Date: Sun, 03 Sep 2000 17:59:34 +0900 (JST) From: Marty Cawthon <mrc@ChipChat.ne.jp> To: cjclark@alum.mit.edu, cjclark@reflexnet.net Cc: freebsd-questions@FreeBSD.ORG Subject: Re: SSH fails for user, but succeeds for root Message-ID: <20000903175934R.mrc@ChipChat.ne.jp> In-Reply-To: <20000903001440.D62475@149.211.6.64.reflexcom.com> References: <20000902232335.Y62475@149.211.6.64.reflexcom.com> <20000903153634J.mrc@ChipChat.ne.jp> <20000903001440.D62475@149.211.6.64.reflexcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
From: "Crist J . Clark" <cjclark@reflexnet.net> > On Sun, Sep 03, 2000 at 03:36:34PM +0900, Marty Cawthon wrote: >> From: "Crist J . Clark" <cjclark@reflexnet.net> >>> On Sun, Sep 03, 2000 at 08:29:41AM +0900, Marty Cawthon wrote: mrc>>>> I fail to connect using SSH as my usual login (mrc) but succeed when mrc>>>> I su to root. This is puzzling to me. I have looked in the mail archives, mrc>>>> and read the handbook, and am stumped. I have examined the files in mrc>>>> /root/.ssh and /home/mrc/.ssh mrc>>>> and do not see why it would fail for 'mrc' but succeed for 'root'. mrc>>>> Any ideas or suggestions? cjc>>> What are the permissions on the RSA lib files? mrc>> $ ls -al /usr/lib/librsa* mrc>> -r--r--r-- 1 root wheel 10568 Sep 1 16:11 /usr/lib/librsaINTL.a mrc>> lrwxr-xr-x 1 root wheel 15 Sep 1 16:11 /usr/lib/librsaINTL.so -> librsaINTL.so.1 mrc>> -r--r--r-- 1 root wheel 10772 Sep 1 16:05 /usr/lib/librsaINTL.so.1 mrc>> -r--r--r-- 1 root wheel 7690 Aug 29 13:19 /usr/lib/librsaUSA.a mrc>> lrwxr-xr-x 1 root wheel 14 Aug 29 14:25 /usr/lib/librsaUSA.so -> librsaUSA.so.1 mrc>> -r--r--r-- 1 root wheel 10196 Aug 29 13:19 /usr/lib/librsaUSA.so.1 mrc>> -r--r--r-- 1 root wheel 7122 Mar 20 21:32 /usr/lib/librsaUSA_p.a mrc>> mrc>> I followed your suggestion to look at the permissions of the rsa files mrc>> (above) and find both librsaINTL* and librsaUSA* files. mrc>> This seems odd to have both INTL and USA files. mrc>> Perhaps the source of my troubles? cjc> Dunno. Try using 'ssh -v' for both users. User mrc: --------- bash-2.03$ ssh -v mrc-tiger.chipchat.com SSH Version OpenSSH-2.1, protocol versions 1.5/2.0. Compiled with SSL (0x0090581f). debug: Reading configuration data /etc/ssh/ssh_config ssh: no RSA support in libssl and libcrypto. See ssl(8). Disabling protocol version 1 debug: ssh_connect: getuid 0 geteuid 0 anon 0 debug: Connecting to mrc-tiger.chipchat.com [206.2.228.141] port 22. debug: Allocated local port 1014. debug: Connection established. debug: Remote protocol version 1.5, remote software version OpenSSH-1.2 ** Protocol major versions differ: 2 vs. 1 ** debug: Calling cleanup 0x8059ee0(0x0) bash-2.03$ ROOT: ----- EI-Tiger# ssh -v mrc-tiger.chipchat.com SSH Version OpenSSH-2.1, protocol versions 1.5/2.0. Compiled with SSL (0x0090581f). debug: Reading configuration data /etc/ssh/ssh_config debug: ssh_connect: getuid 0 geteuid 0 anon 0 debug: Connecting to mrc-tiger.chipchat.com [206.2.228.141] port 22. debug: Allocated local port 1011. debug: Connection established. debug: Remote protocol version 1.5, remote software version OpenSSH-1.2 ** debug: Local version string SSH-1.5-OpenSSH-2.1 ** debug: Waiting for server public key. ** debug: Received server public key (768 bits) and host key (1024 bits). ** debug: Host 'mrc-tiger.chipchat.com' is known and matches the RSA host key. ** debug: Encryption type: 3des ** debug: Sent encrypted session key. ** debug: Installing crc compensation attack detector. ** debug: Received encrypted confirmation. ** debug: Doing password authentication. ** root@mrc-tiger.chipchat.com's password: The lines which are different have a "**" preceeding them There is no "user config" (~/.ssh/ssh_config) for mrc or for root. $ locate ssh_conf /etc/ssh/ssh_config /usr/src/crypto/openssh/ssh_config $ Then I tried the above with all *rsaUSA* files moved to my home directory. I moved the "rsaUSA" files to my home directory and deleted the link for USA files, so now I am only dealing with the INTL files, and I see the same debug behaviour as indicated above. $ ls -al /usr/lib/*rsa* -r--r--r-- 1 root wheel 10568 Sep 2 01:11 /usr/lib/librsaINTL.a lrwxr-xr-x 1 root wheel 15 Sep 2 01:11 /usr/lib/librsaINTL.so -> librsaINTL.so.1 -r--r--r-- 1 root wheel 10772 Sep 2 01:05 /usr/lib/librsaINTL.so.1 $ Puzzling... Marty Cawthon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000903175934R.mrc>