SSH issues... (log posted)
Matt Alexander
plug-discuss@lists.PLUG.phoenix.az.us
Tue, 11 Dec 2001 14:52:35 -0800 (PST)
I had the same problem recently. It turns out I needed to enable pam
support.
./configure --with-pam
Then copy one of the sshd.pam files from the contrib directory to
/etc/pam.d
__
This email uses only 100% recycled electrons.
On Tue, 11 Dec 2001, Thomas Mondoshawan Tate wrote:
> > If you use the verbose option to ssh, -v, what does it tell you.
> >
> > -Paul
>
> Okay, you asked for it... =op
> ---
> [crystaldragon:~]$ ssh -v -C mwolf.dyndns.org
> OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
> debug1: Reading configuration data /usr/local/etc/ssh_config
> debug1: Seeding random number generator
> debug1: Rhosts Authentication disabled, originating port will not be trusted.
> debug1: restore_uid
> debug1: ssh_connect: getuid 1000 geteuid 0 anon 1
> debug1: Connecting to mwolf.dyndns.org [24.246.60.176] port 22.
> debug1: temporarily_use_uid: 1000/100 (e=0)
> debug1: restore_uid
> debug1: temporarily_use_uid: 1000/100 (e=0)
> debug1: restore_uid
> debug1: Connection established.
> debug1: read PEM private key done: type DSA
> debug1: read PEM private key done: type RSA
> debug1: identity file /home/phoenix/.ssh/identity type 0
> debug1: identity file /home/phoenix/.ssh/id_rsa type 1
> debug1: identity file /home/phoenix/.ssh/id_dsa type -1
> debug1: Remote protocol version 1.99, remote software version OpenSSH_3.0p1
> debug1: match: OpenSSH_3.0p1 pat ^OpenSSH
> Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_2.9p2
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 zlib
> debug1: kex: client->server aes128-cbc hmac-md5 zlib
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: dh_gen_key: priv key bits set: 131/256
> debug1: bits set: 1556/3191
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'mwolf.dyndns.org' is known and matches the RSA host key.
> debug1: Found key in /home/phoenix/.ssh/known_hosts2:8
> debug1: bits set: 1568/3191
> debug1: ssh_rsa_verify: signature correct
> debug1: kex_derive_keys
> debug1: newkeys: mode 1
> debug1: Enabling compression at level 6.
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: waiting for SSH2_MSG_NEWKEYS
> debug1: newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: done: ssh_kex2.
> debug1: send SSH2_MSG_SERVICE_REQUEST
> debug1: service_accept: ssh-userauth
> debug1: got SSH2_MSG_SERVICE_ACCEPT
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: next auth method to try is publickey
> debug1: try pubkey: /home/phoenix/.ssh/id_rsa
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: try privkey: /home/phoenix/.ssh/id_dsa
> debug1: next auth method to try is password
> phoenix@mwolf.dyndns.org's password:
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive
> Permission denied, please try again.
> phoenix@mwolf.dyndns.org's password:
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive
> Permission denied, please try again.
> phoenix@mwolf.dyndns.org's password:
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: next auth method to try is keyboard-interactive
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive
> Received disconnect from 24.246.60.176: 2: Too many authentication failures
> for phoenix
> debug1: Calling cleanup 0x8064990(0x0)
> debug1: compress outgoing: raw data 728, compressed 414, factor 0.57
> debug1: compress incoming: raw data 389, compressed 149, factor 0.38
> [crystaldragon:~]$
> ---
>
> Now you must realize that I can telnet into mwolf without an issue using the
> same login and password, so I _know_ authentication is not the issue.
>
> --
> Thomas "Mondoshawan" Tate
> phoenix@psy.ed.asu.edu
> http://tank.dyndns.org
>