OpenSSH public key problem with Solaris 10 and LDAP users?

Alexander Skwar listen at alexander.skwar.name
Wed Aug 15 17:45:08 EST 2007 

Douglas E. Engert <deengert at anl.gov> wrote:

> Does the Solaris 10 sshd work or fail the same way?

It behaves differently. Without a key, I'm able to login to
the server (same behaviour as with OpenSSHd). But when I try
to login after I copied a key to the system, I'm still prompted
for a password. This does not happen with OpenSSHd! With
OpenSSH, I'm never prompted, as I'm using the ssh key agent.

Watch this:

,----[ ssh -Cv -l testing -p 65022 winds06, on the client ]
| debug1: matching key found: file /tmp/testing/.ssh/authorized_keys, line 1
| Found matching RSA key: 42:1b:5b:46:12:a2:78:4d:7c:fc:b8:5a:a5:49:b9:e1
| debug1: restore_uid: 0/0
| debug1: ssh_rsa_verify: signature correct
| debug2: Starting PAM service sshd-pubkey for method publickey
| debug3: Trying to reverse map address 10.0.3.115.
| debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
| Failed publickey for testing from 10.0.3.115 port 56651 ssh2
| debug1: userauth-request for user testing service ssh-connection method keyboard-interactive
| debug1: attempt 3 initial attempt 0 failures 3 initial failures 0
| debug2: input_userauth_request: try method keyboard-interactive
| debug1: keyboard-interactive devs 
| debug2: Starting PAM service sshd-kbdint for method keyboard-interactive
| debug2: Calling pam_authenticate()
| debug2: PAM echo off prompt: Password: 
| debug2: Nesting dispatch_run loop
`----

So it found a matching key in ~/.ssh, but for some reason that 
was not good enough, or something like that.

Complete sessions, also including one of a working user:

,----[ ssh -Cv -l testing -p 65022 winds06, on the client ]
| OpenSSH_4.6p1-hpn12v17, OpenSSL 0.9.8e 23 Feb 2007
| debug1: Reading configuration data /home/askwar/.ssh/config
| debug1: Reading configuration data /etc/ssh/ssh_config
| debug1: Connecting to winds06 [10.0.1.26] port 65022.
| debug1: Connection established.
| debug1: identity file /home/askwar/.ssh/identity type -1
| debug1: identity file /home/askwar/.ssh/id_rsa type 1
| debug1: identity file /home/askwar/.ssh/id_dsa type -1
| debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
| debug1: no match: Sun_SSH_1.1
| debug1: Enabling compatibility mode for protocol 2.0
| debug1: Local version string SSH-2.0-OpenSSH_4.6p1-hpn12v17
| debug1: SSH2_MSG_KEXINIT sent
| debug1: SSH2_MSG_KEXINIT received
| debug1: kex: server->client aes128-cbc hmac-md5 zlib
| debug1: kex: client->server aes128-cbc hmac-md5 zlib
| debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
| debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
| debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
| debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
| debug1: Host '[winds06]:65022' is known and matches the RSA host key.
| debug1: Found key in /home/askwar/.ssh/known_hosts:25
| debug1: ssh_rsa_verify: signature correct
| debug1: Enabling compression at level 6.
| debug1: SSH2_MSG_NEWKEYS sent
| debug1: expecting SSH2_MSG_NEWKEYS
| debug1: SSH2_MSG_NEWKEYS received
| debug1: SSH2_MSG_SERVICE_REQUEST sent
| debug1: SSH2_MSG_SERVICE_ACCEPT received
| debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
| debug1: Next authentication method: publickey
| debug1: Offering public key: /home/askwar/.ssh/id_rsa
| debug1: Server accepts key: pkalg ssh-rsa blen 277
| debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
| debug1: Trying private key: /home/askwar/.ssh/identity
| debug1: Trying private key: /home/askwar/.ssh/id_dsa
| debug1: Next authentication method: keyboard-interactive
| Password: 
`----

And at the same time on the server side:

