bugzilla-daemon at mindrot.org
2002-Nov-06 21:38 UTC
[Bug 429] New: SSH 3.4p1 problems on Tru64 V4.0D & Tru64 V4.0F
http://bugzilla.mindrot.org/show_bug.cgi?id=429 Summary: SSH 3.4p1 problems on Tru64 V4.0D & Tru64 V4.0F Product: Portable OpenSSH Version: 3.4p1 Platform: Alpha OS/Version: OSF/1 Status: NEW Severity: major Priority: P2 Component: ssh AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: avi.koski at comverse.com We worked with no problems, with the following versions: openssh-3.0.2p1 , openssl-0.9.6b , zlib-1.1.3 We try to upgrade SSH to the new version openssh-3.4p1 (with the previous openssl and zlib versions, or with openssl-0.9.6g and same zlib version). Problem description: ssh works for root and no one else. If we try to ssh from another machine or from the Tru64 machine itself to any user, the connection is closed, after we enter the password. Example (ssh from another of from the same machine - no debug) $ssh -l avi168 10.119.50.168 avi168 at 10.119.50.168's password:xxxxxxxxxx Connection to 10.119.50.168 closed by remote host. Connection to 10.119.50.168 closed. and in the /var/adm/syslog.dated/05-Nov-16:53/auth.log file I get the following messages: Nov 6 11:29:30 trm61 sshd[24723]: Could not reverse map address 10.119.55.210. Nov 6 11:29:30 trm61 sshd[24723]: Accepted password for avi168 from 10.119.55.210 port 34450 ssh2 Nov 6 11:29:30 trm61 sshd[24733]: audgen(LOGIN): Permission denied Nov 6 11:29:30 trm61 sshd[24733]: fatal: Couldn't establish session for avi168 from 10.119.55.210 Example (with debug) $ ssh -vvv -l avi168 10.119.50.168 OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090605f debug1: Reading configuration data /usr/local/etc/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to 10.119.50.168 [10.119.50.168] port 22. debug1: Connection established. debug1: identity file /rlu/users/rluc/.ssh/identity type 0 debug1: identity file /rlu/users/rluc/.ssh/id_rsa type -1 debug1: identity file /rlu/users/rluc/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1 debug1: match: OpenSSH_3.4p1 pat OpenSSH* Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.4p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman- group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman- group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blM-^?%M-&towfish-cbc,cast128- cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 140/256 debug1: bits set: 1622/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /rlu/usM-^?%M- &ters/rluc/.ssh/known_hosts debug3: check_host_in_hostfile: match line 2 debug1: Host '10.119.50.168' is known and matches the RSA host key. debug1: Found key in /rlu/users/rluc/.ssh/known_hosts:2 debug1: bits set: 1596/3191 debug1: ssh_rsa_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password,keyboard- interactive debug3: start over, passed a different list publickey,password,keyboard- interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: next auth method to try is publickey M-^?%M-&tdebug1: try privkey: /rlu/users/rluc/.ssh/id_rsa debug3: no such identity: /rlu/users/rluc/.ssh/id_rsa debug1: try privkey: /rlu/users/rluc/.ssh/id_dsa debug3: no such identity: /rlu/users/rluc/.ssh/id_dsa debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: next auth method to try is keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug1: authentications that can continue: publickey,password,keyboard- interactive debug3: userauth_kbdint: disable: no info_req_seen debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: debug3: authmethod_is_enabled password debug1: next auth method to try is password avi168 at 10.119.50.168's password: debug3: packet_send2: adding 48 (len 61 padlen 19 extra_pad 64) debug2: we sent a passwM-^?