Hello, I got some weird problem with public key authentication using rsa key pair. Let me first of all explain my setup. 1) I got two Solaris 8 x86 boxes uname -a SunOS 5.8 Generic_117351-24 i86pc i386 i86pc <kdc: 192.168.10.11> <---> <module: 192.168.10.10> 2) They're running absolutely identical openssh installations I'm using pkgsrc, so I've builded all necessary packages from two days old pkgsrc sources on one of the boxes and installed the same binaries on second OpenSSH_4.3p1, OpenSSL 0.9.7i 14 Oct 2005 3) The only differense in their setup is that 'kdc' is a intel p4 boxm and module is p3 box. I've generated rsa key pair via ssh-keygen, and placed public part of it into /home/root/.ssh/authorized_keys on both computers. The problem: I can't log into any (not only to module) computer running the same version of sshd (and of course user holding the same public key) using 'kdc', pubkey athentication fails and ssh pops password prompt up. Pubkey athentication with that key works flawlessly with any other direction even when 'module' connecting to 'kdc'. How I can help debugging this problem: I've supplied debug output of both ssh and sshd from two cases: 1) 'module' authenticating on 'kdc' ( works ok ) 2) 'kdc' authenticating on 'module' ( pubkey failed ) I've already compiled gdb and openssh with debug info. I've also started two debug sshd yesterday, but due two my not so cool knowledge of openssh sources and maybe schema of forking and privelege separation I still can't reach user_key_allowed function. Thank you for your great work. And thanks for help beforehand. Here's debug output: 1) kdc# ssh -vvv -i ~/.ssh/auditor_rsa_id root at 192.168.10.10 OpenSSH_4.3p1, OpenSSL 0.9.7i 14 Oct 2005 debug1: Reading configuration data /usr/pkg/etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.10.10 [ 192.168.10.10] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/1 debug3: Not a RSA1 key file auditor_id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file auditor_id_rsa type 2 debug1: Remote protocol version 2.0 , remote software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes12 8-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes12 8-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160, hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib debug2: kex_parse_kexinit: none, zlib at openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se ,aes12 8-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se ,aes12 8-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160, hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib at openssh.com debug2: kex_parse_kexinit: none, zlib at openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 115/256 debug2: bits set: 513/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/root/.ssh/known_hosts debug3: check_host_in_hostfile: match line 4 debug1: Host '192.168.10.10' is known and matches the RSA host key. debug1: Found key in /home/root/.ssh/known_hosts:4 debug2: bits set: 516/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: auditor_id_rsa (80b2d48) debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: auditor_id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password,keyboard-interactive debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: userauth_kbdint: disable: no info_req_seen debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: debug3: authmethod_is_enabled password debug1: Next authentication method: password 2) module# /usr/pkg/sbin/sshd -D -d -d -d -e debug2: load_server_config: filename /usr/pkg/etc/ssh/sshd_config debug2: load_server_config: done config len = 226 debug2: parse_server_config: config /usr/pkg/etc/ssh/sshd_config len 226 debug1: sshd version OpenSSH_4.3p1 debug3: Not a RSA1 key file /usr/pkg/etc/ssh/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug3: Not a RSA1 key file /usr/pkg/etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: rexec_argv[0]='/usr/pkg/sbin/sshd' debug1: rexec_argv[1]='-D' debug1: rexec_argv[2]='-d' debug1: rexec_argv[3]='-d' debug1: rexec_argv[4]='-d' debug1: rexec_argv[5]='-e' debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 22 on 192.168.132.15. Server listening on 192.168.132.15 port 22. debug2: fd 4 setting O_NONBLOCK debug1: Bind to port 22 on 192.168.10.10. Server listening on 192.168.10.10 port 22. debug1: fd 5 clearing O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 10 config len 226 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 10 debug3: recv_rexec_state: entering fd = 5 debug3: ssh_msg_recv entering debug3: recv_rexec_state: done debug2: parse_server_config: config rexec len 226 debug1: sshd version OpenSSH_4.3p1 debug3: Not a RSA1 key file /usr/pkg/etc/ssh/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug3: Not a RSA1 key file /usr/pkg/etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: inetd sockets after dupping: 3, 3 Connection from 192.168.10.11 port 8759 debug1: Client protocol version 2.0; client software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3 debug2: fd 3 setting O_NONBLOCK debug3: privsep user:group 100:100 debug1: permanently_set_uid: 100/100 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc, rijndael-cbc at lysator.liu.se,aes12 8-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc, rijndael-cbc at lysator.liu.se,aes12 8-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160, hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib at openssh.com debug2: kex_parse_kexinit: none,zlib at openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes12 8-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes12 8-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160, hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib debug2: kex_parse_kexinit: none, zlib at openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug3: mm_request_send entering: type 0 debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI debug3: mm_request_receive_expect entering: type 1 debug3: mm_request_receive entering debug2: Network child is on pid 3358 debug3: preauth child monitor started debug3: mm_request_receive entering debug3: monitor_read: checking request 0 debug3: mm_answer_moduli: got parameters: 1024 1024 8192 debug3: mm_request_send entering: type 1 debug3: mm_choose_dh: remaining 0 debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug2: dh_gen_key: priv key bits set: 129/256 debug2: bits set: 524/1024 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug2: bits set: 495/1024 debug3: mm_key_sign entering debug3: mm_request_send entering: type 4 debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 5 debug3: mm_request_receive entering debug2: monitor_read: 0 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: mm_answer_sign: signature 80c7850(271) debug3: mm_request_send entering: type 5 debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user root service ssh-connection method none debug1: attempt 0 failures 0 debug3: mm_getpwnamallow entering debug3: mm_request_send entering: type 6 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM debug3: mm_request_receive_expect entering: type 7 debug3: mm_request_receive entering debug3: monitor_read: checking request 6 debug3: mm_answer_pwnamallow debug3: auth_shadow_acctexpired: today 13256 sp_expire -1 days left -13257 debug3: account expiration disabled debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 debug3: mm_request_send entering: type 7 debug2: monitor_read: 6 used once, disabling now debug3: mm_request_receive entering debug2: input_userauth_request: setting up authctxt for root debug3: mm_inform_authserv entering debug3: mm_request_send entering: type 3 debug2: input_userauth_request: try method none debug3: mm_auth_password entering debug3: mm_request_send entering: type 10 debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD debug3: mm_request_receive_expect entering: type 11 debug3: mm_request_receive entering debug3: monitor_read: checking request 3 debug3: mm_answer_authserv: service=ssh-connection, styledebug2: monitor_read: 3 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 10 debug3: mm_answer_authpassword: sending result 0 debug3: mm_request_send entering: type 11 Failed none for root from 192.168.10.11 port 8759 ssh2 debug3: mm_request_receive entering debug3: mm_auth_password: user not authenticated Failed none for root from 192.168.10.11 port 8759 ssh2 debug1: userauth-request for user root service ssh-connection method publickey debug1: attempt 1 failures 1 debug2: input_userauth_request: try method publickey debug1: test whether pkalg/pkblob are acceptable debug3: mm_key_allowed entering debug3: mm_request_send entering: type 20 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED debug3: mm_request_receive_expect entering: type 21 debug3: mm_request_receive entering debug3: monitor_read: checking request 20 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 80c04e8 debug1: temporarily_use_uid: 0/1 (e=0/1) debug1: trying public key file /home/root/.ssh/authorized_keys debug3: secure_filename: checking '/usr/home/root/.ssh' debug3: secure_filename: checking '/usr/home/root' debug3: secure_filename: terminating check at '/usr/home/root' debug3: key_read: type mismatch debug2: user_key_allowed: check options: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5SXtHW7fmMWxkvjUKkB3pEygK6MkzOUejT8DCucnLJ2NT/lDdsWUR1Bz+nFmzFrcHEnP1H0+zlTEEEr T1StBaiWmMO1mqD/AXh7XjVylsV+7E9qcQ6OHjfYaNjSffk1hAzLokrXti0qeBbZpz8yAy4LsscxNdX97aDtDB2S9AJYoWSNVsnJJKDGYlQpHL1sK+rfezYOHfeCyBh/Ui07sF2RbPz3k59QFok5VY1EUwvM0 LMjXOAuTl0m7PyouuU3JSr7NRu52nsyNxPLwFvK1wvqX+5dJCIJ8Z9J1peWj4o51ERvKvx7rQSG7N/q10J41IU9koPsi/sr0usLmx3ROsw=root at kgc ' debug2: