Re: [ILUG] SSH question

From: Philip Trickett (phil at domain techworks.ie)
Date: Wed 24 Apr 2002 - 10:45:38 IST

• Next message: Smith, Graham - Computing Technician: "RE: [ILUG] JUST NOT PRACTICAL"
• Previous message: Niall O Broin: "Re: [ILUG] ilug now predicting the future"
• In reply to: Niall O Broin: "Re: [ILUG] SSH question"
• Next in thread: Liam Bedford: "Re: [ILUG] SSH question"
• Reply: Liam Bedford: "Re: [ILUG] SSH question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

On Tue, 2002-04-23 at 17:56, Niall O Broin wrote:
> On Tue, Apr 23, 2002 at 04:19:41PM +0100, Philip Trickett wrote:
>
> > an scp command will work fine, no problem.
> > using ssh as such will work:
> >
> > ssh root at domain xxx.xxx.xxx.xxx /usr/bin/whoami
> > will return the expected output, which in this case is root
>
> Occurs to me that you may have something in an initialisation file which is
> causing problems.
>

Hmm, might be, as below:

> > Also created another user, without any special privileges, and the same
> > problem occurs.
>
> and this makes me think that the initialisation file problem, if indeed it
> is that, is a system one, and not just root's.
>
> As you can obviously login to the box by some other means, whilst there can
> you ssh localhost ?
>
Unfortunately not at the moment. There is a verbose debug output below,
and the config file for sshd is there too. I have had a look at the
config file, against others I have on my working systems here and I can
see nothing obvious.
There follow the debug and config files. Thanks,

Phil

Config file: (/etc/ssh/sshd_config)

sh-2.03# cat /etc/ssh/sshd_config
# This is ssh server systemwide configuration file.

Port 22
Protocol 2,1
ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding no
# X11DisplayOffset 10
#PrintMotd no
#PrintLastLog no
KeepAlive yes

# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging

RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
#
# RSAAuthentication yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords yes
# Uncomment to disable s/key passwords
#SkeyAuthentication no

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

CheckMail no
UseLogin no

#Subsystem sftp /usr/local/sbin/sftpd
#MaxStartups 10:30:60

----------------------------Debug output:

sh-2.03# ssh -v root at domain 127.0.0.1
SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: Seeding random number generator
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to 127.0.0.1 [127.0.0.1] port 22.
debug: Seeding random number generator
debug: Allocated local port 943.
debug: Connection established.
debug: Remote protocol version 2.0, remote software version
OpenSSH_2.2.0p1
Enabling compatibility mode for protocol 2.0
debug: Local version string SSH-2.0-OpenSSH_2.2.0p1
debug: send KEXINIT
debug: done
debug: wait KEXINIT
debug: got kexinit: diffie-hellman-group1-sha1
debug: got kexinit: ssh-dss
debug: got kexinit: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc
debug: got kexinit: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at domain openssh.com
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at domain openssh.com
debug: got kexinit: zlib,none
debug: got kexinit: zlib,none
debug: got kexinit:
debug: got kexinit:
debug: first kex follow: 0
debug: reserved: 0
debug: done
debug: kex: server->client 3des-cbc hmac-sha1 none
debug: kex: client->server 3des-cbc hmac-sha1 none
debug: Sending SSH2_MSG_KEXDH_INIT.
debug: bits set: 531/1024
debug: Wait SSH2_MSG_KEXDH_REPLY.
debug: Got SSH2_MSG_KEXDH_REPLY.
debug: Forcing accepting of host key for loopback/localhost.
debug: bits set: 519/1024
debug: len 55 datafellows 0
debug: dsa_verify: signature correct
debug: Wait SSH2_MSG_NEWKEYS.
debug: GOT SSH2_MSG_NEWKEYS.
debug: send SSH2_MSG_NEWKEYS.
debug: done: send SSH2_MSG_NEWKEYS.
debug: done: KEX2.
debug: send SSH2_MSG_SERVICE_REQUEST
debug: service_accept: ssh-userauth
debug: got SSH2_MSG_SERVICE_ACCEPT
debug: ssh-userauth2 successfull
debug: no set_nonblock for tty fd 4
debug: no set_nonblock for tty fd 5
debug: no set_nonblock for tty fd 6
debug: channel 0: new [client-session]
debug: send channel open 0
debug: Entering interactive session.
debug: callback start
debug: client_init id 0 arg 0
debug: channel request 0: shell
debug: client_set_session_ident: id 0
debug: callback done
debug: channel 0: open confirm rwindow 0 rmax 32768
debug: channel 0: rcvd adjust 16384

• Next message: Smith, Graham - Computing Technician: "RE: [ILUG] JUST NOT PRACTICAL"
• Previous message: Niall O Broin: "Re: [ILUG] ilug now predicting the future"
• In reply to: Niall O Broin: "Re: [ILUG] SSH question"
• Next in thread: Liam Bedford: "Re: [ILUG] SSH question"
• Reply: Liam Bedford: "Re: [ILUG] SSH question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:16:21 GMT