Password auth problem with openssh 3.4 and Linux 2.2.20
Ben Lindstrom
mouring at etoh.eviladmin.org
Mon Jul 1 09:33:05 EST 2002
It works under Mandrake and Rehdat 7.x series. The only thing that is
currently broken is password changing. So if the password expires it will
not allow them to login.
I have not clue what the PLD people are talk about. I do know that they
do some pretty incorrect things in their patches. Much like their patch
to allow 2.2. kernels to use compression (openssh-pseudo-mmap.patch).
Which is incorrect.
- Ben
On Sun, 30 Jun 2002, Randy Tidd wrote:
> After upgrading to openssh-3.4p1, password authentication is no longer
> working on my system. I'm running Linux RedHat 6.2 with:
>
> kernel 2.2.20
> openssh-3.4p1
> openssl-0.9.6
> pam-0.72-6
> pwdb-0.61-0
>
> I've tried it with and without compression, with and without priv sep, and I
> always get errors like this:
>
> Jun 30 19:07:48 sugarfreejazz sshd[1344]: Failed password for randy from
> 10.10.10.2 port 4320 ssh2
>
> It worked with openssh-2.9p2. I upgraded because of the CERT advisory.
> I've double, triple, and quadruple checked my userid, password, SSH client
> (SecureCRT on Windows 2000), etc. and everything seems to be in order.
>
> I did see this comment in the ChangeLog:
>
> http://www.rpmfind.net//linux/RPM/PLD/dists/nest/test/i386/openssh-3.4p1-2.i
> 386.html
>
> "Revision 1.125 2002/06/26 15:42:57 misiek
> - 3.4 (pam still not working)"
>
> Is there a known problem with openssh 3.4 and PAM?
>
> Also I tried compiling openssh without PAM by passing in the "--without-pam"
> flag to configure but that did not seem to do anything -- "strings
> /usr/local/sbin/sshd | grep pam" still reveals that it is compiled in. Is
> there a way to disable or compile without PAM?
>
> Below is the output from sshd -d -d -d. Thanks in advance for any
> tips/info/advice.
>
> Randy Tidd
> rtidd at speakeasy.net
>
>
>
> debug1: sshd version OpenSSH_3.4p1
> debug1: private host key: #0 type 0 RSA1
> debug3: Not a RSA1 key file /usr/local/etc/ssh_host_rsa_key.
> debug1: read PEM private key done: type RSA
> debug1: private host key: #1 type 1 RSA
> debug3: Not a RSA1 key file /usr/local/etc/ssh_host_dsa_key.
> debug1: read PEM private key done: type DSA
> debug1: private host key: #2 type 2 DSA
> debug1: Bind to port 22 on 0.0.0.0.
> Server listening on 0.0.0.0 port 22.
> debug1: Server will not fork when running in debugging mode.
> Connection from 10.10.10.2 port 4351
> debug1: Client protocol version 2.0; client software version 3.4 SecureCRT
> debug1: no match: 3.4 SecureCRT
> Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.4p1
> debug1: list_hostkey_types: ssh-rsa,ssh-dss
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
> ijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r
> ijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hm
> ac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hm
> ac-md5-96
> debug2: kex_parse_kexinit: none
> debug2: kex_parse_kexinit: none
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-dss,ssh-rsa
> debug2: kex_parse_kexinit:
> aes128-cbc,aes192-cbc,aes256-cbc,twofish-cbc,blowfish-cbc,3des-cbc,arcfour
> debug2: kex_parse_kexinit:
> aes128-cbc,aes192-cbc,aes256-cbc,twofish-cbc,blowfish-cbc,3des-cbc,arcfour
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none
> debug2: kex_parse_kexinit: none
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
> debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
> debug1: dh_gen_key: priv key bits set: 126/256
> debug1: bits set: 512/1026
> debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
> debug1: bits set: 515/1026
> debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
> debug1: kex_derive_keys
> debug1: newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: waiting for SSH2_MSG_NEWKEYS
> debug1: newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: KEX done
> debug1: userauth-request for user randy service ssh-connection method none
> debug1: attempt 0 failures 0
> debug3: allowed_user: today 11868 sp_expire -1 sp_lstchg 11868 sp_max 99999
> debug3: Trying to reverse map address 10.10.10.2.
> debug2: input_userauth_request: setting up authctxt for randy
> debug2: input_userauth_request: try method none
> Failed none for randy from 10.10.10.2 port 4351 ssh2
> debug1: userauth-request for user randy service ssh-connection method
> password
> debug1: attempt 1 failures 1
> debug2: input_userauth_request: try method password
> Failed password for randy from 10.10.10.2 port 4351 ssh2
> debug1: userauth-request for user randy service ssh-connection method
> password
> debug1: attempt 2 failures 2
> debug2: input_userauth_request: try method password
> Failed password for randy from 10.10.10.2 port 4351 ssh2
> Received disconnect from 10.10.10.2: 13: The user canceled authentication.
>
> debug1: Calling cleanup 0x80683fc(0x0)
>
>
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list