From: Erik Simonsen (erik@pinksheets.com)
Date: Fri Oct 04 2002 - 12:03:36 EDT
To provide more information:
It's as if the host doesn't care about the public key. Again it has the
same configuration files as the other hosts, but it fails back to asking for
a password. Below is the debug output for the session that failed, followed
by a successful connection to a different host.
Failed to accept public key.
erik@eds:erik$ ssh -v -v -v root@hostname
SSH Version Sun_SSH_1.0, protocol versions 1.5/2.0.
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: getuid 100 geteuid 100 anon 1
debug1: Connecting to hostname [10.53.9.2] port 22.
debug1: Connection established.
debug1: identity file /home/erik/.ssh/identity type 3
debug1: identity file /home/erik/.ssh/id_rsa type 3
debug1: Bad RSA1 key file /home/erik/.ssh/id_dsa.
debug1: identity file /home/erik/.ssh/id_dsa type 3
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.0
debug1: sent kexinit: diffie-hellman-group1-sha1
debug1: sent kexinit: ssh-rsa,ssh-dss
debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc
debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc
debug1: sent kexinit: hmac-sha1,hmac-md5
debug1: sent kexinit: hmac-sha1,hmac-md5
debug1: sent kexinit: none
debug1: sent kexinit: none
debug1: sent kexinit:
debug1: sent kexinit:
debug1: send KEXINIT
debug1: done
debug1: wait KEXINIT
debug1: got kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sh
a1
debug1: got kexinit: ssh-rsa,ssh-dss
debug1: got kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192
-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug1: got kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192
-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug1: got kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.co
m,hmac-sha1-96,hmac-md5-96
debug1: got kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.co
m,hmac-sha1-96,hmac-md5-96
debug1: got kexinit: none
debug1: got kexinit: none
debug1: got kexinit:
debug1: got kexinit:
debug1: first kex follow: 0
debug1: reserved: 0
debug1: done
debug2: mac_init: found hmac-sha1
debug1: kex: server->client unable to decide common locale
debug1: kex: server->client aes128-cbc hmac-sha1 none
debug2: mac_init: found hmac-sha1
debug1: kex: client->server unable to decide common locale
debug1: kex: client->server aes128-cbc hmac-sha1 none
debug1: Sending SSH2_MSG_KEXDH_INIT.
debug1: bits set: 520/1024
debug1: Wait SSH2_MSG_KEXDH_REPLY.
debug1: Got SSH2_MSG_KEXDH_REPLY.
debug1: Host 'hostname' is known and matches the RSA host key.
debug1: Found key in /home/erik/.ssh/known_hosts:33
debug1: bits set: 509/1024
debug1: ssh_rsa_verify: signature correct
debug1: Wait SSH2_MSG_NEWKEYS.
debug1: GOT SSH2_MSG_NEWKEYS.
debug1: send SSH2_MSG_NEWKEYS.
debug1: done: send SSH2_MSG_NEWKEYS.
debug1: done: KEX2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interacti
ve
debug3: start over, passed a different list
debug3: authmethod_lookup publickey
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug1: userauth_pubkey_agent: trying agent key /home/erik/.ssh/id_dsa
debug3: sign_and_send_pubkey
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue:
publickey,password,keyboard-interacti
ve
debug3: authmethod_lookup publickey
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug2: userauth_pubkey_agent: no more keys
debug2: userauth_pubkey_agent: no message sent
debug1: key does not exist: /home/erik/.ssh/identity
debug1: key does not exist: /home/erik/.ssh/id_rsa
debug1: try pubkey: /home/erik/.ssh/id_dsa
debug1: PEM_read_PrivateKey failed
debug1: read SSH2 private key done: name <no key> success 0
Enter passphrase for key '/home/erik/.ssh/id_dsa':
debug1: read SSH2 private key done: name dsa w/o comment success 1
debug3: sign_and_send_pubkey
debug1: sig size 20 20
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug3: authmethod_lookup publickey
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug2: userauth_pubkey_agent: no more keys
debug2: userauth_pubkey_agent: no message sent
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: authmethod_lookup password
debug3: authmethod_is_enabled password
debug1: next auth method to try is password
root@hostname's password:
debug2: we sent a password packet, wait for reply
debug1: ssh-userauth2 successfull: method password
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug2: callback start
debug1: client_init id 0 arg 0
debug1: channel request 0: shell
debug2: callback done
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 131072
Last login: Fri Oct 4 11:49:25 2002 from 10.54.9.37
Accepted public key:
erik@eds:erik$ ssh -v -v -v root@mds1
SSH Version Sun_SSH_1.0, protocol versions 1.5/2.0.