,----[ sudo /usr/lib/ssh/sshd -Dddd -f /etc/ssh/sshd_config, on the server ]
| debug1: sshd version Sun_SSH_1.1
| debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
| debug1: read PEM private key done: type RSA
| debug1: private host key: #0 type 1 RSA
| debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
| debug1: read PEM private key done: type DSA
| debug1: private host key: #1 type 2 DSA
| debug1: Bind to port 65022 on ::.
| Server listening on :: port 65022.
| debug1: Server will not fork when running in debugging mode.
| Connection from 10.0.3.115 port 56651
| debug1: Client protocol version 2.0; client software version OpenSSH_4.6p1-hpn12v17
| debug1: match: OpenSSH_4.6p1-hpn12v17 pat OpenSSH*
| debug1: Enabling compatibility mode for protocol 2.0
| debug1: Local version string SSH-2.0-Sun_SSH_1.1
| debug1: list_hostkey_types: ssh-rsa,ssh-dss
| debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
| debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
| debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
| debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
| debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
| debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
| debug2: kex_parse_kexinit: none,zlib
| debug2: kex_parse_kexinit: none,zlib
| debug2: kex_parse_kexinit: ar-EG,ar-SA,cs-CZ,de,de-DE,en-US,es,es-ES,fi-FI,fr,fr-BE,fr-FR,he-IL,hi-IN,hu-HU,it,it-IT,ja-JP,ko,ko-KR,pl,pl-PL,pt-BR,ru,ru-RU,sv,sv-SE,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,bg-BG,ca,ca-ES,cz,da,da-DK,de-AT,de-CH,el,el-GR,en-AU,en-CA,en-GB,en-IE,en-NZ,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et,et-EE,fi,fr-CA,fr-CH,he,hr-HR,hu,is-IS,ja,lt,lt-LT,lv,lv-LV,mk-MK,nl,nl-BE,nl-NL,no,no-NO,no-NY,nr,pt,pt-PT,ro-RO,sh-BA,sk-SK,sl-SI,sq-AL,sr-SP,sr-YU,th,tr,i-default
| debug2: kex_parse_kexinit: ar-EG,ar-SA,cs-CZ,de,de-DE,en-US,es,es-ES,fi-FI,fr,fr-BE,fr-FR,he-IL,hi-IN,hu-HU,it,it-IT,ja-JP,ko,ko-KR,pl,pl-PL,pt-BR,ru,ru-RU,sv,sv-SE,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,bg-BG,ca,ca-ES,cz,da,da-DK,de-AT,de-CH,el,el-GR,en-AU,en-CA,en-GB,en-IE,en-NZ,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et,et-EE,fi,fr-CA,fr-CH,he,hr-HR,hu,is-IS,ja,lt,lt-LT,lv,lv-LV,mk-MK,nl,nl-BE,nl-NL,no,no-NO,no-NY,nr,pt,pt-PT,ro-RO,sh-BA,sk-SK,sl-SI,sq-AL,sr-SP,sr-YU,th,tr,i-default
| debug2: kex_parse_kexinit: first_kex_follows 0 
| debug2: kex_parse_kexinit: reserved 0 
| debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
| Unknown code 0
| )
| debug1: SSH2_MSG_KEXINIT sent
| debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
| debug1: SSH2_MSG_KEXINIT received
| debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
| debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
| debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
| debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
| debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
| debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
| debug2: kex_parse_kexinit: none,zlib
| debug2: kex_parse_kexinit: none,zlib
| debug2: kex_parse_kexinit: ar-EG,ar-SA,cs-CZ,de,de-DE,en-US,es,es-ES,fi-FI,fr,fr-BE,fr-FR,he-IL,hi-IN,hu-HU,it,it-IT,ja-JP,ko,ko-KR,pl,pl-PL,pt-BR,ru,ru-RU,sv,sv-SE,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,bg-BG,ca,ca-ES,cz,da,da-DK,de-AT,de-CH,el,el-GR,en-AU,en-CA,en-GB,en-IE,en-NZ,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et,et-EE,fi,fr-CA,fr-CH,he,hr-HR,hu,is-IS,ja,lt,lt-LT,lv,lv-LV,mk-MK,nl,nl-BE,nl-NL,no,no-NO,no-NY,nr,pt,pt-PT,ro-RO,sh-BA,sk-SK,sl-SI,sq-AL,sr-SP,sr-YU,th,tr,i-default
| debug2: kex_parse_kexinit: ar-EG,ar-SA,cs-CZ,de,de-DE,en-US,es,es-ES,fi-FI,fr,fr-BE,fr-FR,he-IL,hi-IN,hu-HU,it,it-IT,ja-JP,ko,ko-KR,pl,pl-PL,pt-BR,ru,ru-RU,sv,sv-SE,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,bg-BG,ca,ca-ES,cz,da,da-DK,de-AT,de-CH,el,el-GR,en-AU,en-CA,en-GB,en-IE,en-NZ,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et,et-EE,fi,fr-CA,fr-CH,he,hr-HR,hu,is-IS,ja,lt,lt-LT,lv,lv-LV,mk-MK,nl,nl-BE,nl-NL,no,no-NO,no-NY,nr,pt,pt-PT,ro-RO,sh-BA,sk-SK,sl-SI,sq-AL,sr-SP,sr-YU,th,tr,i-default
| debug2: kex_parse_kexinit: first_kex_follows 0 
| debug2: kex_parse_kexinit: reserved 0 
| debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
| debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
| debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
| debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
| debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
| debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
| debug2: kex_parse_kexinit: zlib at openssh.com,zlib,none
| debug2: kex_parse_kexinit: zlib at openssh.com,zlib,none
