search for: userauth

https://bugzilla.mindrot.org/show_bug.cgi?id=3590 Bug ID: 3590 Summary: Why is the service name in the USERAUTH REQUEST message "ssh-connect" instead of "ssh-userauth"? Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Comp...

what about this? can we do about this if we break the protocol? -------------- next part -------------- An embedded message was scrubbed... From: Love <lha at stacken.kth.se> Subject: gss userauth Date: Fri, 22 Aug 2003 16:06:27 +0200 Size: 2878 Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030822/f7bb85a0/attachment.mht

...to get an ssh connection to alice with (force gssapi connection) ssh -vvv -K alice\$@alice.example.local when i look in the logs i see always on alice the follwing error messages by alice "No principal in keytab matches the desired name" And May 25 13:43:44 alice sshd[29647]: debug1: userauth-request for user alice$ service ssh-connection method none [preauth] May 25 13:43:44 alice sshd[29647]: debug1: attempt 0 failures 0 [preauth] May 25 13:43:44 alice sshd[29647]: Invalid user alice$ from 192.168.24.3 May 25 13:43:44 alice sshd[29647]: debug1: Unable to open the btmp file /var/log/bt...

...t_mgmt(), chauthtok(), if required, setcred(PAM_ESTABLISH_CRED) and open_session() ALL during kbd-int so that modules in each of those PAM stacks can prompt the user (pam_open_session(), for example, may prompt a user with an informational message akin to the last login message) - all userauth methods should call pam_acct_mgmt() and force kbd-int, via partial userauth failure, if pam_acct_mgmt() returns PAM_NEW_AUTHTOK_REQD (password expired) - pam_setcred(PAM_ESTABLISH_CRED) and pam_open_session() should be called by the end of userauth, regardless of which method(s) is(are)...

...hentication no + PermitEmptyPasswords yes Attempts: Installed maintence pack3 and recompiled both OpenSSH and OpenSSL (0.9.7b) with native c compiler. Recompiled both OpenSSH and OpenSSL (0.9.7b) with gcc (2.95.2). Still the same problem. Looking at auth2.c line 185-190: authenticated = m->userauth(authctxt); sets authenticate to 1 when PermitEmptyPasswords ==> yes I found only one reference to userauth() in sshconnect2.c (line 279) I do not understand the code m->userauth(authctxt); Please assist. Vikash

Hi, I don't mean to be annoying, but it seems like there isn't any interest in partial authentication. Is this true? It's not a future plan for OpenSSH to have this feature? I'd just like to know if I'm on my own or not. Thanks Erik.

...-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user themac service ssh-connection method none debug1: attempt 0 failures 0 Failed none for themac from ::1 port 55838 ssh2 Failed none for themac from ::1 port 55838 ssh2 debug1: userauth-request for user themac service ssh-connection method publickeydebug1: attempt 1 failures 1 debug1...

...chance. If the agent is running, you run out of tries _before_ you are able to enter a password. I have patched a little at auth2.c and auth.h [1], but I am absoluteley not sure if that patch is 100% ok and does not cause any other Problems. For me it works fine :) The errors in the sshd: debug1: userauth-request for user XXXXXX service ssh-connection method none debug1: attempt #1 debug1: Starting up PAM with username "XXXXXX" Failed none for XXXXXX from XXX.XXX.XXX.XXX port 34257 ssh2 debug1: userauth-request for user XXXXXX service ssh-connection method publickey debug1: attempt #2 debu...

...ber/170426.html. I don't see that he ever reached a solution. Nov 20 16:02:58 appdb01-qa sshd[31622]: debug1: Unspecified GSS failure. Minor code may provide more information\nNo key table entry found matching host/appdb01-qa.mediture.dom@\n Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: userauth-request for user arthurr service ssh-connection method gssapi-with-mic Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: attempt 2 failures 0 Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: userauth-request for user arthurr service ssh-connection method gssapi-with-mic Nov 20 16:02:58 appdb01-qa ss...