key_type_from_name: unknown key type 'AAAAB3NzaC1yc2EAAAABIwAAAQEA5SXtHW7fmMWxkvjUKkB3pEygK6MkzOUejT8DCucnLJ2NT/lDdsWUR1Bz+nFmzFrcHEnP1H0+zlTEEErT1St BaiWmMO1mqD/AXh7XjVylsV+7E9qcQ6OHjfYaNjSffk1hAzLokrXti0qeBbZpz8yAy4LsscxNdX97aDtDB2S9AJYoWSNVsnJJKDGYlQpHL1sK+rfezYOHfeCyBh/Ui07sF2RbPz3k59QFok5VY1EUwvM0LMjX OAuTl0m7PyouuU3JSr7NRu52nsyNxPLwFvK1wvqX+5dJCIJ8Z9J1peWj4o51ERvKvx7rQSG7N/q10J41IU9koPsi/sr0usLmx3ROsw==' debug3: key_read: missing keytype debug2: user_key_allowed: advance: 'AAAAB3NzaC1yc2EAAAABIwAAAQEA5SXtHW7fmMWxkvjUKkB3pEygK6MkzOUejT8DCucnLJ2NT/lDdsWUR1Bz+nFmzFrcHEnP1H0+zlTEEErT1StBaiWmMO1mq D/AXh7XjVylsV+7E9qcQ6OHjfYaNjSffk1hAzLokrXti0qeBbZpz8yAy4LsscxNdX97aDtDB2S9AJYoWSNVsnJJKDGYlQpHL1sK+rfezYOHfeCyBh/Ui07sF2RbPz3k59QFok5VY1EUwvM0LMjXOAuTl0m7Py ouuU3JSr7NRu52nsyNxPLwFvK1wvqX+5dJCIJ8Z9J1peWj4o51ERvKvx7rQSG7N/q10J41IU9koPsi/sr0usLmx3ROsw=root at kgc ' debug1: restore_uid: 0/1 debug2: key not found debug1: temporarily_use_uid: 0/1 (e=0/1) debug1: trying public key file /home/root/.ssh/authorized_keys2 debug1: restore_uid: 0/1 debug3: mm_answer_keyallowed: key 80c04e8 is disallowed debug3: mm_request_send entering: type 21 debug3: mm_request_receive entering debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss Failed publickey for root from 192.168.10.11 port 8759 ssh2 debug1: userauth-request for user root service ssh-connection method keyboard-interactive debug1: attempt 2 failures 2 debug2: input_userauth_request: try method keyboard-interactive debug1: keyboard-interactive devs debug1: auth2_challenge: user=root devsdebug1: kbdint_alloc: devices 'skey' debug2: auth2_challenge_start: devices skey debug2: kbdint_next_device: devices <empty> debug1: auth2_challenge_start: trying authentication method 'skey' debug3: mm_skey_query: entering debug3: mm_request_send entering: type 16 debug3: mm_request_receive_expect entering: type 17 debug3: mm_request_receive entering debug3: monitor_read: checking request 16 debug3: mm_answer_skeyquery: sending challenge success: 0 debug3: mm_request_send entering: type 17 debug3: mm_request_receive entering debug3: mm_skey_query: no challenge Failed keyboard-interactive for root from 192.168.10.11 port 8759 ssh2 Connection closed by 192.168.10.11 debug1: do_cleanup debug1: do_cleanup 3) module# ssh -vvv -i ~/.ssh/auditor_rsa_id root at 192.168.10.11 OpenSSH_4.3p1, OpenSSL 0.9.7i 14 Oct 2005 debug1: Reading configuration data /usr/pkg/etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.10.11 [192.168.10.11] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/1 debug3: Not a RSA1 key file auditor_id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file auditor_id_rsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se ,aes12 8-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se ,aes12 8-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160, hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib debug2: kex_parse_kexinit: none, zlib at openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se ,aes12 8-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se ,aes12 8-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160, hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib at openssh.com debug2: kex_parse_kexinit: none, zlib at openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 143/256 debug2: bits set: 522/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/root/.ssh/known_hosts debug3: check_host_in_hostfile: match line 15 debug1: Host '192.168.10.11' is known and matches the RSA host key. debug1: Found key in /home/root/.ssh/known_hosts:15 debug2: bits set: 483/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: auditor_id_rsa (0) debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: auditor_id_rsa debug1: read PEM private key done: type RSA debug3: sign_and_send_pubkey debug2: we sent a publickey packet, wait for reply debug1: Authentication succeeded (publickey). debug2: fd 5 setting O_NONBLOCK debug3: fd 6 is O_NONBLOCK debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Entering interactive session. debug2: callback start debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 0 debug3: tty_make_modes: ospeed 38400 debug3: tty_make_modes: ispeed 38400 debug3: tty_make_modes: 1 3 debug3: tty_make_modes: 2 28 debug3: tty_make_modes: 3 127 debug3: tty_make_modes: 4 21 debug3: tty_make_modes: 5 4 debug3: tty_make_modes: 6 0 debug3: tty_make_modes: 7 0 debug3: tty_make_modes: 8 17 debug3: tty_make_modes: 9 19 debug3: tty_make_modes: 10 26 debug3: tty_make_modes: 11 25 debug3: tty_make_modes: 12 18 debug3: tty_make_modes: 13 23 debug3: tty_make_modes: 14 22 debug3: tty_make_modes: 16 0 debug3: tty_make_modes: 18 15 debug3: tty_make_modes: 30 1 debug3: tty_make_modes: 31 0 debug3: tty_make_modes: 32 0 debug3: tty_make_modes: 33 0 debug3: tty_make_modes: 34 0 debug3: tty_make_modes: 35 0 debug3: tty_make_modes: 36 1 debug3: tty_make_modes: 37 0 debug3: tty_make_modes: 38 1 debug3: tty_make_modes: 39 0 debug3: tty_make_modes: 40 0 debug3: tty_make_modes: 41 1 debug3: tty_make_modes: 50 1 debug3: tty_make_modes: 51 1 debug3: tty_make_modes: 52 0 debug3: tty_make_modes: 53 1 debug3: tty_make_modes: 54 1 debug3: tty_make_modes: 55 1 debug3: tty_make_modes: 56 0 debug3: tty_make_modes: 57 0 debug3: tty_make_modes: 58 0 debug3: tty_make_modes: 59 1 debug3: tty_make_modes: 60 1 debug3: tty_make_modes: 61 1 debug3: tty_make_modes: 62 0 debug3: tty_make_modes: 70 1 debug3: tty_make_modes: 71 0 debug3: tty_make_modes: 72 1 debug3: tty_make_modes: 73 0 debug3: tty_make_modes: 74 0 debug3: tty_make_modes: 75 0 debug3: tty_make_modes: 90 1 debug3: tty_make_modes: 91 1 debug3: tty_make_modes: 92 0 debug3: tty_make_modes: 93 0 debug2: channel 0: request shell confirm 0 debug2: fd 3 setting TCP_NODELAY debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel 0: rcvd adjust 131072 Last login: Tue Apr 18 17:44:32 2006 from 192.168.10.10 4) kdc# /usr/pkg/sbin/sshd -D -d -d -d -e debug2: load_server_config: filename /usr/pkg/etc/ssh/sshd_config debug2: load_server_config: done config len = 247 debug2: parse_server_config: config /usr/pkg/etc/ssh/sshd_config len 247 debug1: sshd version OpenSSH_4.3p1 debug3: Not a RSA1 key file /usr/pkg/etc/ssh/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug3: Not a RSA1 key file /usr/pkg/etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: rexec_argv[0]='/usr/pkg/sbin/sshd' debug1: rexec_argv[1]='-D' debug1: rexec_argv[2]='-d' debug1: rexec_argv[3]='-d' debug1: rexec_argv[4]='-d' debug1: rexec_argv[5]='-e' debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 22 on 172.16.2.11. Server listening on 172.16.2.11 port 22. debug2: fd 4 setting O_NONBLOCK debug1: Bind to port 22 on 10.1.1.11. Server listening on 10.1.1.11 port 22. debug2: fd 5 setting O_NONBLOCK debug1: Bind to port 22 on 192.168.10.11. Server listening on 192.168.10.11 port 22. debug1: fd 6 clearing O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 11 config len 247 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 11 debug3: recv_rexec_state: entering fd = 5 debug3: ssh_msg_recv entering debug3: recv_rexec_state: done debug2: parse_server_config: config rexec len 247 debug1: sshd version OpenSSH_4.3p1 debug3: Not a RSA1 key file /usr/pkg/etc/ssh/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug3: Not a RSA1 key file /usr/pkg/etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: inetd sockets after dupping: 3, 3 Connection from 192.168.10.10 port 8302 debug1: Client protocol version 2.0; client software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3 debug2: fd 3 setting O_NONBLOCK debug3: privsep user:group 22:22 debug1: permanently_set_uid: 22/22 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc, rijndael-cbc at lysator.liu.se,aes12 8-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc, rijndael-cbc at lysator.liu.se,aes12 8-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160, hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib at openssh.com debug2: kex_parse_kexinit: none,zlib at openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes12 8-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes12 8-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160, hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib debug2: kex_parse_kexinit: none, zlib at openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: Network child is on pid 16691 debug3: preauth child monitor started debug3: mm_request_receive entering debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug3: mm_request_send entering: type 0 debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI debug3: mm_request_receive_expect entering: type 1 debug3: mm_request_receive entering debug3: monitor_read: checking request 0 debug3: mm_answer_moduli: got parameters: 1024 1024 8192 debug3: mm_request_send entering: type 1 debug3: mm_choose_dh: remaining 0 debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug2: dh_gen_key: priv key bits set: 135/256 debug2: bits set: 518/1024 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug2: monitor_read: 0 used once, disabling now debug3: mm_request_receive entering debug2: bits set: 547/1024 debug3: mm_key_sign entering debug3: mm_request_send entering: type 4 debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 5 debug3: mm_request_receive entering debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: mm_answer_sign: signature 80c7860(271) debug3: mm_request_send entering: type 5 debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user root service ssh-connection method none debug1: attempt 0 failures 0 debug3: mm_getpwnamallow entering debug3: mm_request_send entering: type 6 