| debug2: kex_parse_kexinit: 
| debug2: kex_parse_kexinit: 
| debug2: kex_parse_kexinit: first_kex_follows 0 
| debug2: kex_parse_kexinit: reserved 0 
| debug2: mac_init: found hmac-md5
| debug1: kex: client->server aes128-cbc hmac-md5 zlib
| debug2: mac_init: found hmac-md5
| debug1: kex: server->client aes128-cbc hmac-md5 zlib
| debug1: Peer sent proposed langtags, ctos: 
| debug1: Peer sent proposed langtags, stoc: 
| debug1: We proposed langtags, ctos: ar-EG,ar-SA,cs-CZ,de,de-DE,en-US,es,es-ES,fi-FI,fr,fr-BE,fr-FR,he-IL,hi-IN,hu-HU,it,it-IT,ja-JP,ko,ko-KR,pl,pl-PL,pt-BR,ru,ru-RU,sv,sv-SE,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,bg-BG,ca,ca-ES,cz,da,da-DK,de-AT,de-CH,el,el-GR,en-AU,en-CA,en-GB,en-IE,en-NZ,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et,et-EE,fi,fr-CA,fr-CH,he,hr-HR,hu,is-IS,ja,lt,lt-LT,lv,lv-LV,mk-MK,nl,nl-BE,nl-NL,no,no-NO,no-NY,nr,pt,pt-PT,ro-RO,sh-BA,sk-SK,sl-SI,sq-AL,sr-SP,sr-YU,th,tr,i-default
| debug1: We proposed langtags, stoc: ar-EG,ar-SA,cs-CZ,de,de-DE,en-US,es,es-ES,fi-FI,fr,fr-BE,fr-FR,he-IL,hi-IN,hu-HU,it,it-IT,ja-JP,ko,ko-KR,pl,pl-PL,pt-BR,ru,ru-RU,sv,sv-SE,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,bg-BG,ca,ca-ES,cz,da,da-DK,de-AT,de-CH,el,el-GR,en-AU,en-CA,en-GB,en-IE,en-NZ,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et,et-EE,fi,fr-CA,fr-CH,he,hr-HR,hu,is-IS,ja,lt,lt-LT,lv,lv-LV,mk-MK,nl,nl-BE,nl-NL,no,no-NO,no-NY,nr,pt,pt-PT,ro-RO,sh-BA,sk-SK,sl-SI,sq-AL,sr-SP,sr-YU,th,tr,i-default
| debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
| debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
| debug1: dh_gen_key: priv key bits set: 132/256
| debug1: bits set: 516/1024
| debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
| debug1: bits set: 498/1024
| debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
| debug2: kex_derive_keys
| debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
| debug1: newkeys: mode 1
| debug1: Enabling compression at level 6.
| debug1: SSH2_MSG_NEWKEYS sent
| debug1: expecting SSH2_MSG_NEWKEYS
| debug1: newkeys: mode 0
| debug1: SSH2_MSG_NEWKEYS received
| debug1: KEX done
| debug1: userauth-request for user testing service ssh-connection method none
| debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
| debug2: input_userauth_request: setting up authctxt for testing
| debug2: input_userauth_request: try method none
| Failed none for testing from 10.0.3.115 port 56651 ssh2
| debug1: userauth-request for user testing service ssh-connection method publickey
| debug1: attempt 1 initial attempt 0 failures 1 initial failures 0
| debug2: input_userauth_request: try method publickey
| debug1: test whether pkalg/pkblob are acceptable
| debug1: temporarily_use_uid: 54321/10 (e=0/0)
| debug1: trying public key file /tmp/testing/.ssh/authorized_keys
| debug3: secure_filename: checking '/tmp/testing/.ssh'
| debug3: secure_filename: checking '/tmp/testing'
| debug3: secure_filename: terminating check at '/tmp/testing'
| debug1: matching key found: file /tmp/testing/.ssh/authorized_keys, line 1
| Found matching RSA key: 42:1b:5b:46:12:a2:78:4d:7c:fc:b8:5a:a5:49:b9:e1
| debug1: restore_uid: 0/0
| debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
| debug1: userauth-request for user testing service ssh-connection method publickey
| debug1: attempt 2 initial attempt 0 failures 1 initial failures 0
| debug2: input_userauth_request: try method publickey
| debug1: temporarily_use_uid: 54321/10 (e=0/0)
| debug1: trying public key file /tmp/testing/.ssh/authorized_keys
| debug3: secure_filename: checking '/tmp/testing/.ssh'
| debug3: secure_filename: checking '/tmp/testing'
| debug3: secure_filename: terminating check at '/tmp/testing'
| debug1: matching key found: file /tmp/testing/.ssh/authorized_keys, line 1
| Found matching RSA key: 42:1b:5b:46:12:a2:78:4d:7c:fc:b8:5a:a5:49:b9:e1
| debug1: restore_uid: 0/0
| debug1: ssh_rsa_verify: signature correct
| debug2: Starting PAM service sshd-pubkey for method publickey
| debug3: Trying to reverse map address 10.0.3.115.
| debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
| Failed publickey for testing from 10.0.3.115 port 56651 ssh2
| debug1: userauth-request for user testing service ssh-connection method keyboard-interactive
| debug1: attempt 3 initial attempt 0 failures 3 initial failures 0
| debug2: input_userauth_request: try method keyboard-interactive
| debug1: keyboard-interactive devs 
| debug2: Starting PAM service sshd-kbdint for method keyboard-interactive
| debug2: Calling pam_authenticate()
| debug2: PAM echo off prompt: Password: 
| debug2: Nesting dispatch_run loop
`----

