only root without password

Fede Rico fede_home at yahoo.it
Mon Dec 22 04:55:00 EST 2008


Hi,
this is all the output thant I have.
sorry for this long email....

SERVER
[root at xxx ~]# /usr/sbin/sshd -D -ddd -p 3333
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 321
debug2: parse_server_config: config /etc/ssh/sshd_config len 321
debug1: sshd version OpenSSH_3.9p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-D'
debug1: rexec_argv[2]='-ddd'
debug1: rexec_argv[3]='-p'
debug1: rexec_argv[4]='3333'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 3333 on ::.
Server listening on :: port 3333.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 3333 on 0.0.0.0.
Bind to port 3333 on 0.0.0.0 failed: Address already in use.
Generating 768 bit RSA key.
RSA key generation complete.
debug3: fd 4 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 7 config len 321
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7

CLIENT
[oracle at xxx log]$ ssh -vvv -p 3333 xxx
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to xxx [xxx.xxx.xxx.xxx] port 3333.
debug1: Connection established.
debug1: identity file /u1/oracle/.ssh/identity type 0
debug3: Not a RSA1 key file /u1/oracle/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /u1/oracle/.ssh/id_rsa type 1
debug3: Not a RSA1 key file /u1/oracle/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /u1/oracle/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 119/256
debug2: bits set: 513/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /u1/oracle/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 5
debug3: check_host_in_hostfile: filename /u1/oracle/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 5
debug1: Host 'xxx' is known and matches the RSA host key.
debug1: Found key in /u1/oracle/.ssh/known_hosts:5
debug2: bits set: 501/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /u1/oracle/.ssh/id_rsa (0x8a0d658)
debug2: key: /u1/oracle/.ssh/id_dsa (0x8a0d670)
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-with-mic,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /u1/oracle/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Offering public key: /u1/oracle/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
oracle at xxx's password:





--- Sab 20/12/08, Ben Lindstrom <mouring at eviladmin.org> ha scritto:

> Da: Ben Lindstrom <mouring at eviladmin.org>
> Oggetto: Re: only root without password
> A: fede_home at yahoo.it
> Cc: openssh-unix-dev at mindrot.org
> Data: Sabato 20 dicembre 2008, 01:28
> You need to actually show us the connection.  Not that you
> started  
> sshd.  Plus you may need to run it on an alternate port
> (assuming you  
> are not going to down the original deamon).  e.g.  sshd
> -ddd -p 35    
> then on the client side to ssh -p 35 machine.
> 
> - Ben
> 
> On Dec 19, 2008, at 2:24 PM, Fede Rico wrote:
> 
> > The sshd -ddd output
> >
> > debug2: load_server_config: filename
> /etc/ssh/sshd_config
> > debug2: load_server_config: done config len = 321
> > debug2: parse_server_config: config
> /etc/ssh/sshd_config len 321
> > debug1: sshd version OpenSSH_3.9p1
> > debug1: private host key: #0 type 0 RSA1
> > debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
> > debug1: read PEM private key done: type RSA
> > debug1: private host key: #1 type 1 RSA
> > debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
> > debug1: read PEM private key done: type DSA
> > debug1: private host key: #2 type 2 DSA
> > debug1: rexec_argv[0]='/usr/sbin/sshd'
> > debug1: rexec_argv[1]='-D'
> > debug1: rexec_argv[2]='-ddd'
> > debug1: rexec_argv[3]='-p'
> > debug1: rexec_argv[4]='3333'
> > debug2: fd 3 setting O_NONBLOCK
> > debug1: Bind to port 3333 on ::.
> > Server listening on :: port 3333.
> > debug2: fd 4 setting O_NONBLOCK
> > debug1: Bind to port 3333 on 0.0.0.0.
> > Bind to port 3333 on 0.0.0.0 failed: Address already
> in use.
> > Generating 768 bit RSA key.
> > RSA key generation complete.
> > debug3: fd 4 is not O_NONBLOCK
> > debug1: Server will not fork when running in debugging
> mode.
> > debug3: send_rexec_state: entering fd = 7 config len
> 321
> > debug3: ssh_msg_send: type 0
> > debug3: send_rexec_state: done
> > debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock
> 7
> >
> >
> >
> > --- Ven 19/12/08, Bob Proulx <bob at proulx.com> ha
> scritto:
> >
> >> Da: Bob Proulx <bob at proulx.com>
> >> Oggetto: Re: only root without password
> >> A: "Fede Rico"
> <fede_home at yahoo.it>
> >> Cc: openssh-unix-dev at mindrot.org
> >> Data: Venerdì 19 dicembre 2008, 18:18
> >> Fede Rico wrote:
> >>> this is the .ssh permission:
> >>>
> >>> .ssh
> >>> 4,0K drwx------ 2 oracle oinstall 4,0K
> 2008-12-04
> >> 22:44 .ssh
> >>>
> >>> .ssh/
> >>> 4,0K -rw-r--r-- 1 oracle oinstall  859
> 2008-12-04
> >> 22:44 authorized_keys
> >>> 4,0K -rw------- 1 oracle oinstall 1,7K
> 2008-12-04
> >> 22:39 id_rsa
> >>> 4,0K -rw-r--r-- 1 oracle oinstall  403
> 2008-12-04
> >> 22:39 id_rsa.pub
> >>> 4,0K -rw-r--r-- 1 oracle oinstall 1,5K
> 2008-12-17
> >> 19:07 known_hosts
> >>
> >> You did not show the permissions on the home
> directory.
> >> Those are
> >> also considered and are often the source of
> problems.
> >>
> >>  chmod go-w $HOME
> >>
> >>> The ssh works without the password for the
> >> "root" user, any other user
> >>> cannot use the key and ssh ask me for the
> password !!
> >>
> >> It is possible that root has an ssh-agent and the
> ssh-agent
> >> has an
> >> authorized key loaded but the non-root user does
> not?  That
> >> could give
> >> the appearance of what you describe.
> >>
> >>  ssh-add -l
> >>  ssh-add -L
> >>
> >> Bob
> >
> >
> >
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev at mindrot.org
> >
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


      


More information about the openssh-unix-dev mailing list