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM debug3: mm_request_receive_expect entering: type 7 debug3: mm_request_receive entering debug3: monitor_read: checking request 6 debug3: mm_answer_pwnamallow debug3: auth_shadow_acctexpired: today 13256 sp_expire -1 days left -13257 debug3: account expiration disabled debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 debug3: mm_request_send entering: type 7 debug2: input_userauth_request: setting up authctxt for root debug3: mm_inform_authserv entering debug3: mm_request_send entering: type 3 debug2: input_userauth_request: try method none debug3: mm_auth_password entering debug3: mm_request_send entering: type 10 debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD debug3: mm_request_receive_expect entering: type 11 debug3: mm_request_receive entering debug2: monitor_read: 6 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 3 debug3: mm_answer_authserv: service=ssh-connection, styledebug2: monitor_read: 3 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 10 debug3: mm_answer_authpassword: sending result 0 debug3: mm_request_send entering: type 11 debug3: mm_auth_password: user not authenticated Failed none for root from 192.168.10.10 port 8302 ssh2 Failed none for root from 192.168.10.10 port 8302 ssh2 debug3: mm_request_receive entering debug1: userauth-request for user root service ssh-connection method publickey debug1: attempt 1 failures 1 debug2: input_userauth_request: try method publickey debug3: mm_key_allowed entering debug3: mm_request_send entering: type 20 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED debug3: mm_request_receive_expect entering: type 21 debug3: mm_request_receive entering debug3: monitor_read: checking request 20 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 80c0510 debug1: temporarily_use_uid: 0/1 (e=0/1) debug1: trying public key file /home/root/.ssh/authorized_keys debug3: secure_filename: checking '/home/root/.ssh' debug3: secure_filename: checking '/home/root' debug3: secure_filename: terminating check at '/home/root' debug1: matching key found: file /home/root/.ssh/authorized_keys, line 1 Found matching RSA key: 36:55:cf:41:48:e0:d5:71:f4:34:95:b9:da:72:65:a6 debug1: restore_uid: 0/1 debug3: mm_answer_keyallowed: key 80c0510 is allowed debug3: mm_request_send entering: type 21 debug3: mm_key_verify entering debug3: mm_request_send entering: type 22 debug3: mm_key_verify: waiting for MONITOR_ANS_KEYVERIFY debug3: mm_request_receive_expect entering: type 23 debug3: mm_request_receive entering debug3: mm_request_receive entering debug3: monitor_read: checking request 22 debug1: ssh_rsa_verify: signature correct debug3: mm_answer_keyverify: key 80c04b0 signature verified debug3: mm_request_send entering: type 23 debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa Accepted publickey for root from 192.168.10.10 port 8302 ssh2 debug3: mm_send_keystate: Sending new keys: 80be778 80c7a88 debug3: mm_newkeys_to_blob: converting 80be778 debug3: mm_newkeys_to_blob: converting 80c7a88 debug3: mm_send_keystate: New keys have been sent debug3: mm_send_keystate: Sending compression state debug3: mm_request_send entering: type 24 debug3: mm_send_keystate: Finished sending state Accepted publickey for root from 192.168.10.10 port 8302 ssh2 debug1: monitor_child_preauth: root has been authenticated by privileged process debug3: mm_get_keystate: Waiting for new keys debug3: mm_request_receive_expect entering: type 24 debug3: mm_request_receive entering debug3: mm_newkeys_from_blob: 80c7860(118) debug2: mac_init: found hmac-md5 debug3: mm_get_keystate: Waiting for second key debug3: mm_newkeys_from_blob: 80c7860(118) debug2: mac_init: found hmac-md5 debug3: mm_get_keystate: Getting compression state debug3: mm_get_keystate: Getting Network I/O buffers debug3: mm_share_sync: Share sync debug3: mm_share_sync: Share sync end debug2: set_newkeys: mode 0 debug2: set_newkeys: mode 1 debug1: Entering interactive session for SSH2. debug2: fd 4 setting O_NONBLOCK debug2: fd 5 setting O_NONBLOCK debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: init debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_channel_req: channel 0 request pty-req reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. debug1: session_pty_req: session 0 alloc /dev/pts/1 debug3: tty_parse_modes: SSH2 n_bytes 266 debug3: tty_parse_modes: ospeed 38400 debug3: tty_parse_modes: ispeed 38400 debug3: tty_parse_modes: 1 3 debug3: tty_parse_modes: 2 28 debug3: tty_parse_modes: 3 127 debug3: tty_parse_modes: 4 21 debug3: tty_parse_modes: 5 4 debug3: tty_parse_modes: 6 0 debug3: tty_parse_modes: 7 0 debug3: tty_parse_modes: 8 17 debug3: tty_parse_modes: 9 19 debug3: tty_parse_modes: 10 26 debug3: tty_parse_modes: 11 25 debug3: tty_parse_modes: 12 18 debug3: tty_parse_modes: 13 23 debug3: tty_parse_modes: 14 22 debug3: tty_parse_modes: 16 0 debug3: tty_parse_modes: 18 15 debug3: tty_parse_modes: 30 1 debug3: tty_parse_modes: 31 0 debug3: tty_parse_modes: 32 0 debug3: tty_parse_modes: 33 0 debug3: tty_parse_modes: 34 0 debug3: tty_parse_modes: 35 0 debug3: tty_parse_modes: 36 1 debug3: tty_parse_modes: 37 0 debug3: tty_parse_modes: 38 1 debug3: tty_parse_modes: 39 0 debug3: tty_parse_modes: 40 0 debug3: tty_parse_modes: 41 1 debug3: tty_parse_modes: 50 1 debug3: tty_parse_modes: 51 1 debug3: tty_parse_modes: 52 0 debug3: tty_parse_modes: 53 1 debug3: tty_parse_modes: 54 1 debug3: tty_parse_modes: 55 1 debug3: tty_parse_modes: 56 0 debug3: tty_parse_modes: 57 0 debug3: tty_parse_modes: 58 0 debug3: tty_parse_modes: 59 1 debug3: tty_parse_modes: 60 1 debug3: tty_parse_modes: 61 1 debug3: tty_parse_modes: 62 0 debug3: tty_parse_modes: 70 1 debug3: tty_parse_modes: 71 0 debug3: tty_parse_modes: 72 1 debug3: tty_parse_modes: 73 0 debug3: tty_parse_modes: 74 0 debug3: tty_parse_modes: 75 0 debug3: tty_parse_modes: 90 1 debug3: tty_parse_modes: 91 1 debug3: tty_parse_modes: 92 0 debug3: tty_parse_modes: 93 0 debug1: server_input_channel_req: channel 0 request shell reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell debug2: fd 3 setting TCP_NODELAY debug2: fd 7 setting O_NONBLOCK debug3: fd 6 is O_NONBLOCK debug1: Received SIGCHLD. debug1: session_by_pid: pid 16693 debug1: session_exit_message: session 0 channel 0 pid 16693 debug2: channel 0: request exit-status confirm 0 debug1: session_exit_message: release channel 0 debug2: channel 0: write failed debug2: channel 0: close_write debug2: channel 0: output open -> closed debug1: session_pty_cleanup: session 0 release /dev/pts/1 debug2: notify_done: reading debug2: channel 0: read<=0 rfd 7 len 0 debug2: channel 0: read failed debug2: channel 0: close_read debug2: channel 0: input open -> drain debug2: channel 0: ibuf empty debug2: channel 0: send eof debug2: channel 0: input drain -> closed debug2: channel 0: send close debug3: channel 0: will not send data after close debug2: channel 0: rcvd close debug3: channel 0: will not send data after close debug2: channel 0: is dead debug2: channel 0: gc: notify user debug1: session_by_channel: session 0 channel 0 debug1: session_close_by_channel: channel 0 child 0 debug1: session_close: session 0 pid 0 debug2: channel 0: gc: user detached debug2: channel 0: is dead debug2: channel 0: garbage collecting debug1: channel 0: free: server-session, nchannels 1 debug3: channel 0: status: The following connections are open: #0 server-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1) debug3: channel 0: close_fds r -1 w -1 e -1 c -1 Connection closed by 192.168.10.10 debug1: do_cleanup Closing connection to 192.168.10.10 -- Truly yours, Mikhail Manuilov Reply Forward TMDA daemon <tmda at mindrot.org> This message was created automatically by mail delivery software (TMDA). Your... 1:55 pm (37 minutes ago) Mikhail Manuylov ---------- Forwarded message ---------- From: "Mikhail Manuylov" <mikhail.man... 2:20 pm (12 minutes ago) TMDA daemon Your confirmation was accepted, and so your original message has been delivered. 2:20 pm (12 minutes ago) Mail Delivery System <MAILER-DAEMON at mindrot.org> to me More options 2:21 pm (12 minutes ago) This is the Postfix program at host mail.mindrot.org. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to <postmaster> If you do so, please include this problem report. You can delete your own text from the attached returned message. The Postfix program <openssh-unix-dev-tmda at mindrot.org> (expanded from <openssh-unix-dev-tmda>): permission denied. Command output: The message that you sent to openssh-unix-dev looks like HTML. HTML mail to openssh-unix-dev is not permitted. Please resend your message as plain text. procmail: Error while writing to "/etc/postfix/htmltrap.sh" Final-Recipient: rfc822; openssh-unix-dev-tmda at mindrot.org Original-Recipient: rfc822; openssh-unix-dev-tmda Action: failed Status: 5.0.0 Diagnostic-Code: X-Postfix; permission denied. Command output: The message that you sent to openssh-unix-dev looks like HTML. HTML mail to openssh-unix-dev is not permitted. Please resend your message as plain text. procmail: Error while writing to "/etc/postfix/htmltrap.sh" ---------- Forwarded message ---------- From: "Mikhail Manuylov" <mikhail.manuilov at gmail.com> To: openssh-unix-dev at mindrot.org Date: Fri, 21 Apr 2006 13:55:34 +0400 Subject: Solaris 8 x86 rsa pubkey auth problem Hello, I got some weird problem with public key authentication using rsa key pair. Let me first of all explain my setup. 