Public Key Authentication

Mauricio Tavares raubvogel at gmail.com
Wed Nov 28 04:35:16 EST 2012


On Tue, Nov 27, 2012 at 12:04 PM, Goran Sustek <gsustek at gmail.com> wrote:
> Hi, i setup X509 certificate patch with openssh 6.1p1.
>
> ssh user1 at HOST -i user2.pem
>
> So , both users are root, admins of this OS.
>
> If i do not know user1 password i can not login with ssh to server. i
> can su to server but this will be in logs.
>
> public key authentification like this bellow have some identificatio
> issue.  If i copy my authorized key(user2) to user1 authorized key and
> try login with ssh like this ssh user1 at HOST -i user2.pem  i will login
> like him..and this is BAD.
>
      How is that bad? What you did was set the same authentication
for both accounts, hence the file is called "authorized_keys". The
same outcome would happen if you set both accounts with the same
password and authenticate using it.

> I wan't to configure my ssh server just for certificate
> authentification, and that way that i can't impersionate some other
> user.
>
      How about if you had different public/private key pairs for the
different accounts?

> Here is log.
>
>
>
>
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[10289316]: debug1:
> fd 4 clearing O_NONBLOCK
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
> rexec start in 4 out 4 newsock 4 pipe 6 sock 7
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[10289316]: debug1:
> Forked child 11534544.
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[10289316]: debug3:
> send_rexec_state: entering fd = 7 config len 387
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[10289316]: debug3:
> ssh_msg_send: type 0
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[10289316]: debug3:
> send_rexec_state: done
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
> inetd sockets after dupping: 5, 5
> Nov 27 17:46:45 intrat10 auth|security:info sshd[11534544]: Connection
> from XX.XX.XX.XX port 58271
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
> Client protocol version 2.0; client software version OpenSSH_6.1 PKIX
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
> match: OpenSSH_6.1 PKIX pat OpenSSH*
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
> Enabling compatibility mode for protocol 2.0
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
> Local version string SSH-2.0-OpenSSH_6.1 PKIX
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> fd 5 setting O_NONBLOCK
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_sandbox_init: preparing rlimit sandbox
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> Network child is on pid 13041860
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
> preauth child monitor started
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
> privsep user:group 202:201 [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
> permanently_set_uid: 202/201 [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
> list_hostkey_types: ssh-rsa,ssh-dss [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
> SSH2_MSG_KEXINIT sent [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
> SSH2_MSG_KEXINIT received [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> kex_parse_kexinit:
> diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> kex_parse_kexinit: ssh-rsa,ssh-dss [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> kex_parse_kexinit:
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
> [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> kex_parse_kexinit:
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
> [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> kex_parse_kexinit:
> hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> kex_parse_kexinit:
> hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> kex_parse_kexinit: none,zlib at openssh.com [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> kex_parse_kexinit: none,zlib at openssh.com [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> kex_parse_kexinit:  [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> kex_parse_kexinit:  [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> kex_parse_kexinit: first_kex_follows 0  [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> kex_parse_kexinit: reserved 0  [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> kex_parse_kexinit:
> diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> kex_parse_kexinit:
> x509v3-sign-rsa,ssh-rsa-cert-v01 at openssh.com,ssh-rsa-cert-v00 at openssh.com,ssh-rsa,x509v3-sign-dss,ssh-dss-cert-v01 at openssh.com,ssh-dss-cert-v00 at openssh.com,ssh-dss
> [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> kex_parse_kexinit:
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
> [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> mac_setup: found hmac-md5 [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
> kex: server->client aes128-ctr hmac-md5 none [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
> SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_send entering: type 0 [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_choose_dh: waiting for MONITOR_ANS_MODULI [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_receive_expect entering: type 1 [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_receive entering [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_receive entering
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
> monitor_read: checking request 0
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_answer_moduli: got parameters: 1024 1024 8192
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_send entering: type 1
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> monitor_read: 0 used once, disabling now
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_choose_dh: remaining 0 [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
> SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> dh_gen_key: priv key bits set: 125/256 [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> bits set: 511/1024 [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
> expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> bits set: 498/1024 [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_key_sign entering [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_send entering: type 4 [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_receive_expect entering: type 5 [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_receive entering [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_receive entering
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
> monitor_read: checking request 4
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_answer_sign
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_answer_sign: signature 20045ef8(271)
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_send entering: type 5
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> monitor_read: 4 used once, disabling now
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
> SSH2_MSG_KEX_DH_GEX_REPLY sent [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> kex_derive_keys [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> set_newkeys: mode 1 [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
> SSH2_MSG_NEWKEYS sent [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
> expecting SSH2_MSG_NEWKEYS [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug2:
> set_newkeys: mode 0 [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
> SSH2_MSG_NEWKEYS received [preauth]
> Nov 27 17:46:45 intrat10 auth|security:debug sshd[11534544]: debug1:
> KEX done [preauth]
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug1:
> userauth-request for user user1 service ssh-connection method none
> [preauth]
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug1:
> attempt 0 failures 0 [preauth]
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_getpwnamallow entering [preauth]
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_send entering: type 6 [preauth]
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_receive_expect entering: type 7 [preauth]
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_receive entering [preauth]
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_receive entering
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
> monitor_read: checking request 6
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_answer_pwnamallow
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
> Trying to reverse map address 10.144.33.20.
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug2:
> parse_server_config: config reprocess config len 387
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
> AIX/setauthdb set registry 'LDAP'
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
> aix_restoreauthdb: restoring old registry ''
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
> AIX/loginrestrictions returned 0 msg (none)
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_send entering: type 7
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug2:
> monitor_read: 6 used once, disabling now
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug2:
> input_userauth_request: setting up authctxt for user1 [preauth]
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_inform_authserv entering [preauth]
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_send entering: type 3 [preauth]
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug2:
> input_userauth_request: try method none [preauth]
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_receive entering
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
> monitor_read: checking request 3
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_answer_authserv: service=ssh-connection, style=
> Nov 27 17:46:46 intrat10 auth|security:debug sshd[11534544]: debug2:
> monitor_read: 3 used once, disabling now
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug1:
> userauth-request for user user1 service ssh-connection method
> publickey [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug1:
> attempt 1 failures 0 [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug2:
> input_userauth_request: try method publickey [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> key_from_blob(..., 1268) [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> x509key_from_blob: We have 1268 bytes available in BIO [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> x509_to_key: X509_get_pubkey done! [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_key_allowed entering [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_send entering: type 20 [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_receive_expect entering: type 21 [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_receive entering [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_receive entering
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> monitor_read: checking request 20
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_answer_keyallowed entering
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> key_from_blob(..., 1268)
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> x509key_from_blob: We have 1268 bytes available in BIO
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> x509_to_key: X509_get_pubkey done!
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_answer_keyallowed: key_from_blob: 2008b2d8
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug1:
> temporarily_use_uid: 417/230 (e=0/0)
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug1:
> trying public key file /home/user1/.ssh/authorized_keys
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug1:
> fd 4 clearing O_NONBLOCK
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> x509key_from_subject(9, [subject= C = XX, O = XX, OU = XX, CN =
> user2\n]) called
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> x509key_from_subject: subject=[C = XX, O = XX, OU = XX, CN = user2\n]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_X509_NAME_add_entry_by_NID: type=ASCII, k=2
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_X509_NAME_add_entry_by_NID: type=ASCII, k=4
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_X509_NAME_add_entry_by_NID: type=ASCII, k=12
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_X509_NAME_add_entry_by_NID: type=ASCII, k=7
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> x509key_str2X509NAME: return 1
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> x509key_from_subject: return 2008b678
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> key_match:found matching certificate
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug1:
> matching key found: file /home/user1/.ssh/authorized_keys, line 1
> Nov 27 17:46:55 intrat10 auth|security:info sshd[11534544]: Found
> matching RSA+cert key: 47:d7:9f:7c:e4:a6:df:67:be:bb:82:8f:91:99:12:f2
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_x509cert_check: for 'C=XX,O=XX,OU=XX,CN=user2'
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_x509revoked_cb: Issuer: C=XX,O=XX,OU=XX,CN=XX
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_x509revoked_cb: Subject: C=XX,O=XX,OU=XX,CN=XX
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_x509revoked_cb: Issuer: C=XX,O=XX,OU=XX,CN=XX
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_x509revoked_cb: Subject: C=XX,O=XX,OU=XX,CN=XX
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_x509revoked_cb: Issuer: C=XX,O=XX,OU=XX,CN=XX
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_x509revoked_cb: Subject: C=XX,O=XX,OU=XX,CN=user2
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_ocsp_validate: for 'C=XX,O=XX,OU=XX,CN=user2'
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_ocsp_validate: none
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_key_verify entering [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_send entering: type 22 [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_key_verify: waiting for MONITOR_ANS_KEYVERIFY [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_receive_expect entering: type 23 [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_receive entering [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_receive entering
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> monitor_read: checking request 22
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> key_from_blob(..., 1268)
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> x509key_from_blob: We have 1268 bytes available in BIO
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> x509_to_key: X509_get_pubkey done!
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_x509_verify: signature format = x509v3-sign-rsa
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_x509_verify: md=rsa-sha1, loc=0
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_x509cert_check: for 'C=XX,O=XX,OU=XX,CN=user2'
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_x509revoked_cb: Issuer: C=XX,O=XX,OU=XX,CN=XX
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_x509revoked_cb: Subject: C=XX,O=XX,OU=XX,CN=XX
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_x509revoked_cb: Issuer: C=XX,O=XX,OU=XX,CN=XX
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_x509revoked_cb: Subject: C=XX,O=XX,OU=XX,CN=XX