Now the session for a working user:

,----[ ssh -Cv -l askwar -p 65022 winds06, working user ]
| OpenSSH_4.6p1-hpn12v17, OpenSSL 0.9.8e 23 Feb 2007
| debug1: Reading configuration data /home/askwar/.ssh/config
| debug1: Reading configuration data /etc/ssh/ssh_config
| debug1: Connecting to winds06 [10.0.1.26] port 65022.
| debug1: Connection established.
| debug1: identity file /home/askwar/.ssh/identity type -1
| debug1: identity file /home/askwar/.ssh/id_rsa type 1
| debug1: identity file /home/askwar/.ssh/id_dsa type -1
| debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
| debug1: no match: Sun_SSH_1.1
| debug1: Enabling compatibility mode for protocol 2.0
| debug1: Local version string SSH-2.0-OpenSSH_4.6p1-hpn12v17
| debug1: SSH2_MSG_KEXINIT sent
| debug1: SSH2_MSG_KEXINIT received
| debug1: kex: server->client aes128-cbc hmac-md5 zlib
| debug1: kex: client->server aes128-cbc hmac-md5 zlib
| debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
| debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
| debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
| debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
| debug1: Host '[winds06]:65022' is known and matches the RSA host key.
| debug1: Found key in /home/askwar/.ssh/known_hosts:25
| debug1: ssh_rsa_verify: signature correct
| debug1: Enabling compression at level 6.
| debug1: SSH2_MSG_NEWKEYS sent
| debug1: expecting SSH2_MSG_NEWKEYS
| debug1: SSH2_MSG_NEWKEYS received
| debug1: SSH2_MSG_SERVICE_REQUEST sent
| debug1: SSH2_MSG_SERVICE_ACCEPT received
| debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
| debug1: Next authentication method: publickey
| debug1: Offering public key: /home/askwar/.ssh/id_rsa
| debug1: Server accepts key: pkalg ssh-rsa blen 277
| debug1: Authentication succeeded (publickey).
| debug1: socksize 262142
| debug1: MIN of TCP RWIN and HPNBufferSize: 262142
| debug1: Final hpn_buffer_size = 262142
| debug1: channel 0: new [client-session]
| debug1: Entering interactive session.
| debug1: Requesting X11 forwarding with authentication spoofing.
| debug1: Requesting authentication agent forwarding.
| debug3: Recording SSHv2 channel login in utmpx/wtmpx
| Last login: Wed Aug 15 09:30:18 2007 from winnb000488.win
| debug3: child_set_env(USER, askwar)
| debug3: child_set_env(LOGNAME, askwar)
| debug3: child_set_env(HOME, /export/home/askwar)
| debug3: child_set_env(PATH, /usr/bin)
| debug3: child_set_env(MAIL, /var/mail//askwar)
| debug3: child_set_env(SHELL, /opt/csw/bin/bash)
| debug3: child_set_env(PATH, /opt/csw/bin:/usr/sbin:/usr/bin:/usr/dt/bin:/usr/openwin/bin:/usr/ccs/bin)
| debug3: child_set_env(SHELL, /opt/csw/bin/bash)
| debug3: child_set_env(TZ, Europe/Zurich)
| debug3: child_set_env(LANG, de_CH)
| debug3: child_set_env(SSH_CLIENT, 10.0.3.115 43561 65022)
| debug3: child_set_env(SSH_CONNECTION, 10.0.3.115 43561 10.0.1.26 65022)
| debug3: child_set_env(SSH_TTY, /dev/pts/15)
| debug3: child_set_env(TERM, xterm)
| debug3: child_set_env(DISPLAY, localhost:14.0)
| debug3: child_set_env(SSH_AUTH_SOCK, /tmp/ssh-GZH20790/agent.20790)
| Environment:
|   USER=askwar
|   LOGNAME=askwar
|   HOME=/export/home/askwar
|   PATH=/opt/csw/bin:/usr/sbin:/usr/bin:/usr/dt/bin:/usr/openwin/bin:/usr/ccs/bin
|   MAIL=/var/mail//askwar
|   SHELL=/opt/csw/bin/bash
|   TZ=Europe/Zurich
|   LANG=de_CH
|   SSH_CLIENT=10.0.3.115 43561 65022
|   SSH_CONNECTION=10.0.3.115 43561 10.0.1.26 65022
|   SSH_TTY=/dev/pts/15
|   TERM=xterm
|   DISPLAY=localhost:14.0
|   SSH_AUTH_SOCK=/tmp/ssh-GZH20790/agent.20790
| debug3: channel_close_fds: channel 0: r -1 w -1 e -1
| debug3: channel_close_fds: channel 1: r 12 w 12 e -1
| debug3: channel_close_fds: channel 2: r 13 w 13 e -1
| Running /usr/openwin/bin/xauth add unix:14.0 MIT-MAGIC-COOKIE-1 b89f5cdfc83208643d2b074edda2166f
| debug1: Received SIGCHLD.
| #----------------------------#
| #  RACE Developement Server  #
| #----------------------------#
| --(askwar at winds06)-(1/pts/15)-(09:39:41/2007-08-15)--
| --($:~)-- 
`----


