OpenSSH vs ssh.com

Rob Hagopian rob at hagopian.net
Tue Dec 5 10:16:26 EST 2000


Excellent. Thx!
								-Rob

On Mon, 4 Dec 2000 mouring at etoh.eviladmin.org wrote:

> 
> Ask and ye shall recieve.  Yesterday (CST), I commited  Markus'
> patches to provide F-SECURE support for 2.0.12.  So they should be in the
> snapshots now.  
> 
> - Ben
> 
> 
> On Mon, 4 Dec 2000, Rob Hagopian wrote:
> 
> > openssh-snap-20001204 vs F-SECURE SSH Version 2.0.12 (from BigIP v3.3)
> > doesn't work for protocol 2 (but is fine for protocol 1), any ideas what
> > would cause this? Below are full debug outputs. In addition, the prior
> > snapshot I had on the machine caused the following output in the sshd on
> > the BigIP machine:
> > 
> > Dec  4 03:18:44 b1abv sshd[144]: connection from "10.30.12.11"
> > Dec  4 03:18:44 b1abv sshd[15841]: DNS lookup failed for "10.30.12.11".
> > Dec  4 03:18:45 b1abv sshd[15841]: got bad packet when verifying user
> > 					root's publickey.
> > Dec  4 03:18:45 b1abv sshd[15841]: Remote host disconnected: Connection
> > 					closed.
> > Dec  4 03:18:45 b1abv sshd[15841]: connection lost: 'Connection closed.'
> > 
> > sshd -v output:
> > b1abv:~# /usr/contrib/sbin/sshd -v
> > WARNING: Development-time debugging not compiled in.
> > WARNING: To enable, configure with --enable-debug and recompile.
> > WARNING: Development-time debugging not compiled in.
> > WARNING: To enable, configure with --enable-debug and recompile.
> > debug: Reading private host key from /etc/ssh2/hostkey
> > debug: Key comment: 1024-bit dsa hostkey
> > debug: Reading public host key from: /etc/ssh2/hostkey.pub
> > debug: Becoming server.
> > debug: Creating listener
> > debug: Listener created
> > sshd[18717]: Listener created on port 22.
> > sshd[18717]: Daemon is running.
> > debug: Running event loop
> > sshd[18717]: connection from "10.30.12.11"
> > debug: ssh_server_wrap: creating transport protocol
> > debug: ssh_server_wrap: creating userauth protocol
> > sshd[18717]: DNS lookup failed for "10.30.12.11".
> > debug: new_connection_callback returning
> > debug: Remote version: SSH-2.0-OpenSSH_2.3.0p2
> > 
> > debug: ssh_sigchld_real_callback
> > debug: ssh_sigchld_process_pid: no handler for pid 18722 code 0
> > debug: ssh_user_validate_secure_rpc_password: not yet implemented
> > debug: ssh_user_validate_kerberos_password: not yet implemented
> > debug: ssh_user_validate_secure_rpc_password: not yet implemented
> > debug: ssh_user_validate_kerberos_password: not yet implemented
> > debug: ssh_user_validate_secure_rpc_password: not yet implemented
> > debug: ssh_user_validate_kerberos_password: not yet implemented
> > sshd[18717]: Remote host disconnected: Authentication method
> > disabled. (user 'prod', client address '10.30.12.11:648', requested
> > service 'ssh-connection')
> > sshd[18717]: User authentication failed: 'Authentication method
> > disabled. (user 'prod', client address '10.30.12.11:648', requested
> > service 'ssh-connection')'
> > debug: Exiting event loop
> > 
> > ssh output:
> > %ssh -v b1abv
> > SSH Version OpenSSH_2.3.0p2, protocol versions 1.5/2.0.
> > Compiled with SSL (0x0090581f).
> > debug: Reading configuration data /usr/etc/ssh_config
> > debug: Applying options for *
> > debug: ssh_connect: getuid 0 geteuid 0 anon 0
> > debug: Connecting to b1abv [216.200.130.7] port 22.
> > debug: Allocated local port 648.
> > debug: Connection established.
> > debug: identity file /usr/dh/home/prod/.ssh/identity type 0
> > debug: identity file /usr/dh/home/prod/.ssh/id_dsa type 3
> > debug: Remote protocol version 1.99, remote software version 2.0.12
> > F-SECURE SSH
> > debug: match: 2.0.12 F-SECURE SSH pat ^2\.0\.
> > 
> > Enabling compatibility mode for protocol 2.0
> > debug: Local version string SSH-2.0-OpenSSH_2.3.0p2
> > debug: send KEXINIT
> > debug: done
> > debug: wait KEXINIT
> > debug: got kexinit: diffie-hellman-group1-sha1
> > debug: got kexinit: ssh-dss
> > debug: got
> > kexinit: 3des-cbc,cast128-cbc,blowfish-cbc,twofish-cbc,arcfour,none
> > debug: got
> > kexinit: 3des-cbc,cast128-cbc,blowfish-cbc,twofish-cbc,arcfour,none
> > debug: got kexinit: hmac-md5,md5-8,none
> > debug: got kexinit: hmac-md5,md5-8,none
> > debug: got kexinit: none,zlib
> > debug: got kexinit: none,zlib
> > debug: got kexinit: 
> > debug: got kexinit: 
> > debug: first kex follow: 0 
> > debug: reserved: 0 
> > debug: done
> > debug: kex: server->client 3des-cbc hmac-md5 none
> > debug: kex: client->server 3des-cbc hmac-md5 none
> > debug: Sending SSH2_MSG_KEXDH_INIT.
> > debug: bits set: 507/1024
> > debug: Wait SSH2_MSG_KEXDH_REPLY.
> > debug: Got SSH2_MSG_KEXDH_REPLY.
> > debug: Host 'b1abv' is known and matches the DSA host key.
> > debug: bits set: 500/1024
> > debug: len 40 datafellows 63
> > debug: ssh_dss_verify: signature correct
> > debug: Wait SSH2_MSG_NEWKEYS.
> > debug: GOT SSH2_MSG_NEWKEYS.
> > debug: send SSH2_MSG_NEWKEYS.
> > debug: done: send SSH2_MSG_NEWKEYS.
> > debug: done: KEX2.
> > debug: send SSH2_MSG_SERVICE_REQUEST
> > debug: buggy server: service_accept w/o service
> > debug: got SSH2_MSG_SERVICE_ACCEPT
> > debug: authentications that can continue: publickey,password
> > debug: next auth method to try is publickey
> > debug: try pubkey: /usr/dh/home/prod/.ssh/id_dsa
> > debug: read SSH2 private key done: name dsa w/o comment success 1
> > debug: sig size 20 20
> > debug: datafellows
> > debug: authentications that can continue: publickey,password
> > debug: next auth method to try is publickey
> > debug: next auth method to try is password
> > prod at b1abv's password: 
> > debug: authentications that can continue: publickey,password
> > debug: next auth method to try is password
> > Permission denied, please try again.
> > prod at b1abv's password: 
> > debug: authentications that can continue: publickey,password
> > debug: next auth method to try is password
> > Permission denied, please try again.
> > prod at b1abv's password: 
> > Received disconnect: 12: Authentication method disabled.
> > debug: Calling cleanup 0x805b184(0x0)
> > 								-Rob
> > 
> > 
> 






More information about the openssh-unix-dev mailing list