1) I got two Solaris 8 x86 boxes uname -a SunOS 5.8 Generic_117351-24 i86pc i386 i86pc <kdc: 192.168.10.11> <---> <module: 192.168.10.10> 2) They're running absolutely identical openssh installations I'm using pkgsrc, so I've builded all necessary packages from two days old pkgsrc sources on one of the boxes and installed the same binaries on second OpenSSH_4.3p1, OpenSSL 0.9.7i 14 Oct 2005 3) The only differense in their setup is that 'kdc' is a intel p4 boxm and module is p3 box. I've generated rsa key pair via ssh-keygen, and placed public part of it into /home/root/.ssh/authorized_keys on both computers. The problem: I can't log into any (not only to module) computer running the same version of sshd (and of course user holding the same public key) using 'kdc', pubkey athentication fails and ssh pops password prompt up. Pubkey athentication with that key works flawlessly with any other direction even when 'module' connecting to 'kdc'. How I can help debugging this problem: I've supplied debug output of both ssh and sshd from two cases: 1) 'module' authenticating on 'kdc' ( works ok ) 2) 'kdc' authenticating on 'module' ( pubkey failed ) I've already compiled gdb and openssh with debug info. I've also started two debug sshd yesterday, but due two my not so cool knowledge of openssh sources and maybe schema of forking and privelege separation I still can't reach user_key_allowed function. Thank you for your great work. And thanks for help beforehand. Here's debug output: 1) kdc# ssh -vvv -i ~/.ssh/auditor_rsa_id root at 192.168.10.10 OpenSSH_4.3p1, OpenSSL 0.9.7i 14 Oct 2005 debug1: Reading configuration data /usr/pkg/etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.10.10 [ 192.168.10.10] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/1 debug3: Not a RSA1 key file auditor_id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file auditor_id_rsa type 2 debug1: Remote protocol version 2.0 , remote software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes12 8-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes12 8-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160, hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib debug2: kex_parse_kexinit: none, zlib at openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se ,aes12 8-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes -- Truly yours, Mikhail Manuilov
On Fri, Apr 21, 2006 at 02:35:28PM +0400, Mikhail Manuylov wrote:> I got some weird problem with public key authentication using rsa > key pair.[..]> I've generated rsa key pair via ssh-keygen, and placed public part of > it into /home/root/.ssh/authorized_keys > on both computers...double check this. See below:> 2) module# /usr/pkg/sbin/sshd -D -d -d -d -e[..]> debug1: trying public key file /home/root/.ssh/authorized_keys > debug3: secure_filename: checking '/usr/home/root/.ssh' > debug3: secure_filename: checking '/usr/home/root' > debug3: secure_filename: terminating check at '/usr/home/root' > debug3: key_read: type mismatch > debug2: user_key_allowed: check options: 'ssh-rsa > AAAAB3NzaC1yc2EAAAABIwAAAQEA5SXtHW7fmMWxkvjUKkB3pEygK6MkzOUejT8DCucnLJ2NT/lDdsWUR1Bz+nFmzFrcHEnP1H0+zlTEEEr > T1StBaiWmMO1mqD/AXh7XjVylsV+7E9qcQ6OHjfYaNjSffk1hAzLokrXti0qeBbZpz8yAy4LsscxNdX97aDtDB2S9AJYoWSNVsnJJKDGYlQpHL1sK+rfezYOHfeCyBh/Ui07sF2RbPz3k59QFok5VY1EUwvM0 > LMjXOAuTl0m7PyouuU3JSr7NRu52nsyNxPLwFvK1wvqX+5dJCIJ8Z9J1peWj4o51ERvKvx7rQSG7N/q10J41IU9koPsi/sr0usLmx3ROsw=> root at kgc > ' > debug2: key_type_from_name: unknown key type > 'AAAAB3NzaC1yc2EAAAABIwAAAQEA5SXtHW7fmMWxkvjUKkB3pEygK6MkzOUejT8DCucnLJ2NT/lDdsWUR1Bz+nFmzFrcHEnP1H0+zlTEEErT1St > BaiWmMO1mqD/AXh7XjVylsV+7E9qcQ6OHjfYaNjSffk1hAzLokrXti0qeBbZpz8yAy4LsscxNdX97aDtDB2S9AJYoWSNVsnJJKDGYlQpHL1sK+rfezYOHfeCyBh/Ui07sF2RbPz3k59QFok5VY1EUwvM0LMjX > OAuTl0m7PyouuU3JSr7NRu52nsyNxPLwFvK1wvqX+5dJCIJ8Z9J1peWj4o51ERvKvx7rQSG7N/q10J41IU9koPsi/sr0usLmx3ROsw==' > debug3: key_read: missing keytype > debug2: user_key_allowed: advance: > 'AAAAB3NzaC1yc2EAAAABIwAAAQEA5SXtHW7fmMWxkvjUKkB3pEygK6MkzOUejT8DCucnLJ2NT/lDdsWUR1Bz+nFmzFrcHEnP1H0+zlTEEErT1StBaiWmMO1mq > D/AXh7XjVylsV+7E9qcQ6OHjfYaNjSffk1hAzLokrXti0qeBbZpz8yAy4LsscxNdX97aDtDB2S9AJYoWSNVsnJJKDGYlQpHL1sK+rfezYOHfeCyBh/Ui07sF2RbPz3k59QFok5VY1EUwvM0LMjXOAuTl0m7Py > ouuU3JSr7NRu52nsyNxPLwFvK1wvqX+5dJCIJ8Z9J1peWj4o51ERvKvx7rQSG7N/q10J41IU9koPsi/sr0usLmx3ROsw=> root at kgc > ' > debug1: restore_uid: 0/1 > debug2: key not found > debug1: temporarily_use_uid: 0/1 (e=0/1) > debug1: trying public key file /home/root/.ssh/authorized_keys2 > debug1: restore_uid: 0/1 > debug3: mm_answer_keyallowed: key 80c04e8 is disallowed > debug3: mm_request_send entering: type 21 > debug3: mm_request_receive entering > debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss > Failed publickey for root from 192.168.10.11 port 8759 ssh2The above shows how sshd fails to parse the public key in authorized_keys properly.> 4) kdc# /usr/pkg/sbin/sshd -D -d -d -d -e[..]> debug1: trying public key file /home/root/.ssh/authorized_keys > debug3: secure_filename: checking '/home/root/.ssh' > debug3: secure_filename: checking '/home/root' > debug3: secure_filename: terminating check at '/home/root' > debug1: matching key found: file /home/root/.ssh/authorized_keys, line 1 > Found matching RSA key: 36:55:cf:41:48:e0:d5:71:f4:34:95:b9:da:72:65:a6 > debug1: restore_uid: 0/1 > debug3: mm_answer_keyallowed: key 80c0510 is allowed > debug3: mm_request_send entering: type 21 > debug3: mm_key_verify entering > debug3: mm_request_send entering: type 22 > debug3: mm_key_verify: waiting for MONITOR_ANS_KEYVERIFY > debug3: mm_request_receive_expect entering: type 23 > debug3: mm_request_receive entering > debug3: mm_request_receive entering > debug3: monitor_read: checking request 22 > debug1: ssh_rsa_verify: signature correct > debug3: mm_answer_keyverify: key 80c04b0 signature verified > debug3: mm_request_send entering: type 23 > debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa > Accepted publickey for root from 192.168.10.10 port 8302 ssh2..whereas on this system the parsing works, and the client is authenticated.>From the above output, specifically this line: > debug2: user_key_allowed: check options: 'ssh-rsa > AAAAB3NzaC1yc2EAAAABIwAAAQEA5SXtHW7fmMWxkvjUKkB3pEygK6MkzOUejT8DCucnLJ2NT/lDdsWUR1Bz+nFmzFrcHEnP1H0+zlTEEEr > T1StBaiWmMO1mqD/AXh7XjVylsV+7E9qcQ6OHjfYaNjSffk1hAzLokrXti0qeBbZpz8yAy4LsscxNdX97aDtDB2S9AJYoWSNVsnJJKDGYlQpHL1sK+rfezYOHfeCyBh/Ui07sF2RbPz3k59QFok5VY1EUwvM0 > LMjXOAuTl0m7PyouuU3JSr7NRu52nsyNxPLwFvK1wvqX+5dJCIJ8Z9J1peWj4o51ERvKvx7rQSG7N/q10J41IU9koPsi/sr0usLmx3ROsw=> root at kgc > 'I'm guessing that there's extra or malformed whitespace on the line, which makes sshd believe that all of the key is actually options (which are optional, but always appear first on each line, before any whitespace) Check sshd(8) under AUTHORIZED_KEYS FILE FORMAT and verify that your file actually follows the format. If it does have the proper format, there's certainly a bug somewhere. //Peter
Hi there, Actually I've solved my "bug" last friday, but I'm not shure it was a bug in openssh behaviour. But I really think (in my cryptography knowledge) is somewhat wrong. 1) ssh.c: 768: 'load_public_identity_files' function is called eventually calling 2) ssh.c: 1208: ' key_load_public' function with my -i key supplied filename as parameter and returns ponter to 'Key' structure 3) Here is sourcecode for that function: I'll insert my own comments starting with '#': /* load public key from ssh v1 private or any pubkey file */ Key * key_load_public(const char *filename, char **commentp) { Key *pub; char file[MAXPATHLEN]; /* try rsa1 private key */ pub = key_load_public_type(KEY_RSA1, filename, commentp); # fails here with RSA private key if (pub != NULL) return pub; /* try rsa1 public key */ pub = key_new(KEY_RSA1); if (key_try_load_public(pub, filename, commentp) == 1) # fails here obviously return pub; key_free(pub); /* try ssh2 public key */ pub = key_new(KEY_UNSPEC); if (key_try_load_public(pub, filename, commentp) == 1) # fails here too return pub; if ((strlcpy(file, filename, sizeof file) < sizeof(file)) && (strlcat(file, ".pub", sizeof file) < sizeof(file)) && (key_try_load_public(pub, file, commentp) == 1))>>> # Here it actually finds "auditor_id_rsa.pub" file ( i've leftold ssh-dss public key here ) # And then it's used to authenticate to remote sshd, authentication with public key???? # And sshd at auth2-pubkey.c:77 recieves ssh-dss (not ssh-rsa it founds in authorized_keys) and fails # In debug output it was never mentioned that ssh used "auditor_id_rsa.pub" only "auditor_id_rsa" without "pub" # extension, so have been digging not so obvious sources of openssh for about a week =( return pub; key_free(pub); return NULL; } What is the reason of trying to find public key and offering it to authenticate? This somewhat ridicule, i suppose... On 4/21/06, Mikhail Manuylov <mikhail.manuilov at gmail.com> wrote:> Hello, > > I got some weird problem with public key authentication using rsa key pair. > > Let me first of all explain my setup. > > 1) I got two Solaris 8 x86 boxes > uname -a > SunOS 5.8 Generic_117351-24 i86pc i386 i86pc > > <kdc: 192.168.10.11> <---> <module: 192.168.10.10> > > 2) They're running absolutely identical openssh installations > I'm using pkgsrc, so I've builded all necessary packages from two days > old pkgsrc sources > on one of the boxes and installed the same binaries on second > OpenSSH_4.3p1, OpenSSL 0.9.7i 14 Oct 2005 > > 3) The only differense in their setup is that 'kdc' is a intel p4 boxm > and module is p3 box. > > I've generated rsa key pair via ssh-keygen, and placed public part of > it into /home/root/.ssh/authorized_keys > on both computers. > > The problem: > > I can't log into any (not only to module) computer running the same > version of sshd (and of course user holding the same public key) > using 'kdc', pubkey athentication fails and ssh pops password prompt > up. Pubkey athentication