[Bug 356] New: 3.4p1 hostbased authentication between Linux and Solaris

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Jul 17 04:27:20 EST 2002


http://bugzilla.mindrot.org/show_bug.cgi?id=356

           Summary: 3.4p1 hostbased authentication between Linux and Solaris
           Product: Portable OpenSSH
           Version: -current
          Platform: ix86
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: ssh
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: mikep at onet.on.ca


Hostbased authentication is failing with a (Mandrake) Linux client and Solaris
server;
all works between the Solaris (2.6/7/8) hosts, and also for IRIX 6.2 (all built
from source code),
and Solaris client to Linux server works. It fails between Linux hosts, both
with the RPMs and
when built from source.

Failing session looks like it should work (remote server accepts .rhosts), but 
fails locally; debug shows:

OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to enfm [128.100.102.112] port 22.
debug1: Connection established.
debug1: identity file /home/enfm/mikep/.ssh/identity type -1
debug1: identity file /home/enfm/mikep/.ssh/id_rsa type -1
debug1: identity file /home/enfm/mikep/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 124/256
debug1: bits set: 1581/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/enfm/mikep/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug2: key_type_from_name: unknown key type '1024'
debug3: key_read: no key found
debug3: key_read: type mismatch
debug3: check_host_in_hostfile: match line 34
debug3: check_host_in_hostfile: filename /home/enfm/mikep/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug2: key_type_from_name: unknown key type '1024'
debug3: key_read: no key found
debug3: key_read: type mismatch
debug3: check_host_in_hostfile: match line 34
debug1: Host 'enfm' is known and matches the RSA host key.
debug1: Found key in /etc/ssh/ssh_known_hosts2:34
debug1: bits set: 1575/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interactive,hostbased
debug3: start over, passed a different list
publickey,password,keyboard-interactive,hostbased
debug3: preferred hostbased,publickey,keyboard-interactive,password
debug3: authmethod_lookup hostbased
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled hostbased
debug1: next auth method to try is hostbased
debug2: userauth_hostbased: chost enfm-pc8.utcc.utoronto.ca.
debug1: ssh_keysign called
debug3: msg_send: type 2
debug3: msg_recv entering
debug2: we sent a hostbased packet, wait for reply
debug1: Remote: Accepted by .rhosts.
debug1: Remote: Accepted host enfm-pc8.utcc.utoronto.ca ip 128.100.102.101
client_user mikep server_user mikep
debug1: authentications that can continue:
publickey,password,keyboard-interactive,hostbased
debug2: userauth_hostbased: chost enfm-pc8.utcc.utoronto.ca.
debug1: ssh_keysign called
debug3: msg_send: type 2
debug3: msg_recv entering
debug2: we sent a hostbased packet, wait for reply
debug1: Remote: Accepted by .rhosts.
debug1: Remote: Accepted host enfm-pc8.utcc.utoronto.ca ip 128.100.102.101
client_user mikep server_user mikep
debug1: authentications that can continue:
publickey,password,keyboard-interactive,hostbased
debug1: userauth_hostbased: no more client hostkeys



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the openssh-unix-dev mailing list