..._principals file contains one line: test at 172.31.43.3 I attempt to connect to the target server from the test client: $ ssh -vvv -Y -p 2022 -l test 172.31.44.115 There is verbose output, which mostly seems right until (on the client): debug1: ssh_rsa_verify: signature correct debug2: input_userauth_pk_ok: fp c9:42:44:91:48:04:45:b2:ee:93:12:3f:e5:89:13:ab debug3: sign_and_send_pubkey: RSA-CERT c9:42:44:91:48:04:45:b2:ee:93:12:3f:e5:89:13:ab debug1: read PEM private key begin debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> Enter...

...SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 1583/3191 debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user andreas service ssh-connection method none debug1: attempt 0 failures 0 debug1: Starting up PAM with username "andreas" debug1: PAM setting rhost to "localhost" Failed none for andreas from 127.0.0.1 port 1053 ssh2 debug1: userauth-request for user andreas...

...m Created attachment 2441 --> https://bugzilla.mindrot.org/attachment.cgi?id=2441&action=edit pam_enhancements for OpenSSH server We have implemented the following PAM enhancements for Solaris and we would like to contribute back our implementations for these enhancements: 1) Each SSHv2 userauth method has its own PAM service name so that PAM can be used to control what userauth methods are allowed. This is for protocol 2 only. ----------------------------------------------- | SSHv2 Userauth | PAM Service Name | -----------------------------------------------...

...-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user dummy service ssh-connection method none debug1: attempt 0 failures 0 Failed none for dummy from 192.168.247.63 port 34762 ssh2 Failed none for dummy from 192.168.247.63 port 34762 ssh2 debug1: userauth-request for user dummy service ssh-connection method publickey debug1: attempt...

...SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 1583/3191 debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user andreas service ssh-connection method none debug1: attempt 0 failures 0 debug1: Starting up PAM with username "andreas" debug1: PAM setting rhost to "localhost" Failed none for andreas from 127.0.0.1 port 1053 ssh2 debug1: userauth-request for user andreas...

....1 Negotiated Algorithms: Connection Settings: Encryption Algorithm: <Default> MAC Algorithm: <Default> Compression: zlib Port Number: 4040 Connect Through Firewall: No Firewall: (Empty) Firewall Port: 1080 Last 5 Messages displayed: Message 1: Server responded "too many failed userauth_requests". A protocol error was detected. This usually indicates a bug in the SSH application (either client or server). If you can repeatedly reproduce this problem, please send a detailed bug report (including version number and instructions for reproducing the problem) to ssh-bugs at ssh....

...ts set: 1528/3191 > debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent > debug1: kex_derive_keys > debug1: newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: waiting for SSH2_MSG_NEWKEYS > debug1: newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: KEX done > debug1: userauth-request for user cheekoon service ssh-connection method > none > debug1: attempt 0 failures 0 > debug1: Starting up PAM with username "cheekoon" > debug1: PAM setting rhost to "localhost" > Failed none for cheekoon from 127.0.0.1 port 32948 ssh2 > Failed none f...

...a_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: next auth method to try is publickey debug1: userauth_pubkey_agent: testing agent key /root/.ssh/id_rsa debug1: authentications that can continue: publickey,password,k...

...EX_INIT debug1: bits set: 1018/2049 debug2: ssh_rsa_sign: done debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user fdsmith service ssh-connection method none debug1: attempt 0 failures 0 debug2: input_userauth_request: setting up authctxt for fdsmith debug2: input_userauth_request: try method none Failed none for fdsmith from 162.87.6.13 port 1163 ssh2 debug1: userauth-request for user fdsmith...

...ssion denied' I'm running a plain vanilla redhat 6.1 (a bit old, I know) with openSSL as the SSL implementation. I installed a different ssh implementation (from ftp.ssh.fi - I compiled both, actually) and that works fine with all users. Here is the debug output from sshd: debug2: input_userauth_request: setting up authctxt for daniel debug2: input_userauth_request: try method none Failed none for daniel from 172.21.97.161 port 2418 ssh2 debug1: userauth-request for user daniel service ssh-connection method keyboard-interactive debug1: attempt 1 failures 1 debug2: input_userauth_request: t...

...2 debug1: match: OpenSSH_2.9p2 pat ^OpenSSH Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_2.9p2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received [...] debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,keyboard-interactive debug1: next auth method to try is publickey debug1: userauth_pubkey_agent: testing agent key /home/matthewm/.ssh/id_dsa debug1: authentications that can continue: publickey,keyboard-intera...