Failed password for allan from 10.0.3.10 port 2253 ssh2
>Connection closed by 10.0.3.10
>debug1: Calling cleanup 0x80683fc(0x0)
>debug3: mm_request_receive entering
>debug1: Calling cleanup 0x80683fc(0x0)
>[root@aho1 /root]#

>client$ ssh -vvv -p 2022 user@host

Den giver:
>allan@s1$ ssh -vvv -p 2022 allan@aho1
>OpenSSH_3.0.2p1 Debian 1:3.0.2p1-9, SSH protocols 1.5/2.0, OpenSSL 0x0090603f
>debug1: Reading configuration data /etc/ssh/ssh_config
>debug1: Seeding random number generator
>debug1: Rhosts Authentication disabled, originating port will not be trusted.
>debug1: restore_uid
>debug1: ssh_connect: getuid 1000 geteuid 0 anon 1
>debug1: Connecting to aho1 [10.0.2.1] port 2022.
>debug1: temporarily_use_uid: 1000/1000 (e=0)
>debug1: restore_uid
>debug1: temporarily_use_uid: 1000/1000 (e=0)
>debug1: restore_uid
>debug1: Connection established.
>debug1: read PEM private key done: type DSA
>debug1: read PEM private key done: type RSA
>debug1: identity file /home/allan/.ssh/identity type -1
>debug1: identity file /home/allan/.ssh/id_rsa type -1
>debug1: identity file /home/allan/.ssh/id_dsa type -1
>debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
>debug1: match: OpenSSH_3.4p1 pat ^OpenSSH
>Enabling compatibility mode for protocol 2.0
>debug1: Local version string SSH-2.0-OpenSSH_3.0.2p1 Debian 1:3.0.2p1-9
>debug1: SSH2_MSG_KEXINIT sent
>debug1: SSH2_MSG_KEXINIT received
>debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
>debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>debug2: kex_parse_kexinit: none
>debug2: kex_parse_kexinit: none
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit: first_kex_follows 0
>debug2: kex_parse_kexinit: reserved 0
>debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
>debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>debug2: kex_parse_kexinit: none
>debug2: kex_parse_kexinit: none
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit: first_kex_follows 0
>debug2: kex_parse_kexinit: reserved 0
>debug2: mac_init: found hmac-md5
>debug1: kex: server->client aes128-cbc hmac-md5 none
>debug2: mac_init: found hmac-md5
>debug1: kex: client->server aes128-cbc hmac-md5 none
>debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
>debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>debug1: dh_gen_key: priv key bits set: 131/256
>debug1: bits set: 1575/3191
>debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>debug3: check_host_in_hostfile: filename /home/allan/.ssh/known_hosts
>debug3: check_host_in_hostfile: match line 1
>debug3: check_host_in_hostfile: filename /home/allan/.ssh/known_hosts
>debug3: check_host_in_hostfile: match line 1
>debug1: Host 'aho1' is known and matches the RSA host key.
>debug1: Found key in /home/allan/.ssh/known_hosts:1
>debug1: bits set: 1585/3191
>debug1: ssh_rsa_verify: signature correct
>debug1: kex_derive_keys
>debug1: newkeys: mode 1
>debug1: SSH2_MSG_NEWKEYS sent
>debug1: waiting for SSH2_MSG_NEWKEYS
>debug1: newkeys: mode 0
>debug1: SSH2_MSG_NEWKEYS received
>debug1: done: ssh_kex2.
>debug1: send SSH2_MSG_SERVICE_REQUEST
>debug1: service_accept: ssh-userauth
>debug1: got SSH2_MSG_SERVICE_ACCEPT
>debug1: authentications that can continue: publickey,password,keyboard-interactive
>debug3: start over, passed a different list publickey,password,keyboard-interactive
>debug3: preferred publickey,keyboard-interactive,password
>debug3: authmethod_lookup publickey
>debug3: remaining preferred: keyboard-interactive,password
>debug3: authmethod_is_enabled publickey
>debug1: next auth method to try is publickey
>debug1: try privkey: /home/allan/.ssh/identity
>debug3: no such identity: /home/allan/.ssh/identity
>debug1: try privkey: /home/allan/.ssh/id_rsa
>debug3: no such identity: /home/allan/.ssh/id_rsa
>debug1: try privkey: /home/allan/.ssh/id_dsa
>debug3: no such identity: /home/allan/.ssh/id_dsa
>debug2: we did not send a packet, disable method
>debug3: authmethod_lookup keyboard-interactive
>debug3: remaining preferred: password
>debug3: authmethod_is_enabled keyboard-interactive
>debug1: next auth method to try is keyboard-interactive
>debug2: userauth_kbdint
>debug2: we sent a keyboard-interactive packet, wait for reply
>debug1: authentications that can continue: publickey,password,keyboard-interactive
>debug3: userauth_kbdint: disable: no info_req_seen
>debug2: we did not send a packet, disable method
>debug3: authmethod_lookup password
>debug3: remaining preferred:
>debug3: authmethod_is_enabled password
>debug1: next auth method to try is password
>allan@aho1's password:
>debug1: packet_send2: adding 64 (len 58 padlen 6 extra_pad 64)
>debug2: we sent a password packet, wait for reply
>debug1: authentications that can continue: publickey,password,keyboard-interactive
>Permission denied, please try again.
>allan@aho1's password:
>debug1: packet_send2: adding 64 (len 58 padlen 6 extra_pad 64)
>debug2: we sent a password packet, wait for reply
>debug1: authentications that can continue: publickey,password,keyboard-interactive
>Permission denied, please try again.
>allan@aho1's password:
>debug1: packet_send2: adding 64 (len 58 padlen 6 extra_pad 64)
>debug2: we sent a password packet, wait for reply
>debug1: authentications that can continue: publickey,password,keyboard-interactive
>debug2: we did not send a packet, disable method
>debug1: no more auth methods to try
>Permission denied (publickey,password,keyboard-interactive).
>debug1: Calling cleanup 0x80633cc(0x0)
>allan@s1$


