Lord but this hurts my head :-) s/It Works For Me/It Works For Me Sometimes/
Works fine in my HAN which is of curse NOT where I need it to work. In the
deployed situation, I continues to get asked for a password (not pass
phrase). I've run sshd in debug mode and this is what I get in the HAN -
this is the trace when ssh works as desired i.e. no request for password OR
passphrase.
---------------------------------------------------------------------------
debug1: Seeding random number generator
debug1: sshd version OpenSSH_2.9p2
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: Bind to port 43 on ::.
Server listening on :: port 43.
debug1: Bind to port 43 on 0.0.0.0.
Bind to port 43 on 0.0.0.0 failed: Address already in use.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from ::ffff:192.168.1.103 port 32883
debug1: Client protocol version 1.5; client software version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
debug1: Local version string SSH-1.99-OpenSSH_2.9p2
debug1: Rhosts Authentication disabled, originating port not trusted.
debug1: Sent 768 bit server key and 1024 bit host key.
debug1: Encryption type: 3des
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug1: Starting up PAM with username "james"
debug1: PAM setting rhost to "bilbo.local"
debug1: Attempting authentication for james.
debug1: temporarily_use_uid: 500/100 (e=0)
debug1: restore_uid
Accepted rsa for james from ::ffff:192.168.1.103 port 32883
debug1: session_new: init
debug1: session_new: session 0
debug1: Allocating pty.
debug1: PAM setting tty to "/dev/pts/16"
debug1: PAM establishing creds
debug1: Entering interactive session.
debug1: fd 3 setting O_NONBLOCK
debug1: server_init_dispatch_13
debug1: server_init_dispatch_15
debug1: Setting controlling tty using TIOCSCTTY.
debug1: Received SIGCHLD.
debug1: End of interactive session; stdin 1, stdout (read 362, sent 362), stderr 0 bytes.
debug1: Command exited with status 0.
debug1: Received exit confirmation.
debug1: session_pty_cleanup: session 0 release /dev/pts/16
Closing connection to ::ffff:192.168.1.103
---------------------------------------------------------------------------
and this is the trace when it doesn't work i.e. the client is asked for a
password
---------------------------------------------------------------------------
debug1: Seeding random number generator
debug1: sshd version OpenSSH_2.9p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: Bind to port 43 on ::.
Server listening on :: port 43.
debug1: Bind to port 43 on 0.0.0.0.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from ::ffff:192.168.1.16 port 43472
debug1: Client protocol version 2.0; client software version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_2.9p1
debug1: Rhosts Authentication disabled, originating port not trusted.
debug1: list_hostkey_types: ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 135/256
debug1: bits set: 1000/2049
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 1055/2049
debug1: sig size 20 20
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user niall service ssh-connection method none
debug1: attempt 0 failures 0
debug1: Starting up PAM with username "niall"
debug1: PAM setting rhost to "lpc1.makalumedia.loc"
Failed none for niall from ::ffff:192.168.1.16 port 43472 ssh2
---------------------------------------------------------------------------
A couple of things puzzle me here, besides the fact that it doesn't work :-(
In the HAN I get
Bind to port 43 on 0.0.0.0 failed: Address already in use.
which is odd because a) there's nothing running on 43 (verified with nmap)
and b) it works i.e. the client can connect to 43. The second oddity is that
in the HAN I get
Client protocol version 1.5; client software version OpenSSH_2.9p2
whereas onsite I'm getting
debug1: Client protocol version 2.0; client software version OpenSSH_2.9p2
and I've no idea why the different versions - there's no .ssh/config file in
either place. And what the hell is protocol version 1.5 - ssh 1 with some of
the good bits of 2, or what ?
Definite pints going a begging here, and as the site is in Germany, I'll
even make it some nice German beer :-)
Niall
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
