From owner-freebsd-stable Sat Dec 8 10:59:47 2001 Delivered-To: freebsd-stable@freebsd.org Received: from klima.physik.uni-mainz.de (klima.Physik.Uni-Mainz.DE [134.93.180.162]) by hub.freebsd.org (Postfix) with ESMTP id 4DA6137B405 for ; Sat, 8 Dec 2001 10:59:41 -0800 (PST) Received: from klima.Physik.Uni-Mainz.DE (klima.Physik.Uni-Mainz.DE [134.93.180.162]) by klima.physik.uni-mainz.de (8.11.6/8.11.4) with ESMTP id fB8IxeX14233 for ; Sat, 8 Dec 2001 19:59:40 +0100 (CET) (envelope-from ohartman@klima.physik.uni-mainz.de) Date: Sat, 8 Dec 2001 19:59:40 +0100 (CET) From: "Hartmann, O." To: freebsd-stable@freebsd.org Subject: SSHD problems on P4 Message-ID: <20011208193059.A13855-100000@klima.physik.uni-mainz.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Dear Sirs. We installed a new 2GHz P4 system with FreeBSD 4.4-RELEASE, the we cvsupdated the code to FreeBSD 4.4-STABLE and made a world. This machine, a new Dell PrecisionWorkstation 340 with 512MB RIMM and 2 GHz Intel P4 CPU works finde with FreeBSD 4.4-STABLE (the systems has at boottime some problems to bootstrap, but this problem is not reproduceable and has not been gone while enabling options PNPBIOS in the kernel, I think this is a BIOS issue ...). Parallel to this machine we installed several other systems the same way but only on the Dell system sshd is not willing to allow connections but the ssh client allows connects to the outer world. I switched sshd on the specific machine to debugging mode and got this: --- root: /root: sshd -d -D debug1: sshd version OpenSSH_2.9 FreeBSD localisations 20011202 debug1: read PEM private key done: type DSA debug1: private host key: #0 type 2 DSA debug1: private host key: #1 type 0 RSA1 debug1: Forcing server key to 1152 bits to make it differ from host key. debug1: Bind to port 22 on XX.XX.XX.XX. Server listening on XX.XX.XX.XX port 22. Generating 1152 bit RSA key. RSA key generation complete. --- Then I try to connect from a client ( a machine of our computer center) and use ssh2 -vv destination.machine.de --- debug: connecting to client01.physik.uni-mainz.de... debug: entering event loop debug: ssh_client_wrap: creating transport protocol debug: SshAuthMethodClient/sshauthmethodc.c:116: Added "publickey" to usable methods. debug: SshAuthMethodClient/sshauthmethodc.c:116: Added "password" to usable methods. debug: Ssh2Client/sshclient.c:1142: creating userauth protocol debug: Ssh2Common/sshcommon.c:501: local ip = XX.XX.XX.XX, local port = 4039 debug: Ssh2Common/sshcommon.c:503: remote ip = XX.XX.XX.XX, remote port = 22 debug: SshConnection/sshconn.c:1866: Wrapping... warning: Warning: Need basic cursor movement capablity, using vt100 debug: Ssh2Transport/trcommon.c:599: Remote version: SSH-1.99-OpenSSH_2.9 FreeBSD localisations 20011202 debug: Ssh2Transport/trcommon.c:789: Remote version has rekey incompatibility bug. debug: Ssh2Transport/trcommon.c:1118: c_to_s: cipher 3des-cbc, mac hmac-sha1, compression none debug: Ssh2Transport/trcommon.c:1121: s_to_c: cipher 3des-cbc, mac hmac-sha1, compression none debug: Ssh2Client/sshclient.c:406: Host key found from database. debug: Ssh2Common/sshcommon.c:305: Received SSH_CROSS_STARTUP packet from connection protocol. debug: Ssh2Common/sshcommon.c:355: Received SSH_CROSS_ALGORITHMS packet from connection protocol. debug: Ssh2Common/sshcommon.c:137: DISCONNECT received: Sorry, you are not allowed to connect. warning: Authentication failed. debug: Ssh2/ssh2.c:84: locally_generated = FALSE Disconnected; protocol error (Sorry, you are not allowed to connect.). debug: uninitializing event loop --- This is the output of the daemon on the server side: --- root: /root: sshd -d -D debug1: sshd version OpenSSH_2.9 FreeBSD localisations 20011202 debug1: read PEM private key done: type DSA debug1: private host key: #0 type 2 DSA debug1: private host key: #1 type 0 RSA1 debug1: Forcing server key to 1152 bits to make it differ from host key. debug1: Bind to port 22 on XX.XX.XX.XX. Server listening on XX.XX.XX.XX port 22. Generating 1152 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from client1.zdv.Uni-Mainz.DE port 4039 Connection from XX.XX.XX.XX port 4039 debug1: Client protocol version 1.99; client software version 2.4.0 SSH Secure Shell (non-commercial) debug1: match: 2.4.0 SSH Secure Shell (non-commercial) pat ^2\.[2-9]\. Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_2.9 FreeBSD localisations 20011202 debug1: Rhosts Authentication disabled, originating port not trusted. debug1: list_hostkey_types: ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: client->server 3des-cbc hmac-sha1 none debug1: kex: server->client 3des-cbc hmac-sha1 none debug1: dh_gen_key: priv key bits set: 187/384 debug1: bits set: 512/1024 debug1: expecting SSH2_MSG_KEXDH_INIT debug1: bits set: 503/1024 debug1: sig size 20 20 debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user ohartman service ssh-connection method none debug1: attempt 0 failures 0 debug1: Starting up PAM with username "ohartman" Denied connection for ohartman from client1.zdv.uni-mainz.de [XX.XX.XX.XX]. Disconnecting: Sorry, you are not allowed to connect. debug1: Calling cleanup 0x8059ba0(0x0) debug1: Calling cleanup 0x8060c54(0x0) --- The frustrating thing is that I did a parallel installation with an older system based on a AMD K6-2/550 and it works! It is always on all machines the same ssh-configuration and I copy a sshd_config file on each machine and replace the interface part by the appropriate IP, that's it. A check by a diff on a working and non working config showed this line as the only one that differs. On a working sshd (switched to sshd -d -D) I see another 'userauth-request for user ohartman service ssh-connection method none' line, it shows a kind of protocoll and so on. I tried to disable SSE in the kernel, but that did not help. Well, it looks strange to me .. :-( Thanks in advance for your comments and help. Oliver -- MfG O. Hartmann ohartman@klima.physik.uni-mainz.de ---------------------------------------------------------------- IT-Administration des Institutes fuer Physik der Atmosphaere (IPA) ---------------------------------------------------------------- Johannes Gutenberg Universitaet Mainz Becherweg 21 55099 Mainz Tel: +496131/3924662 (Maschinenraum) Tel: +496131/3924144 FAX: +496131/3923532 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message