Hi, i setup X509 certificate patch with openssh 6.1p1.
ssh user1 at HOST -i user2.pem
So , both users are root, admins of this OS.
If i do not know user1 password i can not login with ssh to server. i
can su to server but this will be in logs.
public key authentification like this bellow have some identificatio
issue. If i copy my authorized key(user2) to user1 authorized key and
try login with ssh like this ssh user1 at HOST -i user2.pem i will login
like him..and this is BAD.
I wan't to configure my ssh server just for certificate
authentification, and that way that i can't impersionate some other
user.
Here is log.
Nov 27 17:46:45 intrat10 auth|security:debug sshd[10289316]: debug1:
fd 4 clearing O_NONBLOCK
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
rexec start in 4 out 4 newsock 4 pipe 6 sock 7
Nov 27 17:46:45 intrat10 auth|security:debug sshd[10289316]: debug1:
Forked child 11534544.
Nov 27 17:46:45 intrat10 auth|security:debug sshd[10289316]: debug3:
send_rexec_state: entering fd = 7 config len 387
Nov 27 17:46:45 intrat10 auth|security:debug sshd[10289316]: debug3:
ssh_msg_send: type 0
Nov 27 17:46:45 intrat10 auth|security:debug sshd[10289316]: debug3:
send_rexec_state: done
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
inetd sockets after dupping: 5, 5
Nov 27 17:46:45 intrat10 auth|security:info sshd[11534544]: Connection
from XX.XX.XX.XX port 58271
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
Client protocol version 2.0; client software version OpenSSH_6.1 PKIX
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
match: OpenSSH_6.1 PKIX pat OpenSSH*
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
Enabling compatibility mode for protocol 2.0
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
Local version string SSH-2.0-OpenSSH_6.1 PKIX
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
fd 5 setting O_NONBLOCK
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_sandbox_init: preparing rlimit sandbox
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
Network child is on pid 13041860
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
preauth child monitor started
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
privsep user:group 202:201 [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
permanently_set_uid: 202/201 [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
list_hostkey_types: ssh-rsa,ssh-dss [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
SSH2_MSG_KEXINIT sent [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
SSH2_MSG_KEXINIT received [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
[preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
kex_parse_kexinit: ssh-rsa,ssh-dss [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc
at lysator.liu.se
[preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc
at lysator.liu.se
[preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64 at
openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160 at
openssh.com,hmac-sha1-96,hmac-md5-96
[preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64 at
openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160 at
openssh.com,hmac-sha1-96,hmac-md5-96
[preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
kex_parse_kexinit: none,zlib at openssh.com [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
kex_parse_kexinit: none,zlib at openssh.com [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
kex_parse_kexinit: [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
kex_parse_kexinit: [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
kex_parse_kexinit: first_kex_follows 0 [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
kex_parse_kexinit: reserved 0 [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
[preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
kex_parse_kexinit:
x509v3-sign-rsa,ssh-rsa-cert-v01 at openssh.com,ssh-rsa-cert-v00 at
openssh.com,ssh-rsa,x509v3-sign-dss,ssh-dss-cert-v01 at
openssh.com,ssh-dss-cert-v00 at openssh.com,ssh-dss
[preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc
at lysator.liu.se
[preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
mac_setup: found hmac-md5 [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
kex: server->client aes128-ctr hmac-md5 none [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_send entering: type 0 [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_choose_dh: waiting for MONITOR_ANS_MODULI [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_receive_expect entering: type 1 [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_receive entering [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_receive entering
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
monitor_read: checking request 0
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_answer_moduli: got parameters: 1024 1024 8192
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_send entering: type 1
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
monitor_read: 0 used once, disabling now
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_choose_dh: remaining 0 [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
dh_gen_key: priv key bits set: 125/256 [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
bits set: 511/1024 [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
bits set: 498/1024 [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_key_sign entering [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_send entering: type 4 [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_receive_expect entering: type 5 [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_receive entering [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_receive entering
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
monitor_read: checking request 4
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_answer_sign
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_answer_sign: signature 20045ef8(271)
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_send entering: type 5
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
monitor_read: 4 used once, disabling now
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
SSH2_MSG_KEX_DH_GEX_REPLY sent [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
kex_derive_keys [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
set_newkeys: mode 1 [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
SSH2_MSG_NEWKEYS sent [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
expecting SSH2_MSG_NEWKEYS [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
set_newkeys: mode 0 [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
SSH2_MSG_NEWKEYS received [preauth]
Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
KEX done [preauth]
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug1:
userauth-request for user user1 service ssh-connection method none
[preauth]
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug1:
attempt 0 failures 0 [preauth]
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_getpwnamallow entering [preauth]
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_send entering: type 6 [preauth]
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_receive_expect entering: type 7 [preauth]
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_receive entering [preauth]
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_receive entering
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
monitor_read: checking request 6
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_answer_pwnamallow
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
Trying to reverse map address 10.144.33.20.