with that key works flawlessly with any > other direction even when 'module' connecting to 'kdc'. > > How I can help debugging this problem: > > I've supplied debug output of both ssh and sshd from two cases: > 1) 'module' authenticating on 'kdc' ( works ok ) > 2) 'kdc' authenticating on 'module' ( pubkey failed ) > > I've already compiled gdb and openssh with debug info. I've also > started two debug sshd yesterday, but due two my not so cool knowledge > of > openssh sources and maybe schema of forking and privelege separation I > still can't reach user_key_allowed function. > > Thank you for your great work. And thanks for help beforehand. > > Here's debug output: > > 1) kdc# ssh -vvv -i ~/.ssh/auditor_rsa_id root at 192.168.10.10 > OpenSSH_4.3p1, OpenSSL 0.9.7i 14 Oct 2005 > debug1: Reading configuration data /usr/pkg/etc/ssh/ssh_config > debug2: ssh_connect: needpriv 0 > debug1: Connecting to 192.168.10.10 [ 192.168.10.10] port 22. > debug1: Connection established. > debug1: permanently_set_uid: 0/1 > debug3: Not a RSA1 key file auditor_id_rsa. > debug2: key_type_from_name: unknown key type '-----BEGIN' > debug3: key_read: missing keytype > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug2: key_type_from_name: unknown key type '-----END' > debug3: key_read: missing keytype > debug1: identity file auditor_id_rsa type 2 > debug1: Remote protocol version 2.0 , remote software version OpenSSH_4.3 > debug1: match: OpenSSH_4.3 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_4.3 > debug2: fd 3 setting O_NONBLOCK > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes12 > 8-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes12 > 8-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160, > hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib > debug2: kex_parse_kexinit: none, zlib at openssh.com,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se > ,aes12 > 8-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se > ,aes12 > 8-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160, > hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib at openssh.com > debug2: kex_parse_kexinit: none, zlib at openssh.com > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_init: found hmac-md5 > debug1: kex: server->client aes128-cbc hmac-md5 none > debug2: mac_init: found hmac-md5 > debug1: kex: client->server aes128-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug2: dh_gen_key: priv key bits set: 115/256 > debug2: bits set: 513/1024 > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug3: check_host_in_hostfile: filename /home/root/.ssh/known_hosts > debug3: check_host_in_hostfile: match line 4 > debug1: Host '192.168.10.10' is known and matches the RSA host key. > debug1: Found key in /home/root/.ssh/known_hosts:4 > debug2: bits set: 516/1024 > debug1: ssh_rsa_verify: signature correct > debug2: kex_derive_keys > debug2: set_newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug2: set_newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug2: key: auditor_id_rsa (80b2d48) > debug1: Authentications that can continue: > publickey,password,keyboard-interactive > debug3: start over, passed a different list > publickey,password,keyboard-interactive > debug3: preferred publickey,keyboard-interactive,password > debug3: authmethod_lookup publickey > debug3: remaining preferred: keyboard-interactive,password > debug3: authmethod_is_enabled publickey > debug1: Next authentication method: publickey > debug1: Offering public key: auditor_id_rsa > debug3: send_pubkey_test > debug2: we sent a publickey packet, wait for reply > debug1: Authentications that can continue: > publickey,password,keyboard-interactive > debug2: we did not send a packet, disable method > debug3: authmethod_lookup keyboard-interactive > debug3: remaining preferred: password > debug3: authmethod_is_enabled keyboard-interactive > debug1: Next authentication method: keyboard-interactive > debug2: userauth_kbdint > debug2: we sent a keyboard-interactive packet, wait for reply > debug1: Authentications that can continue: > publickey,password,keyboard-interactive > debug3: userauth_kbdint: disable: no info_req_seen > debug2: we did not send a packet, disable method > debug3: authmethod_lookup password > debug3: remaining preferred: > debug3: authmethod_is_enabled password > debug1: Next authentication method: password > > 2) module# /usr/pkg/sbin/sshd -D -d -d -d -e > debug2: load_server_config: filename /usr/pkg/etc/ssh/sshd_config > debug2: load_server_config: done config len = 226 > debug2: parse_server_config: config /usr/pkg/etc/ssh/sshd_config len 226 > debug1: sshd version OpenSSH_4.3p1 > debug3: Not a RSA1 key file /usr/pkg/etc/ssh/ssh_host_rsa_key. > debug1: read PEM private key done: type RSA > debug1: private host key: #0 type 1 RSA > debug3: Not a RSA1 key file /usr/pkg/etc/ssh/ssh_host_dsa_key. > debug1: read PEM private key done: type DSA > debug1: private host key: #1 type 2 DSA > debug1: rexec_argv[0]='/usr/pkg/sbin/sshd' > debug1: rexec_argv[1]='-D' > debug1: rexec_argv[2]='-d' > debug1: rexec_argv[3]='-d' > debug1: rexec_argv[4]='-d' > debug1: rexec_argv[5]='-e' > debug2: fd 3 setting O_NONBLOCK > debug1: Bind to port 22 on 192.168.132.15. > Server listening on 192.168.132.15 port 22. > debug2: fd 4 setting O_NONBLOCK > debug1: Bind to port 22 on 192.168.10.10. > Server listening on 192.168.10.10 port 22. > debug1: fd 5 clearing O_NONBLOCK > debug1: Server will not fork when running in debugging mode. > debug3: send_rexec_state: entering fd = 10 config len 226 > debug3: ssh_msg_send: type 0 > debug3: send_rexec_state: done > debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 10 > debug3: recv_rexec_state: entering fd = 5 > debug3: ssh_msg_recv entering > debug3: recv_rexec_state: done > debug2: parse_server_config: config rexec len 226 > debug1: sshd version OpenSSH_4.3p1 > debug3: Not a RSA1 key file /usr/pkg/etc/ssh/ssh_host_rsa_key. > debug1: read PEM private key done: type RSA > debug1: private host key: #0 type 1 RSA > debug3: Not a RSA1 key file /usr/pkg/etc/ssh/ssh_host_dsa_key. > debug1: read PEM private key done: type DSA > debug1: private host key: #1 type 2 DSA > debug1: inetd sockets after dupping: 3, 3 > Connection from 192.168.10.11 port 8759 > debug1: Client protocol version 2.0; client software version OpenSSH_4.3 > debug1: match: OpenSSH_4.3 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_4.3 > debug2: fd 3 setting O_NONBLOCK > debug3: privsep user:group 100:100 > debug1: permanently_set_uid: 100/100 > debug1: list_hostkey_types: ssh-rsa,ssh-dss > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc, > rijndael-cbc at lysator.liu.se,aes12 > 8-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc, > rijndael-cbc at lysator.liu.se,aes12 > 8-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160, > hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib at openssh.com > debug2: kex_parse_kexinit: none,zlib at openssh.com > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes12 > 8-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes12 > 8-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160, > hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib > debug2: kex_parse_kexinit: none, zlib at openssh.com,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_init: found hmac-md5 > debug1: kex: client->server aes128-cbc hmac-md5 none > debug2: mac_init: found hmac-md5 > debug1: kex: server->client aes128-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received > debug3: mm_request_send entering: type 0 > debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI > debug3: mm_request_receive_expect entering: type 1 > debug3: mm_request_receive entering > debug2: Network child is on pid 3358 > debug3: preauth child monitor started > debug3: mm_request_receive entering > debug3: monitor_read: checking request 0 > debug3: mm_answer_moduli: got parameters: 1024 1024 8192 > debug3: mm_request_send entering: type 1 > debug3: mm_choose_dh: remaining 0 > debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent > debug2: dh_gen_key: priv key bits set: 129/256 > debug2: bits set: 524/1024 > debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT > debug2: bits set: 495/1024 > debug3: mm_key_sign entering > debug3: mm_request_send entering: type 4 > debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN > debug3: mm_request_receive_expect entering: type 5 > debug3: mm_request_receive entering > debug2: monitor_read: 0 used once, disabling now > debug3: mm_request_receive entering > debug3: monitor_read: checking request 4 > debug3: mm_answer_sign > debug3: mm_answer_sign: signature 80c7850(271) > debug3: mm_request_send entering: type 5 > debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent > debug2: monitor_read: 4 used once, disabling now > debug3: mm_request_receive entering > debug2: kex_derive_keys > debug2: set_newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug2: set_newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: KEX done > debug1: userauth-request for user root service ssh-connection method none > debug1: attempt 0 failures 0 > debug3: mm_getpwnamallow entering > debug3: mm_request_send entering: type 6 > debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM > debug3: mm_request_receive_expect entering: type 7 > debug3: mm_request_receive entering > debug3: monitor_read: checking request 6 > debug3: mm_answer_pwnamallow > debug3: auth_shadow_acctexpired: today 13256 sp_expire -1 days left -13257 > debug3: account expiration disabled > debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 > debug3: mm_request_send entering: type 7 > debug2: monitor_read: 6 used once, disabling