,----[ sudo /usr/lib/ssh/sshd -Dddd -f /etc/ssh/sshd_config, working user ]
| debug1: sshd version Sun_SSH_1.1
| debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
| debug1: read PEM private key done: type RSA
| debug1: private host key: #0 type 1 RSA
| debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
| debug1: read PEM private key done: type DSA
| debug1: private host key: #1 type 2 DSA
| debug1: Bind to port 65022 on ::.
| Server listening on :: port 65022.
| debug1: Server will not fork when running in debugging mode.
| Connection from 10.0.3.115 port 43561
| debug1: Client protocol version 2.0; client software version OpenSSH_4.6p1-hpn12v17
| debug1: match: OpenSSH_4.6p1-hpn12v17 pat OpenSSH*
| debug1: Enabling compatibility mode for protocol 2.0
| debug1: Local version string SSH-2.0-Sun_SSH_1.1
| debug1: list_hostkey_types: ssh-rsa,ssh-dss
| debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
| debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
| debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
| debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
| debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
| debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
| debug2: kex_parse_kexinit: none,zlib
| debug2: kex_parse_kexinit: none,zlib
| debug2: kex_parse_kexinit: ar-EG,ar-SA,cs-CZ,de,de-DE,en-US,es,es-ES,fi-FI,fr,fr-BE,fr-FR,he-IL,hi-IN,hu-HU,it,it-IT,ja-JP,ko,ko-KR,pl,pl-PL,pt-BR,ru,ru-RU,sv,sv-SE,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,bg-BG,ca,ca-ES,cz,da,da-DK,de-AT,de-CH,el,el-GR,en-AU,en-CA,en-GB,en-IE,en-NZ,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et,et-EE,fi,fr-CA,fr-CH,he,hr-HR,hu,is-IS,ja,lt,lt-LT,lv,lv-LV,mk-MK,nl,nl-BE,nl-NL,no,no-NO,no-NY,nr,pt,pt-PT,ro-RO,sh-BA,sk-SK,sl-SI,sq-AL,sr-SP,sr-YU,th,tr,i-default
| debug2: kex_parse_kexinit: ar-EG,ar-SA,cs-CZ,de,de-DE,en-US,es,es-ES,fi-FI,fr,fr-BE,fr-FR,he-IL,hi-IN,hu-HU,it,it-IT,ja-JP,ko,ko-KR,pl,pl-PL,pt-BR,ru,ru-RU,sv,sv-SE,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,bg-BG,ca,ca-ES,cz,da,da-DK,de-AT,de-CH,el,el-GR,en-AU,en-CA,en-GB,en-IE,en-NZ,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et,et-EE,fi,fr-CA,fr-CH,he,hr-HR,hu,is-IS,ja,lt,lt-LT,lv,lv-LV,mk-MK,nl,nl-BE,nl-NL,no,no-NO,no-NY,nr,pt,pt-PT,ro-RO,sh-BA,sk-SK,sl-SI,sq-AL,sr-SP,sr-YU,th,tr,i-default
| debug2: kex_parse_kexinit: first_kex_follows 0 
| debug2: kex_parse_kexinit: reserved 0 
| debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
| Unknown code 0
| )
| debug1: SSH2_MSG_KEXINIT sent
| debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
| debug1: SSH2_MSG_KEXINIT received
| debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
| debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
| debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
| debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
| debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
| debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
| debug2: kex_parse_kexinit: none,zlib
| debug2: kex_parse_kexinit: none,zlib
| debug2: kex_parse_kexinit: ar-EG,ar-SA,cs-CZ,de,de-DE,en-US,es,es-ES,fi-FI,fr,fr-BE,fr-FR,he-IL,hi-IN,hu-HU,it,it-IT,ja-JP,ko,ko-KR,pl,pl-PL,pt-BR,ru,ru-RU,sv,sv-SE,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,bg-BG,ca,ca-ES,cz,da,da-DK,de-AT,de-CH,el,el-GR,en-AU,en-CA,en-GB,en-IE,en-NZ,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et,et-EE,fi,fr-CA,fr-CH,he,hr-HR,hu,is-IS,ja,lt,lt-LT,lv,lv-LV,mk-MK,nl,nl-BE,nl-NL,no,no-NO,no-NY,nr,pt,pt-PT,ro-RO,sh-BA,sk-SK,sl-SI,sq-AL,sr-SP,sr-YU,th,tr,i-default