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug2:
parse_server_config: config reprocess config len 387
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
AIX/setauthdb set registry 'LDAP'
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
aix_restoreauthdb: restoring old registry ''
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
AIX/loginrestrictions returned 0 msg (none)
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_send entering: type 7
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug2:
monitor_read: 6 used once, disabling now
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug2:
input_userauth_request: setting up authctxt for user1 [preauth]
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_inform_authserv entering [preauth]
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_send entering: type 3 [preauth]
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug2:
input_userauth_request: try method none [preauth]
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_receive entering
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
monitor_read: checking request 3
Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_answer_authserv: service=ssh-connection, styleNov 27 17:46:46 intrat10
auth|security:debug sshd[11534544]: debug2:
monitor_read: 3 used once, disabling now
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug1:
userauth-request for user user1 service ssh-connection method
publickey [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug1:
attempt 1 failures 0 [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug2:
input_userauth_request: try method publickey [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
key_from_blob(..., 1268) [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
x509key_from_blob: We have 1268 bytes available in BIO [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
x509_to_key: X509_get_pubkey done! [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_key_allowed entering [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_send entering: type 20 [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_receive_expect entering: type 21 [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_receive entering [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_receive entering
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
monitor_read: checking request 20
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_answer_keyallowed entering
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
key_from_blob(..., 1268)
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
x509key_from_blob: We have 1268 bytes available in BIO
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
x509_to_key: X509_get_pubkey done!
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_answer_keyallowed: key_from_blob: 2008b2d8
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug1:
temporarily_use_uid: 417/230 (e=0/0)
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug1:
trying public key file /home/user1/.ssh/authorized_keys
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug1:
fd 4 clearing O_NONBLOCK
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
x509key_from_subject(9, [subject= C = XX, O = XX, OU = XX, CN user2\n]) called
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
x509key_from_subject: subject=[C = XX, O = XX, OU = XX, CN = user2\n]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_X509_NAME_add_entry_by_NID: type=ASCII, k=2
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_X509_NAME_add_entry_by_NID: type=ASCII, k=4
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_X509_NAME_add_entry_by_NID: type=ASCII, k=12
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_X509_NAME_add_entry_by_NID: type=ASCII, k=7
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
x509key_str2X509NAME: return 1
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
x509key_from_subject: return 2008b678
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
key_match:found matching certificate
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug1:
matching key found: file /home/user1/.ssh/authorized_keys, line 1
Nov 27 17:46:55 intrat10 auth|security:info sshd[11534544]: Found
matching RSA+cert key: 47:d7:9f:7c:e4:a6:df:67:be:bb:82:8f:91:99:12:f2
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_x509cert_check: for 'C=XX,O=XX,OU=XX,CN=user2'
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_x509revoked_cb: Issuer: C=XX,O=XX,OU=XX,CN=XX
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_x509revoked_cb: Subject: C=XX,O=XX,OU=XX,CN=XX
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_x509revoked_cb: Issuer: C=XX,O=XX,OU=XX,CN=XX
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_x509revoked_cb: Subject: C=XX,O=XX,OU=XX,CN=XX
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_x509revoked_cb: Issuer: C=XX,O=XX,OU=XX,CN=XX
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_x509revoked_cb: Subject: C=XX,O=XX,OU=XX,CN=user2
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_ocsp_validate: for 'C=XX,O=XX,OU=XX,CN=user2'
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_ocsp_validate: none
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_key_verify entering [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_send entering: type 22 [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_key_verify: waiting for MONITOR_ANS_KEYVERIFY [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_receive_expect entering: type 23 [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_receive entering [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_receive entering
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
monitor_read: checking request 22
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
key_from_blob(..., 1268)
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
x509key_from_blob: We have 1268 bytes available in BIO
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
x509_to_key: X509_get_pubkey done!