%M-&tord packet, wait for reply debug1: ssh-userauth2 successful: method password debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug1: send channel open 0 debug1: Entering interactive session. debug2: callback start debug1: ssh_session2_setup: id 0 debug1: channel request 0: pty-req debug3: tty_make_modes: ospeed 38400 debug3: tty_make_modes: ispeed 0 debug3: tty_make_modes: 1 3 debug3: tty_make_modes: 2 28 debug3: tty_make_modes: 3 127 debug3: tty_make_modes: 4 21 debug3: tty_make_modes: 5 4 debug3: tty_make_modes: 6 0 debug3: tty_make_modes: 7 0 debug3: tty_make_modes: 8 17 debug3: tty_make_modes: 9 19 debug3: tty_make_modes: 10 26 debug3: tty_make_modes: 11 25 debug3: tty_make_modes: 12 18 debug3: tty_make_modes: 13 23 debug3: tty_make_modes: 14 22 debug3: tty_make_modes: 16 0 debug3: tty_make_modes: 18 15 debug3: tty_make_modes: 30 1 debug3: tty_make_modes: 31 0 debug3: tty_make_modes: 32 0 debug3: tty_make_modes: 33 1 debug3: tty_make_mM-^?%M-&todes: 34 0 debug3: tty_make_modes: 35 0 debug3: tty_make_modes: 36 1 debug3: tty_make_modes: 37 0 debug3: tty_make_modes: 38 1 debug3: tty_make_modes: 39 0 debug3: tty_make_modes: 40 0 debug3: tty_make_modes: 41 1 debug3: tty_make_modes: 50 1 debug3: tty_make_modes: 51 1 debug3: tty_make_modes: 52 0 debug3: tty_make_modes: 53 1 debug3: tty_make_modes: 54 1 debug3: tty_make_modes: 55 1 debug3: tty_make_modes: 56 0 debug3: tty_make_modes: 57 0 debug3: tty_make_modes: 58 0 debug3: tty_make_modes: 59 1 debug3: tty_make_modes: 60 1 debug3: tty_make_modes: 61 1 debug3: tty_make_modes: 62 0 debug3: tty_make_modes: 70 1 debug3: tty_make_modes: 71 0 debug3: tty_make_modes: 72 1 debug3: tty_make_modes: 73 0 debug3: tty_make_modes: 74 0 debug3: tty_make_modes: 75 0 debug3: tty_make_modes: 90 1 debug3: tty_make_modes: 91 1 debug3: tty_make_modes: 92 0 debug3: tty_make_modes: 93 0 debug1: channel request 0: shell debug1: fd 4 setting TCP_NODELAY debug2: callback done debug1: channel 0: opM-^?%M-&t^Ben confirm rwindow 0 rmax 32768 debug2: channel 0: rcvd adjust 131072 debug1: channel_free: channel 0: client-session, nchannels 1 debug3: channel_free: status: The following connections are open: #0 client-session (t4 r0 i0/0 o0/0 fd 5/6) debug3: channel_close_fds: channel 0: r 5 w 6 e 7 Connection to 10.119.50.168 closed by remote host. Connection to 10.119.50.168 closed. debug1: Transferred: stdin 0, stdout 0, stderr 89 bytes in 0.0 seconds debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 3187.2 debug1: Exit status -1 $ exit Additional info: User sshd have been added an it belongs to group sshd (SSH 3.4 request). /etc/passwd entry : sshd:*:27:27:sshd privsep:/var/empty:/bin/false /etc/group entry : sshd:*:27: The configuration file /usr/etc/ssh_config have not been modified and we use the default file (that includes only commented lines). Questions: Do you know if this version of SSH 3.4p1 have been installed with no such problems on Tru64 V4.0D / V4.0F ? If yes, what is wrong with our usage? Thanks and regards, Avi Koski ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Apparently Analagous Threads
- [Bug 429] SSH 3.4p1 problems on Tru64 V4.0D & Tru64 V4.0F
- ssh with iptables and equalize
- 5.1p1 doesn't work, 5.0p1 works fine
- Still logs me out - openssh 3.4.p1
- [Bug 387] New: command="" in authorized_keys fails when sshd_config has "PermitRootLogon forced-commands-only"