| debug2: kex_parse_kexinit: ar-EG,ar-SA,cs-CZ,de,de-DE,en-US,es,es-ES,fi-FI,fr,fr-BE,fr-FR,he-IL,hi-IN,hu-HU,it,it-IT,ja-JP,ko,ko-KR,pl,pl-PL,pt-BR,ru,ru-RU,sv,sv-SE,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,bg-BG,ca,ca-ES,cz,da,da-DK,de-AT,de-CH,el,el-GR,en-AU,en-CA,en-GB,en-IE,en-NZ,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et,et-EE,fi,fr-CA,fr-CH,he,hr-HR,hu,is-IS,ja,lt,lt-LT,lv,lv-LV,mk-MK,nl,nl-BE,nl-NL,no,no-NO,no-NY,nr,pt,pt-PT,ro-RO,sh-BA,sk-SK,sl-SI,sq-AL,sr-SP,sr-YU,th,tr,i-default
| debug2: kex_parse_kexinit: first_kex_follows 0 
| debug2: kex_parse_kexinit: reserved 0 
| debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
| debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
| debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
| debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
| debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
| debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
| debug2: kex_parse_kexinit: zlib at openssh.com,zlib,none
| debug2: kex_parse_kexinit: zlib at openssh.com,zlib,none
| debug2: kex_parse_kexinit: 
| debug2: kex_parse_kexinit: 
| debug2: kex_parse_kexinit: first_kex_follows 0 
| debug2: kex_parse_kexinit: reserved 0 
| debug2: mac_init: found hmac-md5
| debug1: kex: client->server aes128-cbc hmac-md5 zlib
| debug2: mac_init: found hmac-md5
| debug1: kex: server->client aes128-cbc hmac-md5 zlib
| debug1: Peer sent proposed langtags, ctos: 
| debug1: Peer sent proposed langtags, stoc: 
| debug1: We proposed langtags, ctos: ar-EG,ar-SA,cs-CZ,de,de-DE,en-US,es,es-ES,fi-FI,fr,fr-BE,fr-FR,he-IL,hi-IN,hu-HU,it,it-IT,ja-JP,ko,ko-KR,pl,pl-PL,pt-BR,ru,ru-RU,sv,sv-SE,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,bg-BG,ca,ca-ES,cz,da,da-DK,de-AT,de-CH,el,el-GR,en-AU,en-CA,en-GB,en-IE,en-NZ,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et,et-EE,fi,fr-CA,fr-CH,he,hr-HR,hu,is-IS,ja,lt,lt-LT,lv,lv-LV,mk-MK,nl,nl-BE,nl-NL,no,no-NO,no-NY,nr,pt,pt-PT,ro-RO,sh-BA,sk-SK,sl-SI,sq-AL,sr-SP,sr-YU,th,tr,i-default
| debug1: We proposed langtags, stoc: ar-EG,ar-SA,cs-CZ,de,de-DE,en-US,es,es-ES,fi-FI,fr,fr-BE,fr-FR,he-IL,hi-IN,hu-HU,it,it-IT,ja-JP,ko,ko-KR,pl,pl-PL,pt-BR,ru,ru-RU,sv,sv-SE,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,bg-BG,ca,ca-ES,cz,da,da-DK,de-AT,de-CH,el,el-GR,en-AU,en-CA,en-GB,en-IE,en-NZ,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et,et-EE,fi,fr-CA,fr-CH,he,hr-HR,hu,is-IS,ja,lt,lt-LT,lv,lv-LV,mk-MK,nl,nl-BE,nl-NL,no,no-NO,no-NY,nr,pt,pt-PT,ro-RO,sh-BA,sk-SK,sl-SI,sq-AL,sr-SP,sr-YU,th,tr,i-default
| debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
| debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
| debug1: dh_gen_key: priv key bits set: 124/256
| debug1: bits set: 484/1024
| debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
| debug1: bits set: 526/1024
| debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
| debug2: kex_derive_keys
| debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
| debug1: newkeys: mode 1
| debug1: Enabling compression at level 6.
| debug1: SSH2_MSG_NEWKEYS sent
| debug1: expecting SSH2_MSG_NEWKEYS
| debug1: newkeys: mode 0
| debug1: SSH2_MSG_NEWKEYS received
| debug1: KEX done
| debug1: userauth-request for user askwar service ssh-connection method none
| debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
