Date: 08 Dec 2001 18:50:58 -0100 From: Harald Schmalzbauer <H@Schmalzbauer.de> To: "Hartmann, O." <ohartman@klima.physik.uni-mainz.de> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: SSHD problems on P4 Message-ID: <1007841058.618.6.camel@adm01.belenus.com> In-Reply-To: <20011208193059.A13855-100000@klima.physik.uni-mainz.de> References: <20011208193059.A13855-100000@klima.physik.uni-mainz.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, perhaps stupid, but have you checked hosts.allow? Strange is that your machines decided to use 3des. With OpenSSH2.9, afaik, the default is AES (Rijndael). Did you compile it with special CFLAGS? Are you out of sync with OpenSSL?. Viel Spass, -Harry Am Sa , 2001-12-08 um 19.59 schrieb Hartmann, O.: > Dear Sirs. > > We installed a new 2GHz P4 system with FreeBSD 4.4-RELEASE, the we > cvsupdated the code to FreeBSD 4.4-STABLE and made a world. This > machine, a new Dell PrecisionWorkstation 340 with 512MB RIMM and 2 GHz > Intel P4 CPU works finde with FreeBSD 4.4-STABLE (the systems has at > boottime some problems to bootstrap, but this problem is not reproduceable > and has not been gone while enabling options PNPBIOS in the kernel, I > think this is a BIOS issue ...). > > Parallel to this machine we installed several other systems the same > way but only on the Dell system sshd is not willing to allow > connections but the ssh client allows connects to the outer world. > > I switched sshd on the specific machine to debugging mode and got this: > > --- > root: /root: sshd -d -D > debug1: sshd version OpenSSH_2.9 FreeBSD localisations 20011202 > debug1: read PEM private key done: type DSA > debug1: private host key: #0 type 2 DSA > debug1: private host key: #1 type 0 RSA1 > debug1: Forcing server key to 1152 bits to make it differ from host key. > debug1: Bind to port 22 on XX.XX.XX.XX. > Server listening on XX.XX.XX.XX port 22. > Generating 1152 bit RSA key. > RSA key generation complete. > --- > > Then I try to connect from a client ( a machine of our computer center) > and use ssh2 -vv destination.machine.de > > --- > debug: connecting to client01.physik.uni-mainz.de... > debug: entering event loop > debug: ssh_client_wrap: creating transport protocol > debug: SshAuthMethodClient/sshauthmethodc.c:116: Added "publickey" to usable methods. > debug: SshAuthMethodClient/sshauthmethodc.c:116: Added "password" to usable methods. > debug: Ssh2Client/sshclient.c:1142: creating userauth protocol > debug: Ssh2Common/sshcommon.c:501: local ip = XX.XX.XX.XX, local port = 4039 > debug: Ssh2Common/sshcommon.c:503: remote ip = XX.XX.XX.XX, remote port = 22 > debug: SshConnection/sshconn.c:1866: Wrapping... > warning: Warning: Need basic cursor movement capablity, using vt100 > debug: Ssh2Transport/trcommon.c:599: Remote version: SSH-1.99-OpenSSH_2.9 FreeBSD localisations 20011202 > debug: Ssh2Transport/trcommon.c:789: Remote version has rekey incompatibility bug. > debug: Ssh2Transport/trcommon.c:1118: c_to_s: cipher 3des-cbc, mac hmac-sha1, compression none > debug: Ssh2Transport/trcommon.c:1121: s_to_c: cipher 3des-cbc, mac hmac-sha1, compression none > debug: Ssh2Client/sshclient.c:406: Host key found from database. > debug: Ssh2Common/sshcommon.c:305: Received SSH_CROSS_STARTUP packet from connection protocol. > debug: Ssh2Common/sshcommon.c:355: Received SSH_CROSS_ALGORITHMS packet from connection protocol. > debug: Ssh2Common/sshcommon.c:137: DISCONNECT received: Sorry, you are not allowed to connect. > warning: Authentication failed. > debug: Ssh2/ssh2.c:84: locally_generated = FALSE > Disconnected; protocol error (Sorry, you are not allowed to connect.). > debug: uninitializing event loop > --- > > This is the output of the daemon on the server side: > > --- > root: /root: sshd -d -D > debug1: sshd version OpenSSH_2.9 FreeBSD localisations 20011202 > debug1: read PEM private key done: type DSA > debug1: private host key: #0 type 2 DSA > debug1: private host key: #1 type 0 RSA1 > debug1: Forcing server key to 1152 bits to make it differ from host key. > debug1: Bind to port 22 on XX.XX.XX.XX. > Server listening on XX.XX.XX.XX port 22. > Generating 1152 bit RSA key. > RSA key generation complete. > debug1: Server will not fork when running in debugging mode. > Connection from client1.zdv.Uni-Mainz.DE port 4039 > Connection from XX.XX.XX.XX port 4039 > debug1: Client protocol version 1.99; client software version 2.4.0 SSH Secure Shell (non-commercial) > debug1: match: 2.4.0 SSH Secure Shell (non-commercial) pat ^2\.[2-9]\. > Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-1.99-OpenSSH_2.9 FreeBSD localisations 20011202 > debug1: Rhosts Authentication disabled, originating port not trusted. > debug1: list_hostkey_types: ssh-dss > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: client->server 3des-cbc hmac-sha1 none > debug1: kex: server->client 3des-cbc hmac-sha1 none > debug1: dh_gen_key: priv key bits set: 187/384 > debug1: bits set: 512/1024 > debug1: expecting SSH2_MSG_KEXDH_INIT > debug1: bits set: 503/1024 > debug1: sig size 20 20 > debug1: kex_derive_keys > debug1: newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: waiting for SSH2_MSG_NEWKEYS > debug1: newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: KEX done > debug1: userauth-request for user ohartman service ssh-connection method none > debug1: attempt 0 failures 0 > debug1: Starting up PAM with username "ohartman" > Denied connection for ohartman from client1.zdv.uni-mainz.de [XX.XX.XX.XX]. > Disconnecting: Sorry, you are not allowed to connect. > debug1: Calling cleanup 0x8059ba0(0x0) > debug1: Calling cleanup 0x8060c54(0x0) > --- > > The frustrating thing is that I did a parallel installation with an older > system based on a AMD K6-2/550 and it works! It is always on all machines > the same ssh-configuration and I copy a sshd_config file on each machine > and replace the interface part by the appropriate IP, that's it. A check by > a diff on a working and non working config showed this line as the only one that > differs. > > On a working sshd (switched to sshd -d -D) I see another > > 'userauth-request for user ohartman service ssh-connection method none' > > line, it shows a kind of protocoll and so on. > > I tried to disable SSE in the kernel, but that did not help. > > Well, it looks strange to me .. :-( > > Thanks in advance for your comments and help. > > Oliver > > > -- > MfG > O. Hartmann > > ohartman@klima.physik.uni-mainz.de > ---------------------------------------------------------------- > IT-Administration des Institutes fuer Physik der Atmosphaere (IPA) > ---------------------------------------------------------------- > Johannes Gutenberg Universitaet Mainz > Becherweg 21 > 55099 Mainz > > Tel: +496131/3924662 (Maschinenraum) > Tel: +496131/3924144 > FAX: +496131/3923532 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1007841058.618.6.camel>