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: getuid 100 geteuid 100 anon 1
debug1: Connecting to mds1 [10.53.9.72] port 22.
debug1: Connection established.
debug1: identity file /home/erik/.ssh/identity type 3
debug1: identity file /home/erik/.ssh/id_rsa type 3
debug1: Bad RSA1 key file /home/erik/.ssh/id_dsa.
debug1: identity file /home/erik/.ssh/id_dsa type 3
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.0
debug1: sent kexinit: diffie-hellman-group1-sha1
debug1: sent kexinit: ssh-rsa,ssh-dss
debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc
debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc
debug1: sent kexinit: hmac-sha1,hmac-md5
debug1: sent kexinit: hmac-sha1,hmac-md5
debug1: sent kexinit: none
debug1: sent kexinit: none
debug1: sent kexinit:
debug1: sent kexinit:
debug1: send KEXINIT
debug1: done
debug1: wait KEXINIT
debug1: got kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug1: got kexinit: ssh-rsa,ssh-dss
debug1: got kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
ijndael-cbc@lysator.liu.se
debug1: got kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
ijndael-cbc@lysator.liu.se
debug1: got kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
ac-md5-96
debug1: got kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm
ac-md5-96
debug1: got kexinit: none,zlib
debug1: got kexinit: none,zlib
debug1: got kexinit:
debug1: got kexinit:
debug1: first kex follow: 0
debug1: reserved: 0
debug1: done
debug2: mac_init: found hmac-sha1
debug1: kex: server->client unable to decide common locale
debug1: kex: server->client aes128-cbc hmac-sha1 none
debug2: mac_init: found hmac-sha1
debug1: kex: client->server unable to decide common locale
debug1: kex: client->server aes128-cbc hmac-sha1 none
debug1: Sending SSH2_MSG_KEXDH_INIT.
debug1: bits set: 503/1024
debug1: Wait SSH2_MSG_KEXDH_REPLY.
debug1: Got SSH2_MSG_KEXDH_REPLY.
debug1: Host 'mds1' is known and matches the RSA host key.
debug1: Found key in /home/erik/.ssh/known_hosts:15
debug1: bits set: 522/1024
debug1: ssh_rsa_verify: signature correct
debug1: Wait SSH2_MSG_NEWKEYS.
debug1: GOT SSH2_MSG_NEWKEYS.
debug1: send SSH2_MSG_NEWKEYS.
debug1: done: send SSH2_MSG_NEWKEYS.
debug1: done: KEX2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug3: start over, passed a different list
debug3: authmethod_lookup publickey
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug1: userauth_pubkey_agent: trying agent key /home/erik/.ssh/id_dsa
debug3: sign_and_send_pubkey
debug2: we sent a publickey packet, wait for reply
debug1: ssh-userauth2 successfull: method publickey
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug2: callback start
debug1: client_init id 0 arg 0
debug1: channel request 0: shell
debug2: callback done
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 131072
Thanks again!
-----Original Message-----
From: sunmanagers-admin@sunmanagers.org
[mailto:sunmanagers-admin@sunmanagers.org]On Behalf Of Erik Simonsen
Sent: Friday, October 04, 2002 11:04 AM
To: sunmanagers@sunmanagers.org
Subject: openssh on solaris
I have been having a problem with openssh on Solaris. I used packages to
install OpenSSH on a number of Solaris 7 and 8 boxes. SSH is working on all
of these machines with passwords, but there are 4 machines out of 60 that
public-key authentication is not working on. Since the install is from a
package, the sshd configuration files on all of these machines are
identical. Can anyone think of something on the OS level that would be
preventing these machines from accepting public keys.
Thanks everyone,
Erik
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:25:03 EDT