now > debug3: mm_request_receive entering > debug2: input_userauth_request: setting up authctxt for root > debug3: mm_inform_authserv entering > debug3: mm_request_send entering: type 3 > debug2: input_userauth_request: try method none > debug3: mm_auth_password entering > debug3: mm_request_send entering: type 10 > debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD > debug3: mm_request_receive_expect entering: type 11 > debug3: mm_request_receive entering > debug3: monitor_read: checking request 3 > debug3: mm_answer_authserv: service=ssh-connection, style> debug2: monitor_read: 3 used once, disabling now > debug3: mm_request_receive entering > debug3: monitor_read: checking request 10 > debug3: mm_answer_authpassword: sending result 0 > debug3: mm_request_send entering: type 11 > Failed none for root from 192.168.10.11 port 8759 ssh2 > debug3: mm_request_receive entering > debug3: mm_auth_password: user not authenticated > Failed none for root from 192.168.10.11 port 8759 ssh2 > debug1: userauth-request for user root service ssh-connection method publickey > debug1: attempt 1 failures 1 > debug2: input_userauth_request: try method publickey > debug1: test whether pkalg/pkblob are acceptable > debug3: mm_key_allowed entering > debug3: mm_request_send entering: type 20 > debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED > debug3: mm_request_receive_expect entering: type 21 > debug3: mm_request_receive entering > debug3: monitor_read: checking request 20 > debug3: mm_answer_keyallowed entering > debug3: mm_answer_keyallowed: key_from_blob: 80c04e8 > debug1: temporarily_use_uid: 0/1 (e=0/1) > debug1: trying public key file /home/root/.ssh/authorized_keys > debug3: secure_filename: checking '/usr/home/root/.ssh' > debug3: secure_filename: checking '/usr/home/root' > debug3: secure_filename: terminating check at '/usr/home/root' > debug3: key_read: type mismatch > debug2: user_key_allowed: check options: 'ssh-rsa > AAAAB3NzaC1yc2EAAAABIwAAAQEA5SXtHW7fmMWxkvjUKkB3pEygK6MkzOUejT8DCucnLJ2NT/lDdsWUR1Bz+nFmzFrcHEnP1H0+zlTEEEr > T1StBaiWmMO1mqD/AXh7XjVylsV+7E9qcQ6OHjfYaNjSffk1hAzLokrXti0qeBbZpz8yAy4LsscxNdX97aDtDB2S9AJYoWSNVsnJJKDGYlQpHL1sK+rfezYOHfeCyBh/Ui07sF2RbPz3k59QFok5VY1EUwvM0 > LMjXOAuTl0m7PyouuU3JSr7NRu52nsyNxPLwFvK1wvqX+5dJCIJ8Z9J1peWj4o51ERvKvx7rQSG7N/q10J41IU9koPsi/sr0usLmx3ROsw=> root at kgc > ' > debug2: key_type_from_name: unknown key type > 'AAAAB3NzaC1yc2EAAAABIwAAAQEA5SXtHW7fmMWxkvjUKkB3pEygK6MkzOUejT8DCucnLJ2NT/lDdsWUR1Bz+nFmzFrcHEnP1H0+zlTEEErT1St > BaiWmMO1mqD/AXh7XjVylsV+7E9qcQ6OHjfYaNjSffk1hAzLokrXti0qeBbZpz8yAy4LsscxNdX97aDtDB2S9AJYoWSNVsnJJKDGYlQpHL1sK+rfezYOHfeCyBh/Ui07sF2RbPz3k59QFok5VY1EUwvM0LMjX > OAuTl0m7PyouuU3JSr7NRu52nsyNxPLwFvK1wvqX+5dJCIJ8Z9J1peWj4o51ERvKvx7rQSG7N/q10J41IU9koPsi/sr0usLmx3ROsw==' > debug3: key_read: missing keytype > debug2: user_key_allowed: advance: > 'AAAAB3NzaC1yc2EAAAABIwAAAQEA5SXtHW7fmMWxkvjUKkB3pEygK6MkzOUejT8DCucnLJ2NT/lDdsWUR1Bz+nFmzFrcHEnP1H0+zlTEEErT1StBaiWmMO1mq > D/AXh7XjVylsV+7E9qcQ6OHjfYaNjSffk1hAzLokrXti0qeBbZpz8yAy4LsscxNdX97aDtDB2S9AJYoWSNVsnJJKDGYlQpHL1sK+rfezYOHfeCyBh/Ui07sF2RbPz3k59QFok5VY1EUwvM0LMjXOAuTl0m7Py > ouuU3JSr7NRu52nsyNxPLwFvK1wvqX+5dJCIJ8Z9J1peWj4o51ERvKvx7rQSG7N/q10J41IU9koPsi/sr0usLmx3ROsw=> root at kgc > ' > debug1: restore_uid: 0/1 > debug2: key not found > debug1: temporarily_use_uid: 0/1 (e=0/1) > debug1: trying public key file /home/root/.ssh/authorized_keys2 > debug1: restore_uid: 0/1 > debug3: mm_answer_keyallowed: key 80c04e8 is disallowed > debug3: mm_request_send entering: type 21 > debug3: mm_request_receive entering > debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss > Failed publickey for root from 192.168.10.11 port 8759 ssh2 > debug1: userauth-request for user root service ssh-connection method > keyboard-interactive > debug1: attempt 2 failures 2 > debug2: input_userauth_request: try method keyboard-interactive > debug1: keyboard-interactive devs > debug1: auth2_challenge: user=root devs> debug1: kbdint_alloc: devices 'skey' > debug2: auth2_challenge_start: devices skey > debug2: kbdint_next_device: devices <empty> > debug1: auth2_challenge_start: trying authentication method 'skey' > debug3: mm_skey_query: entering > debug3: mm_request_send entering: type 16 > debug3: mm_request_receive_expect entering: type 17 > debug3: mm_request_receive entering > debug3: monitor_read: checking request 16 > debug3: mm_answer_skeyquery: sending challenge success: 0 > debug3: mm_request_send entering: type 17 > debug3: mm_request_receive entering > debug3: mm_skey_query: no challenge > Failed keyboard-interactive for root from 192.168.10.11 port 8759 ssh2 > Connection closed by 192.168.10.11 > debug1: do_cleanup > debug1: do_cleanup > > 3) module# ssh -vvv -i ~/.ssh/auditor_rsa_id root at 192.168.10.11 > OpenSSH_4.3p1, OpenSSL 0.9.7i 14 Oct 2005 > debug1: Reading configuration data /usr/pkg/etc/ssh/ssh_config > debug2: ssh_connect: needpriv 0 > debug1: Connecting to 192.168.10.11 [192.168.10.11] port 22. > debug1: Connection established. > debug1: permanently_set_uid: 0/1 > debug3: Not a RSA1 key file auditor_id_rsa. > debug2: key_type_from_name: unknown key type '-----BEGIN' > debug3: key_read: missing keytype > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug2: key_type_from_name: unknown key type '-----END' > debug3: key_read: missing keytype > debug1: identity file auditor_id_rsa type -1 > debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 > debug1: match: OpenSSH_4.3 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_4.3 > debug2: fd 3 setting O_NONBLOCK > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se > ,aes12 > 8-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se > ,aes12 > 8-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160, > hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib > debug2: kex_parse_kexinit: none, zlib at openssh.com,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se > ,aes12 > 8-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se > ,aes12 > 8-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160, > hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib at openssh.com > debug2: kex_parse_kexinit: none, zlib at openssh.com > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_init: found hmac-md5 > debug1: kex: server->client aes128-cbc hmac-md5 none > debug2: mac_init: found hmac-md5 > debug1: kex: client->server aes128-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug2: dh_gen_key: priv key bits set: 143/256 > debug2: bits set: 522/1024 > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug3: check_host_in_hostfile: filename /home/root/.ssh/known_hosts > debug3: check_host_in_hostfile: match line 15 > debug1: Host '192.168.10.11' is known and matches the RSA host key. > debug1: Found key in /home/root/.ssh/known_hosts:15 > debug2: bits set: 483/1024 > debug1: ssh_rsa_verify: signature correct > debug2: kex_derive_keys > debug2: set_newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug2: set_newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug2: key: auditor_id_rsa (0) > debug1: Authentications that can continue: > publickey,password,keyboard-interactive > debug3: start over, passed a different list > publickey,password,keyboard-interactive > debug3: preferred publickey,keyboard-interactive,password > debug3: authmethod_lookup publickey > debug3: remaining preferred: keyboard-interactive,password > debug3: authmethod_is_enabled publickey > debug1: Next authentication method: publickey > debug1: Trying private key: auditor_id_rsa > debug1: read PEM private key done: type RSA > debug3: sign_and_send_pubkey > debug2: we sent a publickey packet, wait for reply > debug1: Authentication succeeded (publickey). > debug2: fd 5 setting O_NONBLOCK > debug3: fd 6 is O_NONBLOCK > debug1: channel 0: new [client-session] > debug3: ssh_session2_open: channel_new: 0 > debug2: channel 0: send open > debug1: Entering interactive session. > debug2: callback start > debug2: client_session2_setup: id 0 > debug2: channel 0: request pty-req confirm 0 > debug3: tty_make_modes: ospeed 38400 > debug3: tty_make_modes: ispeed 38400 > debug3: tty_make_modes: 1 3 > debug3: tty_make_modes: 2 28 > debug3: tty_make_modes: 3 127 > debug3: tty_make_modes: 4 21 > debug3: tty_make_modes: 5 4 > debug3: tty_make_modes: 6 0 > debug3: tty_make_modes: 7 0 > debug3: tty_make_modes: 8 17 > debug3: tty_make_modes: 9 19 > debug3: tty_make_modes: 10 26 > debug3: tty_make_modes: 11 25 > debug3: tty_make_modes: 12 18 > debug3: tty_make_modes: 13 23 > debug3: tty_make_modes: 14 22 > debug3: tty_make_modes: 16 0 > debug3: tty_make_modes: 18 15 > debug3: tty_make_modes: 30 1 > debug3: tty_make_modes: 31 0 > debug3: tty_make_modes: 32 0 > debug3: tty_make_modes: 33 0 > debug3: tty_make_modes: 34 0 > debug3: tty_make_modes: 35 0 > debug3: tty_make_modes: 36 1 > debug3: tty_make_modes: 37 0 > debug3: tty_make_modes: 38 1 > debug3: tty_make_modes: 39 0 > debug3: tty_make_modes: 40 0 > debug3: tty_make_modes: 41 1 > debug3: tty_make_modes: 50 1 > debug3: tty_make_modes: 51 1 > debug3: tty_make_modes: 52 0 > debug3: tty_make_modes: 53 1 > debug3: tty_make_modes: 54 1 > debug3: tty_make_modes: 55 1 > debug3: tty_make_modes: 56 0 > debug3: tty_make_modes: 57 0 > debug3: tty_make_modes: 58 0 > debug3: tty_make_modes: 59 1 > debug3: tty_make_modes: 60 1 > debug3: tty_make_modes: 61 1 > debug3: tty_make_modes: 62 0 > debug3: tty_make_modes: 70 1 > debug3: tty_make_modes: 71 0 > debug3: tty_make_modes: 72 1 > debug3: tty_make_modes: 73 0 > debug3: tty_make_modes: 74 0 > debug3: tty_make_modes: 75 0 > debug3: tty_make_modes: 90 1 > debug3: tty_make_modes: 91 1 > debug3: tty_make_modes: 92 0 > debug3: tty_make_modes: 