OpenSSH vs ssh.com

mouring at etoh.eviladmin.org mouring at etoh.eviladmin.org
Mon Dec 4 17:11:53 EST 2000 

Ask and ye shall recieve.  Yesterday (CST), I commited  Markus'
patches to provide F-SECURE support for 2.0.12.  So they should be in the
snapshots now.  

- Ben


On Mon, 4 Dec 2000, Rob Hagopian wrote:

> openssh-snap-20001204 vs F-SECURE SSH Version 2.0.12 (from BigIP v3.3)
> doesn't work for protocol 2 (but is fine for protocol 1), any ideas what
> would cause this? Below are full debug outputs. In addition, the prior
> snapshot I had on the machine caused the following output in the sshd on
> the BigIP machine:
> 
> Dec  4 03:18:44 b1abv sshd[144]: connection from "10.30.12.11"
> Dec  4 03:18:44 b1abv sshd[15841]: DNS lookup failed for "10.30.12.11".
> Dec  4 03:18:45 b1abv sshd[15841]: got bad packet when verifying user
> 					root's publickey.
> Dec  4 03:18:45 b1abv sshd[15841]: Remote host disconnected: Connection
> 					closed.
> Dec  4 03:18:45 b1abv sshd[15841]: connection lost: 'Connection closed.'
> 
> sshd -v output:
> b1abv:~# /usr/contrib/sbin/sshd -v
> WARNING: Development-time debugging not compiled in.
> WARNING: To enable, configure with --enable-debug and recompile.
> WARNING: Development-time debugging not compiled in.
> WARNING: To enable, configure with --enable-debug and recompile.
> debug: Reading private host key from /etc/ssh2/hostkey
> debug: Key comment: 1024-bit dsa hostkey
> debug: Reading public host key from: /etc/ssh2/hostkey.pub
> debug: Becoming server.
> debug: Creating listener
> debug: Listener created
> sshd[18717]: Listener created on port 22.
> sshd[18717]: Daemon is running.
> debug: Running event loop
> sshd[18717]: connection from "10.30.12.11"
> debug: ssh_server_wrap: creating transport protocol
> debug: ssh_server_wrap: creating userauth protocol
> sshd[18717]: DNS lookup failed for "10.30.12.11".
> debug: new_connection_callback returning
> debug: Remote version: SSH-2.0-OpenSSH_2.3.0p2
> 
> debug: ssh_sigchld_real_callback
> debug: ssh_sigchld_process_pid: no handler for pid 18722 code 0
> debug: ssh_user_validate_secure_rpc_password: not yet implemented
> debug: ssh_user_validate_kerberos_password: not yet implemented
> debug: ssh_user_validate_secure_rpc_password: not yet implemented
> debug: ssh_user_validate_kerberos_password: not yet implemented
> debug: ssh_user_validate_secure_rpc_password: not yet implemented
> debug: ssh_user_validate_kerberos_password: not yet implemented
> sshd[18717]: Remote host disconnected: Authentication method
> disabled. (user 'prod', client address '10.30.12.11:648', requested
> service 'ssh-connection')
> sshd[18717]: User authentication failed: 'Authentication method
> disabled. (user 'prod', client address '10.30.12.11:648', requested
> service 'ssh-connection')'
> debug: Exiting event loop
> 
> ssh output:
> %ssh -v b1abv
> SSH Version OpenSSH_2.3.0p2, protocol versions 1.5/2.0.
> Compiled with SSL (0x0090581f).
> debug: Reading configuration data /usr/etc/ssh_config
> debug: Applying options for *
> debug: ssh_connect: getuid 0 geteuid 0 anon 0
> debug: Connecting to b1abv [216.200.130.7] port 22.
> debug: Allocated local port 648.
> debug: Connection established.
> debug: identity file /usr/dh/home/prod/.ssh/identity type 0
> debug: identity file /usr/dh/home/prod/.ssh/id_dsa type 3
> debug: Remote protocol version 1.99, remote software version 2.0.12
> F-SECURE SSH
> debug: match: 2.0.12 F-SECURE SSH pat ^2\.0\.
> 
> Enabling compatibility mode for protocol 2.0
> debug: Local version string SSH-2.0-OpenSSH_2.3.0p2
> debug: send KEXINIT
> debug: done
> debug: wait KEXINIT
> debug: got kexinit: diffie-hellman-group1-sha1
> debug: got kexinit: ssh-dss
> debug: got
> kexinit: 3des-cbc,cast128-cbc,blowfish-cbc,twofish-cbc,arcfour,none
> debug: got
> kexinit: 3des-cbc,cast128-cbc,blowfish-cbc,twofish-cbc,arcfour,none
> debug: got kexinit: hmac-md5,md5-8,none
> debug: got kexinit: hmac-md5,md5-8,none
> debug: got kexinit: none,zlib
> debug: got kexinit: none,zlib
> debug: got kexinit: 
> debug: got kexinit: 
> debug: first kex follow: 0 
> debug: reserved: 0 
> debug: done
> debug: kex: server->client 3des-cbc hmac-md5 none
> debug: kex: client->server 3des-cbc hmac-md5 none
> debug: Sending SSH2_MSG_KEXDH_INIT.
> debug: bits set: 507/1024
> debug: Wait SSH2_MSG_KEXDH_REPLY.
> debug: Got SSH2_MSG_KEXDH_REPLY.
> debug: Host 'b1abv' is known and matches the DSA host key.
> debug: bits set: 500/1024
> debug: len 40 datafellows 63
> debug: ssh_dss_verify: signature correct
> debug: Wait SSH2_MSG_NEWKEYS.
> debug: GOT SSH2_MSG_NEWKEYS.
> debug: send SSH2_MSG_NEWKEYS.
> debug: done: send SSH2_MSG_NEWKEYS.
> debug: done: KEX2.
> debug: send SSH2_MSG_SERVICE_REQUEST
> debug: buggy server: service_accept w/o service
> debug: got SSH2_MSG_SERVICE_ACCEPT
> debug: authentications that can continue: publickey,password
> debug: next auth method to try is publickey
> debug: try pubkey: /usr/dh/home/prod/.ssh/id_dsa
> debug: read SSH2 private key done: name dsa w/o comment success 1
> debug: sig size 20 20
> debug: datafellows
> debug: authentications that can continue: publickey,password
> debug: next auth method to try is publickey
> debug: next auth method to try is password
> prod at b1abv's password: 
> debug: authentications that can continue: publickey,password
> debug: next auth method to try is password
> Permission denied, please try again.
> prod at b1abv's password: 
> debug: authentications that can continue: publickey,password
> debug: next auth method to try is password
> Permission denied, please try again.
> prod at b1abv's password: 
> Received disconnect: 12: Authentication method disabled.
> debug: Calling cleanup 0x805b184(0x0)
> 								-Rob
> 
>

More information about the openssh-unix-dev mailing list