search for: keyex

https://bugzilla.mindrot.org/show_bug.cgi?id=2456 Bug ID: 2456 Summary: gssapi-keyex blocked by PermitRootLogin=without-password Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd Assignee: un...

I would like to request additional consideration for inclusion of the gss-keyex patch (https://bugzilla.mindrot.org/show_bug.cgi?id=1242) into mainline OpenSSH. I know this comes up every few months, and I know that the current answer is "no" (as stated in November 2007), so I'll get straight to the new information and possibly-new arguments. 1. I conducted a c...

https://bugzilla.mindrot.org/show_bug.cgi?id=2198 Bug ID: 2198 Summary: GSSAPIKeyExchange gssapi-keyex bug in kex.c choose_kex() Product: Portable OpenSSH Version: 6.4p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: Kerberos support...

...and it lists my current ticket for user. Then I try "ssh -vvvl user cofil01.mydomain.net" , I get the following lines: ==================================================== debug2: we sent a gssapi-with-mic packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug2: we sent a gssapi-with-mic packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug2: we sent a gssapi-with-mic packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-keyex,gss...

Hai, Lets start here. Handy for us to know. OS? Samba version? AD or member setup? And I suggest, set this in the ssh server. # GSSAPI options GSSAPIAuthentication yes Restart the ssh server and try to SSO login. If its a AD server this should work. Yes, you dont get home dir etc, end up in / after login, but lets check if this works. Greetz, Louis > -----Oorspronkelijk

...page ssh_config.5 specifies the default setting for PreferredAuthentications as: "gssapi-with-mic, hostbased, publickey, keyboard-interactive, password" with a space after each comma. But when I set PreferredAuthentications in ssh_config as follows: PreferredAuthentications "gssapi-keyex, gssapi-with-mic, publickey, hostbased, password" with a space after each comma, ssh fails to process authentication methods beyond the first one in the list. It will however work as expected if the spaces are removed. Either the man page or code (match_list()?) needs to be fixed. Below is t...

...ebug1: kex_input_ext_info: > server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp2 > 56,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: > gssapi-keyex,gssapi-with-mic,password > debug1: Next authentication method: gssapi-keyex > debug1: No valid Key exchange context > debug2: we did not send a packet, disable method > debug1: Next authentication method: gssapi-with-mic > debug2: we sent a gssapi-with-mic packet, wait for reply >...

...gt; > server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp2 > > 56,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> > > debug2: service_accept: ssh-userauth > > debug1: SSH2_MSG_SERVICE_ACCEPT received > > debug1: Authentications that can continue: > > gssapi-keyex,gssapi-with-mic,password > > debug1: Next authentication method: gssapi-keyex > > debug1: No valid Key exchange context > > debug2: we did not send a packet, disable method > > debug1: Next authentication method: gssapi-with-mic > > debug2: we sent a gssapi-with-mic pa...

...rify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/TimothyDunphy/.ssh/id_rsa debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic debug1: Trying private key: /Users/TimothyDunphy/.ssh/id_dsa debug1: No more authenticati...

..._MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received and then it sits there for 1-2 minutes and then this output blasts out: debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available debug1: Unspecified GSS fai...

...g1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Cannot determine realm for numeric host a...

...ex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup gssapi-keyex debug3: remaining preferred:...

...es And the defaults : # GSSAPI options GSSAPIAuthentication yes GSSAPICleanupCredentials yes Are sufficient for a normal ssh kerberized login. Optional, depending on the use of your server, and if you SSH supports it. ( use man sshd_config to look the up ) GSSAPIStrictAcceptorCheck yes GSSAPIKeyExchange yes GSSAPIStoreCredentialsOnRekey yes I assume, that, server and client do have A and PTR records AND both servers have nfs/FQDN at REALM in the keytab. Postponed keyboard-interactive for EXAMPLE+user1 from 141.30.156.114 That looks to me the UseDNS yes, may solve it if its keytab/resolvi...

...> GSSAPIAuthentication yes > GSSAPICleanupCredentials yes > > Are sufficient for a normal ssh kerberized login. > > Optional, depending on the use of your server, and if you SSH supports it. > ( use man sshd_config to look the up ) > GSSAPIStrictAcceptorCheck yes > GSSAPIKeyExchange yes > GSSAPIStoreCredentialsOnRekey yes > > I assume, that, server and client do have A and PTR records AND both servers have nfs/FQDN at REALM in the keytab. > > Postponed keyboard-interactive for EXAMPLE+user1 from 141.30.156.114 > That looks to me the UseDNS yes, may solv...

Attached is the very verbose ssh output. Just to be perverse, this time two nodes lost connectivity. The only thing I see is lines saying that the two connections are lost, although being honest I have no idea what everything else means. For reference, 8 ssh cinnections were being made at the same time for a 8x8mpi task. N.B., since the OS I am using does not have rsh, I am currently using the

On Tue, May 17, 2016 16:34, Dustin Kempter wrote: ere. >> > Here is the command and output > > > [test1 at pgpool1 ~]$ ssh -v -i /home/test1/my-key.txt > upload at 144.167.188.62 . . . > debug1: Authentications that can continue: > publickey,gssapi-keyex,gssapi-with-mic > debug1: Next authentication method: gssapi-keyex > debug1: No valid Key exchange context > debug1: Next authentication method: gssapi-with-mic > debug1: Unspecified GSS failure. Minor code may provide more > information > Credentials cache file '/tmp/krb5cc_...

....ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_501' not found debug1: Un...

...ice_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/jgu/.ssh/identity ((nil)) debug2: key: /home/jgu/.ssh/id_rsa ((nil)) debug2: key: /home/jgu/.ssh/id_dsa ((nil)) debug3: Wrote 64 bytes for a total of 1109 debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup gssapi-keyex debug3: remaining preferred: gssapi-with-mic,publickey,k...

...--live cvm1 qemu+ssh://kashyapc@devstack3/system error: operation failed: Failed to connect to remote libvirt URI qemu+ssh://kashyapc@devstack3/system: Cannot recv data: Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).: Connection reset by peer >From libvirtd debug log: [. . .] 2015-04-03 06:04:16.221+0000: 31009: debug : virCommandRunAsync:2408 : About to run LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin ssh -l kashyapc devstack3 sh -c ''\''if ...

...application layer. debug: Ssh2Transport: Sending algorithms to application layer. debug: Ssh2Common: Received SSH_CROSS_STARTUP packet from connection protocol. debug: Ssh2Common: Received SSH_CROSS_ALGORITHMS packet from connection protocol . debug: server offers auth methods 'publickey,gssapi-keyex,gssapi-with-mic,passwo rd'. debug: Ssh2AuthPubKeyClient: Starting pubkey auth... debug: Ssh2AuthPubKeyClient: ssh_client_auth_pubkey_agent_open_complete agent=0x 0 debug: Ssh2AuthPubKeyClient: Agent is not running. debug: Ssh2AuthPubKeyClient: Got 0 keys from the agent. debug: Ssh2AuthPubKeyCli...