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_x509_verify: signature format = x509v3-sign-rsa
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_x509_verify: md=rsa-sha1, loc=0
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_x509cert_check: for 'C=XX,O=XX,OU=XX,CN=user2'
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_x509revoked_cb: Issuer: C=XX,O=XX,OU=XX,CN=XX
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_x509revoked_cb: Subject: C=XX,O=XX,OU=XX,CN=XX
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_x509revoked_cb: Issuer: C=XX,O=XX,OU=XX,CN=XX
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_x509revoked_cb: Subject: C=XX,O=XX,OU=XX,CN=XX
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_x509revoked_cb: Issuer: C=XX,O=XX,OU=XX,CN=XX
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_x509revoked_cb: Subject: C=XX,O=XX,OU=XX,CN=user2
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_ocsp_validate: for 'C=XX,O=XX,OU=XX,CN=user2'
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_ocsp_validate: none
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_x509cert_check: return 1(trusted)
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
ssh_x509_verify: return 1
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_answer_keyverify: key 2008ca68 signature verified
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_send entering: type 23
Nov 27 17:46:55 intrat10 auth|security:info sshd[11534544]: Accepted
publickey for user1 from XX.XX.XX.XX. port 58271 ssh2
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
AIX/setauthdb set registry 'LDAP'
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug1:
AIX/loginsuccess: msg Last unsuccessful login: \310et 22 Stu 2012
13:02:41 on ssh from user1.host.com\nLast login: Uto 27 Stu 2012
17:29:40 on /dev/pts/5 from intrat10.zbo\n
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
aix_restoreauthdb: restoring old registry ''
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug2:
userauth_pubkey: authenticated 1 pkalg x509v3-sign-rsa [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_send_keystate: Sending new keys: 20046118 20045e78 [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_newkeys_to_blob: converting 20046118 [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_newkeys_to_blob: converting 20045e78 [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_send_keystate: New keys have been sent [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_send_keystate: Sending compression state [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_send entering: type 24 [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_send_keystate: Finished sending state [preauth]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug1:
monitor_read_log: child log fd closed
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug1:
monitor_child_preauth: user1 has been authenticated by privileged
process
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_get_keystate: Waiting for new keys
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_receive_expect entering: type 24
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_receive entering
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_newkeys_from_blob: 2006cfa8(118)
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug2:
mac_setup: found hmac-md5
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_get_keystate: Waiting for second key
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_newkeys_from_blob: 2006cfa8(118)
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug2:
mac_setup: found hmac-md5
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_get_keystate: Getting compression state
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_get_keystate: Getting Network I/O buffers
Nov 27 17:46:55 intrat10 auth|security:info sshd[11534544]: User child
is on pid 13041862
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug3:
AIX/UsrInfo: set len 29
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
permanently_set_uid: 417/230
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug2:
set_newkeys: mode 0
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug2:
set_newkeys: mode 1
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
Entering interactive session for SSH2.
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug2:
fd 8 setting O_NONBLOCK
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug2:
fd 9 setting O_NONBLOCK
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
server_init_dispatch_20
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
input_session_request
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
channel 0: new [server-session]
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug2:
session_new: allocate (allocated 0 max 10)
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug3:
session_unused: session id 0 unused
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
session_new: session 0
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
session_open: channel 0
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
session_open: session 0: link with channel 0
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
server_input_channel_open: confirm session
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
server_input_global_request: rtype no-more-sessions at openssh.com
want_reply 0
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
server_input_channel_req: channel 0 request pty-req reply 1
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
session_by_channel: session 0 channel 0
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
session_input_channel_req: session 0 req pty-req
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
Allocating pty.
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug3:
mm_request_send entering: type 25
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug3:
mm_pty_allocate: waiting for MONITOR_ANS_PTY
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug3:
mm_request_receive_expect entering: type 26
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug3:
mm_request_receive entering
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_receive entering
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
monitor_read: checking request 25
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_answer_pty entering
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug2:
session_new: allocate (allocated 0 max 10)
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
session_unused: session id 0 unused
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug1:
session_new: session 0
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
AIX/setauthdb set registry 'LDAP'
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug1:
AIX/loginsuccess: msg Last unsuccessful login: \310et 22 Stu 2012
13:02:41 on ssh from user1.host.com\nLast login: Uto 27 Stu 2012
17:46:55 on ssh from intrat10.zbo\n
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
aix_restoreauthdb: restoring old registry ''
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_request_send entering: type 26
Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
mm_answer_pty: tty /dev/pts/5 ptyfd 6
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
session_pty_req: session 0 alloc /dev/pts/5
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
server_input_channel_req: channel 0 request shell reply 1
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
session_by_channel: session 0 channel 0
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
session_input_channel_req: session 0 req shell
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug2:
fd 5 setting TCP_NODELAY
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug3:
packet_set_tos: set IP_TOS 0x10
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug2:
channel 0: rfd 12 isatty
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug2:
fd 12 setting O_NONBLOCK
Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug3:
fd 10 is O_NONBLOCK