>Lad os se begge debug logs.

Ovenstående er skærm-output. Når jeg starter sshd manuelt, får
jeg intet i logfilerne. Når jeg starter den med det medfølgende
redhat init-script og forsøger at logge på, får jeg følgende i
/var/log/messages:

>Jul 1 14:41:31 aho1 sshd[11121]: Server listening on 0.0.0.0 port 4022.
>Jul 1 14:41:49 aho1 sshd[11124]: Failed password for allan from 10.0.1.2 port 1420

....og det er jo ikke så informativt.


--
Allan

Alex Holst (01-07-2002)
Kommentar
Fra : Alex Holst


Dato : 01-07-02 23:01

Allan Olesen <aolesen@post3.tele.dk> wrote:
> Den giver:
>>[root@aho1 /root]# sshd -D -ddd -p 2022
>>debug1: sshd version OpenSSH_3.4p1
[..]
>>Failed password for allan from 10.0.3.10 port 2253 ssh2
>>Failed password for allan from 10.0.3.10 port 2253 ssh2

Noget faar din sshd til at tro passwordet er forkert. Er du *helt* sikker
paa, at PAM et al er compilet og sat korrekt op? Jeg vil vaedde en
chokoladeis paa, at det er det ikke :)

--
I prefer the dark of the night, after midnight and before four-thirty,
when it's more bare, more hollow. http://a.area51.dk/


Allan Olesen (02-07-2002)
Kommentar
Fra : Allan Olesen


Dato : 02-07-02 06:56

Alex Holst <a@mongers.org> wrote:

>Noget faar din sshd til at tro passwordet er forkert.

Ja, det var jeg også nået frem til.

>Er du *helt* sikker
>paa, at PAM et al er compilet og sat korrekt op? Jeg vil vaedde en
>chokoladeis paa, at det er det ikke :)

RedHat er som default opsat med PAM, og da jeg kan logge ind i
alt andet, må jeg gå ud fra, at PAM fungerer.

Hvorvidt min OpenSSH er korrekt compilet og opsat med PAM?
Det er jeg ikke haj nok til at finde ud af. Jeg har fulgt
instruktionerne i sourcen, og længere rækker mine evner ikke.

Jeg havde i øvrigt på forhånd læst hist og pist, at de nye
versioner af OpenSSH kunne give problemer med PAM, men at det
skulle fungere under Linux.


--
Allan

Alex Holst (02-07-2002)
Kommentar
Fra : Alex Holst


Dato : 02-07-02 12:31

Allan Olesen <aolesen@post3.tele.dk> wrote:
> Hvorvidt min OpenSSH er korrekt compilet og opsat med PAM?
> Det er jeg ikke haj nok til at finde ud af. Jeg har fulgt
> instruktionerne i sourcen, og længere rækker mine evner ikke.

