dear sir,
i encountered something very odd with openssh. when i try to
connect to my sshd daemon, i get repeated password errors. this
happens on all connections to my server. outbound connections to
other ssh sites work with no problem. the remote site can connect
to itself, but not to my site.
i captured the output of the sshd -d -d -d -e -D command to provide
you with some trace data. i also included the ssh_config file and
the sshd_config file so you can see i did nothing radical in the
config files. this problem also occurred with just a straight sshd
command using the unmodified config files, but that command
generated no trace data for you.
i run slackware linux with the 2.2.16 kernel. i saw this problem
with both openssh-2.9p1 and openssh-2.9p2 i used openssl-0.9.6a
and openssl-0.9.6b. my uptime was about five hours. in all cases,
i got the same basic error.
any suggestions as to what needs attention and how it should be fixed?
thank you for your time and assistance.
frank smith
frank.smith at unilever.com
trace from sshd -d -d -d -e -D
------------------------------------------------------------------------
debug1: Seeding random number generator
debug3: cipher ok: blowfish-cbc [blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: cast128-cbc [blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: arcfour [blowfish-cbc,cast128-cbc,arcfour]
debug3: ciphers ok: [blowfish-cbc,cast128-cbc,arcfour]
debug1: sshd version OpenSSH_2.9p2
Could not load host key: /local/etc/ssh_host_key
debug3: No RSA1 key file /local/etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: No RSA1 key file /local/etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
socket: Invalid argument
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Server will not fork when running in debugging mode.
Connection from 162.87.6.13 port 1163
debug1: Client protocol version 2.0; client software version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9p2
debug1: Rhosts Authentication disabled, originating port not trusted.
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: blowfish-cbc,cast128-cbc,arcfour
debug2: kex_parse_kexinit: blowfish-cbc,cast128-cbc,arcfour
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at
openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at
openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: blowfish-cbc,cast128-cbc,arcfour
debug2: kex_parse_kexinit: blowfish-cbc,cast128-cbc,arcfour
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at
openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at
openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: client->server blowfish-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: server->client blowfish-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 123/256
debug1: bits set: 1067/2049
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 1018/2049
debug2: ssh_rsa_sign: done
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user fdsmith service ssh-connection method none
debug1: attempt 0 failures 0
debug2: input_userauth_request: setting up authctxt for fdsmith
debug2: input_userauth_request: try method none
Failed none for fdsmith from 162.87.6.13 port 1163 ssh2
debug1: userauth-request for user fdsmith service ssh-connection method password
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method password
Failed password for fdsmith from 162.87.6.13 port 1163 ssh2
debug1: userauth-request for user fdsmith service ssh-connection method password
debug1: attempt 2 failures 2
debug2: input_userauth_request: try method password
Failed password for fdsmith from 162.87.6.13 port 1163 ssh2
debug1: userauth-request for user fdsmith service ssh-connection method password
debug1: attempt 3 failures 3
debug2: input_userauth_request: try method password
Failed password for fdsmith from 162.87.6.13 port 1163 ssh2
debug1: userauth-request for user fdsmith service ssh-connection method
keyboard-interactive
debug1: attempt 4 failures 4
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive language devs
Failed keyboard-interactive for fdsmith from 162.87.6.13 port 1163 ssh2
debug1: userauth-request for user fdsmith service ssh-connection method
keyboard-interactive
debug1: attempt 5 failures 5
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive language devs
Failed keyboard-interactive for fdsmith from 162.87.6.13 port 1163 ssh2
debug1: userauth-request for user fdsmith service ssh-connection method
keyboard-interactive
debug1: attempt 6 failures 6
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive language devs
Failed keyboard-interactive for fdsmith from 162.87.6.13 port 1163 ssh2
Connection closed by 162.87.6.13
debug1: Calling cleanup 0x8062bec(0x0)
------------------------------------------------------------------------
ssh_config file
------------------------------------------------------------------------
#
# $Id$
# $OpenBSD: ssh_config,v 1.10 2001/04/03 21:19:38 todd Exp $
#
# History:
# $Log$
# This is ssh client systemwide configuration file. See ssh(1) for more
# information. This file provides defaults for users, and the values can
# be changed in per-user configuration files or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for various options
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsAuthentication no
# RhostsRSAAuthentication yes
# RSAAuthentication yes
# PasswordAuthentication yes
# FallBackToRsh no
# UseRsh no
# BatchMode no
# CheckHostIP yes
# StrictHostKeyChecking yes
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_rsa
# Port 22
Protocol 2
Cipher blowfish
Ciphers blowfish-cbc,cast128-cbc,arcfour
# EscapeChar ~
UserKnownHostsFile /dev/null
------------------------------------------------------------------------
sshd_config file
------------------------------------------------------------------------
#
# $Id$
# $OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $
#
# History:
# $Log$
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin:/local/bin
# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.
Port 22
Protocol 2
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /local/etc/ssh_host_key
HostKey /local/etc/ssh_host_rsa_key
HostKey /local/etc/ssh_host_dsa_key
ServerKeyBits 2048
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
Ciphers blowfish-cbc,cast128-cbc,arcfour
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding no
X11DisplayOffset 10
PrintMotd yes
#PrintLastLog no
KeepAlive yes
# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging
RhostsAuthentication no
#
# For this to work you will also need host keys in /local/etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
#
RSAAuthentication yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
# Uncomment to disable s/key passwords
#ChallengeResponseAuthentication no
# Uncomment to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of
'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
#CheckMail yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes
Subsystem sftp /local/libexec/sftp-server
------------------------------------------------------------------------