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_x509revoked_cb: Issuer: C=XX,O=XX,OU=XX,CN=XX
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_x509revoked_cb: Subject: C=XX,O=XX,OU=XX,CN=user2
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_ocsp_validate: for 'C=XX,O=XX,OU=XX,CN=user2'
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_ocsp_validate: none
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_x509cert_check: return 1(trusted)
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> ssh_x509_verify: return 1
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_answer_keyverify: key 2008ca68 signature verified
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_send entering: type 23
> Nov 27 17:46:55 intrat10 auth|security:info sshd[11534544]: Accepted
> publickey for user1 from XX.XX.XX.XX. port 58271 ssh2
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> AIX/setauthdb set registry 'LDAP'
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug1:
> AIX/loginsuccess: msg Last unsuccessful login: \310et 22 Stu 2012
> 13:02:41 on ssh from user1.host.com\nLast login: Uto 27 Stu 2012
> 17:29:40 on /dev/pts/5 from intrat10.zbo\n
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> aix_restoreauthdb: restoring old registry ''
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug2:
> userauth_pubkey: authenticated 1 pkalg x509v3-sign-rsa [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_send_keystate: Sending new keys: 20046118 20045e78 [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_newkeys_to_blob: converting 20046118 [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_newkeys_to_blob: converting 20045e78 [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_send_keystate: New keys have been sent [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_send_keystate: Sending compression state [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_send entering: type 24 [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_send_keystate: Finished sending state [preauth]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug1:
> monitor_read_log: child log fd closed
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug1:
> monitor_child_preauth: user1 has been authenticated by privileged
> process
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_get_keystate: Waiting for new keys
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_receive_expect entering: type 24
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_receive entering
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_newkeys_from_blob: 2006cfa8(118)
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug2:
> mac_setup: found hmac-md5
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_get_keystate: Waiting for second key
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_newkeys_from_blob: 2006cfa8(118)
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug2:
> mac_setup: found hmac-md5
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_get_keystate: Getting compression state
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_get_keystate: Getting Network I/O buffers
> Nov 27 17:46:55 intrat10 auth|security:info sshd[11534544]: User child
> is on pid 13041862
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug3:
> AIX/UsrInfo: set len 29
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
> permanently_set_uid: 417/230
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug2:
> set_newkeys: mode 0
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug2:
> set_newkeys: mode 1
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
> Entering interactive session for SSH2.
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug2:
> fd 8 setting O_NONBLOCK
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug2:
> fd 9 setting O_NONBLOCK
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
> server_init_dispatch_20
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
> server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
> input_session_request
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
> channel 0: new [server-session]
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug2:
> session_new: allocate (allocated 0 max 10)
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug3:
> session_unused: session id 0 unused
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
> session_new: session 0
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
> session_open: channel 0
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
> session_open: session 0: link with channel 0
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
> server_input_channel_open: confirm session
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
> server_input_global_request: rtype no-more-sessions at openssh.com
> want_reply 0
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
> server_input_channel_req: channel 0 request pty-req reply 1
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
> session_by_channel: session 0 channel 0
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
> session_input_channel_req: session 0 req pty-req
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
> Allocating pty.
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug3:
> mm_request_send entering: type 25
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug3:
> mm_pty_allocate: waiting for MONITOR_ANS_PTY
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug3:
> mm_request_receive_expect entering: type 26
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug3:
> mm_request_receive entering
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_receive entering
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> monitor_read: checking request 25
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_answer_pty entering
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug2:
> session_new: allocate (allocated 0 max 10)
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> session_unused: session id 0 unused
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug1:
> session_new: session 0
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> AIX/setauthdb set registry 'LDAP'
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug1:
> AIX/loginsuccess: msg Last unsuccessful login: \310et 22 Stu 2012
> 13:02:41 on ssh from user1.host.com\nLast login: Uto 27 Stu 2012
> 17:46:55 on ssh from intrat10.zbo\n
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> aix_restoreauthdb: restoring old registry ''
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_request_send entering: type 26
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[11534544]: debug3:
> mm_answer_pty: tty /dev/pts/5 ptyfd 6
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
> session_pty_req: session 0 alloc /dev/pts/5
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
> server_input_channel_req: channel 0 request shell reply 1
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
> session_by_channel: session 0 channel 0
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug1:
> session_input_channel_req: session 0 req shell
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug2:
> fd 5 setting TCP_NODELAY
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug3:
> packet_set_tos: set IP_TOS 0x10
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug2:
> channel 0: rfd 12 isatty
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug2:
> fd 12 setting O_NONBLOCK
> Nov 27 17:46:55 intrat10 auth|security:debug sshd[13041862]: debug3:
> fd 10 is O_NONBLOCK
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


More information about the openssh-unix-dev mailing list