| debug2: input_userauth_request: setting up authctxt for askwar
| debug2: input_userauth_request: try method none
| Failed none for askwar from 10.0.3.115 port 43561 ssh2
| debug1: userauth-request for user askwar service ssh-connection method publickey
| debug1: attempt 1 initial attempt 0 failures 1 initial failures 0
| debug2: input_userauth_request: try method publickey
| debug1: test whether pkalg/pkblob are acceptable
| debug1: temporarily_use_uid: 10001/10 (e=0/0)
| debug1: trying public key file /export/home/askwar/.ssh/authorized_keys
| debug3: secure_filename: checking '/u04/home/askwar/.ssh'
| debug3: secure_filename: checking '/u04/home/askwar'
| debug3: secure_filename: terminating check at '/u04/home/askwar'
| debug1: matching key found: file /export/home/askwar/.ssh/authorized_keys, line 2
| Found matching RSA key: 42:1b:5b:46:12:a2:78:4d:7c:fc:b8:5a:a5:49:b9:e1
| debug1: restore_uid: 0/0
| debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
| debug1: userauth-request for user askwar service ssh-connection method publickey
| debug1: attempt 2 initial attempt 0 failures 1 initial failures 0
| debug2: input_userauth_request: try method publickey
| debug1: temporarily_use_uid: 10001/10 (e=0/0)
| debug1: trying public key file /export/home/askwar/.ssh/authorized_keys
| debug3: secure_filename: checking '/u04/home/askwar/.ssh'
| debug3: secure_filename: checking '/u04/home/askwar'
| debug3: secure_filename: terminating check at '/u04/home/askwar'
| debug1: matching key found: file /export/home/askwar/.ssh/authorized_keys, line 2
| Found matching RSA key: 42:1b:5b:46:12:a2:78:4d:7c:fc:b8:5a:a5:49:b9:e1
| debug1: restore_uid: 0/0
| debug1: ssh_rsa_verify: signature correct
| debug2: Starting PAM service sshd-pubkey for method publickey
| debug3: Trying to reverse map address 10.0.3.115.
| debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa
| Accepted publickey for askwar from 10.0.3.115 port 43561 ssh2
| debug2: Monitor pid 20763, unprivileged child pid 20790
| debug2: Monitor started
| monitor debug3: Recording SSHv2 session login in wtmpx
| monitor debug3: not writing utmpx entry
| monitor debug1: Entering monitor loop.
| monitor debug1: compress outgoing: raw data 385, compressed 384, factor 1,00
| monitor debug1: compress incoming: raw data 999, compressed 648, factor 0,65
| monitor debug1: fd 4 setting O_NONBLOCK
| monitor debug1: fd 12 setting O_NONBLOCK
| debug2: Waiting for monitor
| debug2: Monitor signalled readiness
| debug3: Setting handler to forward re-key packets to monitor
| debug2: Unprivileged server process dropping privileges
| debug1: permanently_set_uid: 10001/10
| debug1: Entering interactive session for SSH2.
| debug1: fd 9 setting O_NONBLOCK
| debug1: fd 11 setting O_NONBLOCK
| debug1: server_init_dispatch_20
| debug3: server_init_dispatch_20 -- should we dispatch_set(KEXINIT) here? 1 && !0
| debug3: server_init_dispatch_20 -- skipping dispatch_set(KEXINIT) in unpriv proc
| debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384
| debug1: input_session_request
| debug1: channel 0: new [server-session]
| debug1: session_new: init
| debug1: session_new: session 0
| debug1: session_open: channel 0
| debug1: session_open: session 0: link with channel 0
| debug1: server_input_channel_open: confirm session
| debug1: server_input_channel_req: channel 0 request x11-req reply 0
| debug1: session_by_channel: session 0 channel 0