Hvordan saa din ./configure kommando ud?

--
I prefer the dark of the night, after midnight and before four-thirty,
when it's more bare, more hollow. http://a.area51.dk/


Allan Olesen (02-07-2002)
Kommentar
Fra : Allan Olesen


Dato : 02-07-02 16:06

Alex Holst <a@mongers.org> wrote:

>Hvordan saa din ./configure kommando ud?

../configure --sysconfdir=/etc/ssh

Hm. Læser man de generelle instruktioner vedr. PAM i
INSTALL-filen, står der intet om, at der skal angives optioner
til ./configure for at få PAM til at virke. Men i listen over
optioner til ./configure er der da godt nok en --with-pam.

Den prøver jeg. Når jeg om et par døgn er færdig med at
oversætte, vender jeg tilbage med resultatet.


--
Allan

Allan Olesen (02-07-2002)
Kommentar
Fra : Allan Olesen


Dato : 02-07-02 18:26

Allan Olesen <aolesen@post3.tele.dk> wrote:

>Men i listen over
>optioner til ./configure er der da godt nok en --with-pam.

....og den gjorde udslaget. Nu kan jeg logge ind, både med
password og med nøglepar.

Det sidste kunne jeg måske også i forvejen, for jeg havde
overset, at PuTTY og sshd som default stod til at snakke SSH1,
mens jeg havde genereret SSH2-nøgler.

Takker for hjælpen.


--
Allan

Alex Holst (02-07-2002)
Kommentar
Fra : Alex Holst


Dato : 02-07-02 19:50

Allan Olesen <aolesen@post3.tele.dk> wrote:
> Takker for hjælpen.

Velbekomme -- tog du egenligt PAM vaeddemaalet, for hvis du gjorde,
skylder du mig en chokoladeis. :)

--
I prefer the dark of the night, after midnight and before four-thirty,
when it's more bare, more hollow. http://a.area51.dk/


Allan Olesen (02-07-2002)
Kommentar
Fra : Allan Olesen


Dato : 02-07-02 20:26

Alex Holst <a@mongers.org> wrote:

>Velbekomme -- tog du egenligt PAM vaeddemaalet, for hvis du gjorde,
>skylder du mig en chokoladeis. :)

Nej, det gjorde jeg ikke, men du skal til enhver tid være
velkommen til at komme og hente din chokoladeis.

Ved du forresten, hvorfor de fleste isfabrikker sælger en enormt
stor chokoladeis med meget kraftig smag til næsten ingen penge?
Det gør jeg - jeg har engang arbejdet på isfabrik, og her så jeg,
hvad der skete med diverse isaffald.


--
Allan

Alex Holst (02-07-2002)
Kommentar
Fra : Alex Holst


Dato : 02-07-02 21:00

Allan Olesen <aolesen@post3.tele.dk> wrote:
> Ved du forresten, hvorfor de fleste isfabrikker sælger en enormt
> stor chokoladeis med meget kraftig smag til næsten ingen penge?

Ja, det er fordi fabrikanterne af *god* chokolade betaler mig (og
isfabrikkerne) for at jeg kaster op i deres produktion i et forsoeg paa
at straffe folk der ikke fatter at koebe kvalitet.

> Det gør jeg - jeg har engang arbejdet på isfabrik, og her så jeg,
> hvad der skete med diverse isaffald.

Jeg har engang vaeret ansat hos A-Post, og her saa jeg hvad der skete
med pakker der stod "fragile" paa.

--
I prefer the dark of the night, after midnight and before four-thirty,
when it's more bare, more hollow. http://a.area51.dk/


Allan Olesen (02-07-2002)
Kommentar
Fra : Allan Olesen


Dato : 02-07-02 21:42

Alex Holst <a@mongers.org> wrote:

>Jeg har engang vaeret ansat hos A-Post, og her saa jeg hvad der skete
>med pakker der stod "fragile" paa.

Lad mig gætte:
De blev omhyggeligt kastet i en særskilt container, som stod
allerlængst væk?


--
Allan

Søg
Reklame
Statistik
Spørgsmål : 177558
Tips : 31968
Nyheder : 719565
Indlæg : 6408887
Brugere : 218888

Månedens bedste
Årets bedste
Sidste års bedste