93 0 > debug2: channel 0: request shell confirm 0 > debug2: fd 3 setting TCP_NODELAY > debug2: callback done > debug2: channel 0: open confirm rwindow 0 rmax 32768 > debug2: channel 0: rcvd adjust 131072 > Last login: Tue Apr 18 17:44:32 2006 from 192.168.10.10 > > 4) kdc# /usr/pkg/sbin/sshd -D -d -d -d -e > debug2: load_server_config: filename /usr/pkg/etc/ssh/sshd_config > debug2: load_server_config: done config len = 247 > debug2: parse_server_config: config /usr/pkg/etc/ssh/sshd_config len 247 > debug1: sshd version OpenSSH_4.3p1 > debug3: Not a RSA1 key file /usr/pkg/etc/ssh/ssh_host_rsa_key. > debug1: read PEM private key done: type RSA > debug1: private host key: #0 type 1 RSA > debug3: Not a RSA1 key file /usr/pkg/etc/ssh/ssh_host_dsa_key. > debug1: read PEM private key done: type DSA > debug1: private host key: #1 type 2 DSA > debug1: rexec_argv[0]='/usr/pkg/sbin/sshd' > debug1: rexec_argv[1]='-D' > debug1: rexec_argv[2]='-d' > debug1: rexec_argv[3]='-d' > debug1: rexec_argv[4]='-d' > debug1: rexec_argv[5]='-e' > debug2: fd 3 setting O_NONBLOCK > debug1: Bind to port 22 on 172.16.2.11. > Server listening on 172.16.2.11 port 22. > debug2: fd 4 setting O_NONBLOCK > debug1: Bind to port 22 on 10.1.1.11. > Server listening on 10.1.1.11 port 22. > debug2: fd 5 setting O_NONBLOCK > debug1: Bind to port 22 on 192.168.10.11. > Server listening on 192.168.10.11 port 22. > debug1: fd 6 clearing O_NONBLOCK > debug1: Server will not fork when running in debugging mode. > debug3: send_rexec_state: entering fd = 11 config len 247 > debug3: ssh_msg_send: type 0 > debug3: send_rexec_state: done > debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 11 > debug3: recv_rexec_state: entering fd = 5 > debug3: ssh_msg_recv entering > debug3: recv_rexec_state: done > debug2: parse_server_config: config rexec len 247 > debug1: sshd version OpenSSH_4.3p1 > debug3: Not a RSA1 key file /usr/pkg/etc/ssh/ssh_host_rsa_key. > debug1: read PEM private key done: type RSA > debug1: private host key: #0 type 1 RSA > debug3: Not a RSA1 key file /usr/pkg/etc/ssh/ssh_host_dsa_key. > debug1: read PEM private key done: type DSA > debug1: private host key: #1 type 2 DSA > debug1: inetd sockets after dupping: 3, 3 > Connection from 192.168.10.10 port 8302 > debug1: Client protocol version 2.0; client software version OpenSSH_4.3 > debug1: match: OpenSSH_4.3 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_4.3 > debug2: fd 3 setting O_NONBLOCK > debug3: privsep user:group 22:22 > debug1: permanently_set_uid: 22/22 > debug1: list_hostkey_types: ssh-rsa,ssh-dss > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc, > rijndael-cbc at lysator.liu.se,aes12 > 8-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc, > rijndael-cbc at lysator.liu.se,aes12 > 8-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160, > hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib at openssh.com > debug2: kex_parse_kexinit: none,zlib at openssh.com > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes12 > 8-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes12 > 8-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160, > hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib > debug2: kex_parse_kexinit: none, zlib at openssh.com,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_init: found hmac-md5 > debug1: kex: client->server aes128-cbc hmac-md5 none > debug2: mac_init: found hmac-md5 > debug1: kex: server->client aes128-cbc hmac-md5 none > debug2: Network child is on pid 16691 > debug3: preauth child monitor started > debug3: mm_request_receive entering > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received > debug3: mm_request_send entering: type 0 > debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI > debug3: mm_request_receive_expect entering: type 1 > debug3: mm_request_receive entering > debug3: monitor_read: checking request 0 > debug3: mm_answer_moduli: got parameters: 1024 1024 8192 > debug3: mm_request_send entering: type 1 > debug3: mm_choose_dh: remaining 0 > debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent > debug2: dh_gen_key: priv key bits set: 135/256 > debug2: bits set: 518/1024 > debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT > debug2: monitor_read: 0 used once, disabling now > debug3: mm_request_receive entering > debug2: bits set: 547/1024 > debug3: mm_key_sign entering > debug3: mm_request_send entering: type 4 > debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN > debug3: mm_request_receive_expect entering: type 5 > debug3: mm_request_receive entering > debug3: monitor_read: checking request 4 > debug3: mm_answer_sign > debug3: mm_answer_sign: signature 80c7860(271) > debug3: mm_request_send entering: type 5 > debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent > debug2: kex_derive_keys > debug2: set_newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug2: monitor_read: 4 used once, disabling now > debug3: mm_request_receive entering > debug2: set_newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: KEX done > debug1: userauth-request for user root service ssh-connection method none > debug1: attempt 0 failures 0 > debug3: mm_getpwnamallow entering > debug3: mm_request_send entering: type 6 > debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM > debug3: mm_request_receive_expect entering: type 7 > debug3: mm_request_receive entering > debug3: monitor_read: checking request 6 > debug3: mm_answer_pwnamallow > debug3: auth_shadow_acctexpired: today 13256 sp_expire -1 days left -13257 > debug3: account expiration disabled > debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 > debug3: mm_request_send entering: type 7 > debug2: input_userauth_request: setting up authctxt for root > debug3: mm_inform_authserv entering > debug3: mm_request_send entering: type 3 > debug2: input_userauth_request: try method none > debug3: mm_auth_password entering > debug3: mm_request_send entering: type 10 > debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD > debug3: mm_request_receive_expect entering: type 11 > debug3: mm_request_receive entering > debug2: monitor_read: 6 used once, disabling now > debug3: mm_request_receive entering > debug3: monitor_read: checking request 3 > debug3: mm_answer_authserv: service=ssh-connection, style> debug2: monitor_read: 3 used once, disabling now > debug3: mm_request_receive entering > debug3: monitor_read: checking request 10 > debug3: mm_answer_authpassword: sending result 0 > debug3: mm_request_send entering: type 11 > debug3: mm_auth_password: user not authenticated > Failed none for root from 192.168.10.10 port 8302 ssh2 > Failed none for root from 192.168.10.10 port 8302 ssh2 > debug3: mm_request_receive entering > debug1: userauth-request for user root service ssh-connection method publickey > debug1: attempt 1 failures 1 > debug2: input_userauth_request: try method publickey > debug3: mm_key_allowed entering > debug3: mm_request_send entering: type 20 > debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED > debug3: mm_request_receive_expect entering: type 21 > debug3: mm_request_receive entering > debug3: monitor_read: checking request 20 > debug3: mm_answer_keyallowed entering > debug3: mm_answer_keyallowed: key_from_blob: 80c0510 > debug1: temporarily_use_uid: 0/1 (e=0/1) > debug1: trying public key file /home/root/.ssh/authorized_keys > debug3: secure_filename: checking '/home/root/.ssh' > debug3: secure_filename: checking '/home/root' > debug3: secure_filename: terminating check at '/home/root' > debug1: matching key found: file /home/root/.ssh/authorized_keys, line 1 > Found matching RSA key: 36:55:cf:41:48:e0:d5:71:f4:34:95:b9:da:72:65:a6 > debug1: restore_uid: 0/1 > debug3: mm_answer_keyallowed: key 80c0510 is allowed > debug3: mm_request_send entering: type 21 > debug3: mm_key_verify entering > debug3: mm_request_send entering: type 22 > debug3: mm_key_verify: waiting for MONITOR_ANS_KEYVERIFY > debug3: mm_request_receive_expect entering: type 23 > debug3: mm_request_receive entering > debug3: mm_request_receive entering > debug3: monitor_read: checking request 22 > debug1: ssh_rsa_verify: signature correct > debug3: mm_answer_keyverify: key 80c04b0 signature verified > debug3: mm_request_send entering: type 23 > debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa > Accepted publickey for root from 192.168.10.10 port 8302 ssh2 > debug3: mm_send_keystate: Sending new keys: 80be778 80c7a88 > debug3: mm_newkeys_to_blob: converting 80be778 > debug3: mm_newkeys_to_blob: converting 80c7a88 > debug3: mm_send_keystate: New keys have been sent > debug3: mm_send_keystate: Sending compression state > debug3: mm_request_send entering: type 24 > debug3: mm_send_keystate: Finished sending state > Accepted publickey for root from 192.168.10.10 port 8302 ssh2 > debug1: monitor_child_preauth: root has been authenticated by privileged process > debug3: mm_get_keystate: Waiting for new keys > debug3: mm_request_receive_expect entering: type 24 > debug3: mm_request_receive entering > debug3: mm_newkeys_from_blob: 80c7860(118) > debug2: mac_init: found hmac-md5 > debug3: mm_get_keystate: Waiting for second key > debug3: mm_newkeys_from_blob: 80c7860(118) > debug2: mac_init: found hmac-md5 > debug3: mm_get_keystate: Getting compression state > debug3: mm_get_keystate: Getting Network I/O buffers > debug3: mm_share_sync: Share sync > debug3: mm_share_sync: Share sync end > debug2: set_newkeys: mode 0 > debug2: set_newkeys: mode 1 > debug1: Entering interactive session for SSH2. > debug2: fd 4 setting O_NONBLOCK > debug2: fd 5 setting O_NONBLOCK > debug1: server_init_dispatch_20 > debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384 > debug1: input_session_request > debug1: channel 0: new [server-session] > debug1: session_new: init > debug1: session_new: session 0 > debug1: session_open: channel 0 > debug1: session_open: session 0: link with channel 0 > debug1: server_input_channel_open: confirm session > debug1: server_input_channel_req: channel 0 request pty-req reply 0 > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 req pty-req > debug1: Allocating pty. > debug1: session_pty_req: session 0 alloc /dev/pts/1 > debug3: tty_parse_modes: SSH2 n_bytes 266 > debug3: tty_parse_modes: ospeed 38400 > debug3: tty_parse_modes: ispeed 38400 > debug3: tty_parse_modes: 1 3 > debug3: tty_parse_modes: 2 28 > debug3: tty_parse_modes: 3 127 > debug3: tty_parse_modes: 4 21 > debug3: tty_parse_modes: 5 4 > debug3: tty_parse_modes: 6 0 > debug3: tty_parse_modes: 7 0 > debug3: tty_parse_modes: 8 17 > debug3: tty_parse_modes: 9 19 > debug3: tty_parse_modes: 10 26 > debug3: tty_parse_modes: 11 25 > debug3: tty_parse_modes: 12 18 > debug3: tty_parse_modes: 13 23 > debug3: tty_parse_modes: 14 22 > debug3: tty_parse_modes: 16 0 > debug3: tty_parse_modes: 18 15 > debug3: tty_parse_modes: 30 1 > debug3: tty_parse_modes: 31 0 > debug3: tty_parse_modes: 32 0 > debug3: tty_parse_modes: 33 0 > debug3: tty_parse_modes: 34 0 > debug3: tty_parse_modes: 35 0 > debug3: tty_parse_modes: 36 1 > debug3: tty_parse_modes: 37 0 > debug3: tty_parse_modes: 38 1 > debug3: tty_parse_modes: 39 0 > debug3: tty_parse_modes: 40 0 > debug3: tty_parse_modes: 41 1 > debug3: tty_parse_modes: 50 1 > debug3: tty_parse_modes: 51 1 > debug3: tty_parse_modes: 52 0 > debug3: tty_parse_modes: 53 1 > debug3: tty_parse_modes: 54 1 > debug3: tty_parse_modes: 55 1 > debug3: tty_parse_modes: 56 0 > debug3: tty_parse_modes: 57 0 > debug3: tty_parse_modes: 58 0 > debug3: tty_parse_modes: 59 1 > debug3: tty_parse_modes: 60 1 > debug3: tty_parse_modes: 61 1 > debug3: tty_parse_modes: 62 0 > debug3: tty_parse_modes: 70 1 > debug3: tty_parse_modes: 71 0 > debug3: tty_parse_modes: 72 1 > debug3: tty_parse_modes: 73 0 > debug3: tty_parse_modes: 74 0 > debug3: tty_parse_modes: 75 0 > debug3: tty_parse_modes: 90 1 > debug3: tty_parse_modes: 91 1 > debug3: tty_parse_modes: 92 0 > debug3: tty_parse_modes: 93 0 > debug1: server_input_channel_req: channel 0 request shell reply 0 > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 req shell > debug2: fd 3 setting TCP_NODELAY > debug2: fd 7 setting O_NONBLOCK > debug3: fd 6 is O_NONBLOCK > debug1: Received SIGCHLD. > debug1: session_by_pid: pid 16693 > debug1: session_exit_message: session 0 channel 0 pid 16693 > debug2: channel 0: request exit-status confirm 0 > debug1: session_exit_message: release channel 0 > debug2: channel 0: write failed > debug2: channel 0: close_write > debug2: channel 0: output open -> closed > debug1: session_pty_cleanup: session 0 release /dev/pts/1 > debug2: notify_done: reading > debug2: channel 0: read<=0 rfd 7 len 0 > debug2: channel 0: read failed > debug2: channel 0: close_read > debug2: channel 0: input open -> drain > debug2: channel 0: ibuf empty > debug2: channel 0: send eof > debug2: channel 0: input drain -> closed > debug2: channel 0: send close > debug3: channel 0: will not send data after close > debug2: channel 0: rcvd close > debug3: channel 0: will not send data after close > debug2: channel 0: is dead > debug2: channel 0: gc: notify user > debug1: session_by_channel: session 0 channel 0 > debug1: session_close_by_channel: channel 0 child 0 > debug1: session_close: session 0 pid 0 > debug2: channel 0: gc: user detached > debug2: channel 0: is dead > debug2: channel 0: garbage collecting > debug1: channel 0: free: server-session, nchannels 1 > debug3: channel 0: status: The following connections are open: > #0 server-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1) > > debug3: channel 0: close_fds r -1 w -1 e -1 c -1 > Connection closed by 192.168.10.10 > debug1: do_cleanup > Closing connection to 192.168.10.10 > > > -- > Truly yours, Mikhail Manuilov > > Reply Forward > > > > TMDA daemon > <tmda at mindrot.org> This message was created automatically by mail > delivery software (TMDA). Your... > 1:55 pm (37 minutes ago) > > Mikhail Manuylov > ---------- Forwarded message ---------- From: "Mikhail Manuylov" <mikhail.man... > 2:20 pm (12 minutes ago) > > TMDA daemon > Your confirmation was accepted, and so your original message has been delivered. > 2:20 pm (12 minutes ago) > > Mail Delivery System > <MAILER-DAEMON at mindrot.org> to me > More options 2:21 pm (12 minutes ago) > This is the Postfix program at host mail.mindrot.org. > > I'm sorry to have to inform you that your message could not > be delivered to one or more recipients. It's attached below. > > For further assistance, please send mail to <postmaster> > > If you do so, please include this problem report. You can > delete your own text from the attached returned message. > > The Postfix program > > <openssh-unix-dev-tmda at mindrot.org> (expanded from <openssh-unix-dev-tmda>): > permission denied. Command output: The message that you sent to > openssh-unix-dev looks like HTML. HTML mail to openssh-unix-dev is not > permitted. Please resend your message as plain text. procmail: Error while > writing to "/etc/postfix/htmltrap.sh" > > > Final-Recipient: rfc822; openssh-unix-dev-tmda at mindrot.org > Original-Recipient: rfc822; openssh-unix-dev-tmda > Action: failed > Status: 5.0.0 > Diagnostic-Code: X-Postfix; permission denied. Command output: The message > that you sent to openssh-unix-dev looks like HTML. HTML mail to > openssh-unix-dev is not permitted. Please resend your message as plain > text. procmail: Error while writing to "/etc/postfix/htmltrap.sh" > > > > ---------- Forwarded message ---------- > From: "Mikhail Manuylov" <mikhail.manuilov at gmail.com> > To: openssh-unix-dev at mindrot.org > Date: Fri, 21 Apr 2006 13:55:34 +0400 > Subject: Solaris 8 x86 rsa pubkey auth problem > Hello, > > I got some weird problem with public key authentication using rsa key pair. > > Let me first of all explain my setup. > > 1) I got two Solaris 8 x86 boxes > uname -a > SunOS 5.8 Generic_117351-24 i86pc i386 i86pc > > <kdc: 192.168.10.11> <---> <module: 192.168.10.10> > > 2) They're running absolutely identical openssh installations > I'm using pkgsrc, so I've builded all necessary packages from two days > old pkgsrc sources > on one of the boxes and installed the same binaries on second > OpenSSH_4.3p1, OpenSSL 0.9.7i 14 Oct 2005 > > 3) The only differense in their setup is that 'kdc' is a intel p4 boxm > and module is p3 box. > > I've generated rsa key pair via ssh-keygen, and placed public part of > it into /home/root/.ssh/authorized_keys > on both computers. > > The problem: > > I can't log into any (not only to module) computer running the same > version of sshd (and of course user holding the same public key) > using 'kdc', pubkey athentication fails and ssh pops password prompt > up. Pubkey athentication with that key works flawlessly with any > other direction even when 'module' connecting to 'kdc'. > > How I can help debugging this problem: > > I've supplied debug output of both ssh and sshd from two cases: > 1) 'module' authenticating on 'kdc' ( works ok ) > 2) 'kdc' authenticating on 'module' ( pubkey failed ) > > I've already compiled gdb and openssh with debug info. I've also > started two debug sshd yesterday, but due two my not so cool knowledge > of > openssh sources and maybe schema of forking and privelege separation I > still can't reach user_key_allowed function. > > Thank you for your great work. And thanks for help beforehand. > > Here's debug output: > > 1) kdc# ssh -vvv -i ~/.ssh/auditor_rsa_id root at 192.168.10.10 > OpenSSH_4.3p1, OpenSSL 0.9.7i 14 Oct 2005 > debug1: Reading configuration data /usr/pkg/etc/ssh/ssh_config > debug2: ssh_connect: needpriv 0 > debug1: Connecting to 192.168.10.10 [ 192.168.10.10] port 22. > debug1: Connection established. > debug1: permanently_set_uid: 0/1 > debug3: Not a RSA1 key file auditor_id_rsa. > debug2: key_type_from_name: unknown key type '-----BEGIN' > debug3: key_read: missing keytype > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug2: key_type_from_name: unknown key type '-----END' > debug3: key_read: missing keytype > debug1: identity file auditor_id_rsa type 2 > debug1: Remote protocol version 2.0 , remote software version OpenSSH_4.3 > debug1: match: OpenSSH_4.3 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_4.3 > debug2: fd 3 setting O_NONBLOCK > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes12 > 8-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes12 > 8-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160, > hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib > debug2: kex_parse_kexinit: none, zlib at openssh.com,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se > ,aes12 > 8-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes > > -- > Truly yours, Mikhail Manuilov >-- Truly yours, Mikhail Manuilov
On Wed, May 03, 2006 at 09:16:58PM +0400, Mikhail Manuylov wrote:> What is the reason of trying to find public key and offering it to > authenticate? This somewhat ridicule, i suppose...the private key is encrypted, so you would have to enter the passphrase even if the key will not be allowed.
On 5/3/06, Markus Friedl <markus.r.friedl at arcor.de> wrote:> On Wed, May 03, 2006 at 09:16:58PM +0400, Mikhail Manuylov wrote: > > What is the reason of trying to find public key and offering it to > > authenticate? This somewhat ridicule, i suppose... > > the private key is encrypted, so you would have to enter > the passphrase even if the key will not be allowed. >-- Truly yours, Mikhail Manuilov