| debug1: session_input_channel_req: session 0 req x11-req
| debug1: bind port 6010: Cannot assign requested address
| debug1: bind port 6010: Address already in use
| debug1: bind port 6011: Cannot assign requested address
| debug1: bind port 6011: Address already in use
| debug1: bind port 6012: Cannot assign requested address
| debug1: bind port 6012: Address already in use
| debug1: bind port 6013: Cannot assign requested address
| debug1: bind port 6013: Address already in use
| debug1: bind port 6014: Cannot assign requested address
| debug1: fd 12 setting O_NONBLOCK
| debug2: fd 12 is O_NONBLOCK
| debug1: channel 1: new [X11 inet listener]
| debug1: server_input_channel_req: channel 0 request auth-agent-req at openssh.com reply 0
| debug1: session_by_channel: session 0 channel 0
| debug1: session_input_channel_req: session 0 req auth-agent-req at openssh.com
| debug1: temporarily_use_uid: 10001/10 (e=10001/10)
| debug1: restore_uid: (unprivileged)
| debug1: fd 13 setting O_NONBLOCK
| debug2: fd 13 is O_NONBLOCK
| debug1: channel 2: new [auth socket]
| debug1: server_input_channel_req: channel 0 request pty-req reply 0
| debug1: session_by_channel: session 0 channel 0
| debug1: session_input_channel_req: session 0 req pty-req
| debug1: Allocating pty.
| debug1: session_pty_req: session 0 alloc /dev/pts/15
| debug3: tty_parse_modes: SSH2 n_bytes 256
| debug3: tty_parse_modes: ospeed 38400
| debug3: tty_parse_modes: ispeed 38400
| debug3: tty_parse_modes: 1 3
| debug3: tty_parse_modes: 2 28
| debug3: tty_parse_modes: 3 127
| debug3: tty_parse_modes: 4 21
| debug3: tty_parse_modes: 5 4
| debug3: tty_parse_modes: 6 255
| debug3: tty_parse_modes: 7 255
| debug3: tty_parse_modes: 8 17
| debug3: tty_parse_modes: 9 19
| debug3: tty_parse_modes: 10 26
| debug3: tty_parse_modes: 12 18
| debug3: tty_parse_modes: 13 23
| debug3: tty_parse_modes: 14 22
| debug3: tty_parse_modes: 18 15
| debug3: tty_parse_modes: 30 0
| debug3: tty_parse_modes: 31 0
| debug3: tty_parse_modes: 32 0
| debug3: tty_parse_modes: 33 0
| debug3: tty_parse_modes: 34 0
| debug3: tty_parse_modes: 35 0
| debug3: tty_parse_modes: 36 1
| debug3: tty_parse_modes: 37 0
| debug3: tty_parse_modes: 38 1
| debug3: tty_parse_modes: 39 1
| debug3: tty_parse_modes: 40 0
| debug3: tty_parse_modes: 41 1
| debug3: tty_parse_modes: 50 1
| debug3: tty_parse_modes: 51 1
| debug3: tty_parse_modes: 52 0
| debug3: tty_parse_modes: 53 1
| debug3: tty_parse_modes: 54 1
| debug3: tty_parse_modes: 55 1
| debug3: tty_parse_modes: 56 0
| debug3: tty_parse_modes: 57 0
| debug3: tty_parse_modes: 58 0
| debug3: tty_parse_modes: 59 1
| debug3: tty_parse_modes: 60 1
| debug3: tty_parse_modes: 61 1
| debug3: tty_parse_modes: 62 0
| debug3: tty_parse_modes: 70 1
| debug3: tty_parse_modes: 71 0
| debug3: tty_parse_modes: 72 1
| debug3: tty_parse_modes: 73 0
| debug3: tty_parse_modes: 74 0
| debug3: tty_parse_modes: 75 0
| debug3: tty_parse_modes: 90 1
| debug3: tty_parse_modes: 91 1
| debug3: tty_parse_modes: 92 0
| debug3: tty_parse_modes: 93 0
| debug1: server_input_channel_req: channel 0 request shell reply 0
| debug1: session_by_channel: session 0 channel 0
| debug1: session_input_channel_req: session 0 req shell
| monitor debug3: writing utmpx entry
| debug1: fd 4 setting TCP_NODELAY
| debug1: fd 15 setting O_NONBLOCK
| debug2: fd 14 is O_NONBLOCK
| debug3: channel_set_wait_for_exit 0, 1 (type: 4)
`----


Confused.

Alexander Skwar

More information about the openssh-unix-dev mailing list