ssh -vvv

Lumpkin, Buddy Buddy.Lumpkin at nordstrom.com
Tue Apr 15 03:29:31 EST 2003


ok, I will thanks.

--Buddy

-----Original Message-----
From: Michael Haverkamp [mailto:mhaverka at kcp.com]
Sent: Monday, April 14, 2003 6:00 AM
To: Lumpkin, Buddy
Cc: openssh-unix-dev at mindrot.org
Subject: Re: ssh -vvv


Try changing *LK* to something else, e.g. NP.  I recall that Sun change
pam_unix behavior in a patch to treat *LK* specially so that it would
prevent public key authentication.

Lumpkin, Buddy wrote:
> Hello All,
> 
> I just had an interesting experience tracking down a bug on Solaris 8, and ssh -vvv was of no help which is part of the reason why I write this email.
> 
> When DSA public/private keys fail to authenticate me without a password, it just falls thru to the next authentication type and I can't see a way to see why it happened.
> 
> The extra debug levels don't tell me "Hey you idiot, the permissions are wrong on the home directory", or "sorry dummy, but the PAM library (or whatever API it relies on) said I can't authenticate you and I don't know why
> 
> Is there a way to try and get this kind of information?
> 
> Usually I can track down problems, but in this case, we had a userid that we intentionally set to no passwd "*LK*" in Solaris. We had keys setup so that ssh could be used to run rsync with no pass phrase and after adding a patch cluster to Solaris it broke.
> 
> It turned out that setting a password fixes the problem, but it would have been nice if debug output told me that.
> 
> Is there a debug option to sshd that might have found this?
> 
> Thanks in advance for any tips on debugging future ssh authentication problems,
> 
> --Buddy
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> 

-- 
Michael Haverkamp




More information about the openssh-unix-dev mailing list