From owner-freebsd-questions@FreeBSD.ORG Sat Sep 16 13:51:41 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4AC0716A403 for ; Sat, 16 Sep 2006 13:51:41 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from mxout4.cac.washington.edu (mxout4.cac.washington.edu [140.142.33.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id 953B043D46 for ; Sat, 16 Sep 2006 13:51:40 +0000 (GMT) (envelope-from youshi10@u.washington.edu) Received: from smtp.washington.edu (smtp.washington.edu [140.142.32.139]) by mxout4.cac.washington.edu (8.13.7+UW06.06/8.13.7+UW06.03) with ESMTP id k8GDpdSr019948 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Sat, 16 Sep 2006 06:51:39 -0700 X-Auth-Received: from [192.168.11.5] (208.131.210.220.dy.bbexcite.jp [220.210.131.208]) (authenticated authid=youshi10) by smtp.washington.edu (8.13.7+UW06.06/8.13.7+UW06.03) with ESMTP id k8GDpaTk020966 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for ; Sat, 16 Sep 2006 06:51:38 -0700 Mime-Version: 1.0 (Apple Message framework v752.2) In-Reply-To: References: X-Gpgmail-State: !signed Message-Id: <54DA4AB7-ACD4-4C04-95FD-CB1A21692AE9@u.washington.edu> From: Garrett Cooper Date: Sat, 16 Sep 2006 22:51:36 +0900 To: freebsd-questions@freebsd.org X-Mailer: Apple Mail (2.752.2) X-PMX-Version: 5.2.0.266434, Antispam-Engine: 2.4.0.264935, Antispam-Data: 2006.9.16.55443 X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0, __CTYPE_MULTIPART_ALT 0, __HAS_MSGID 0, __HAS_X_MAILER 0, __MIME_HTML 0, __MIME_VERSION 0, __SANE_MSGID 0, __TAG_EXISTS_HTML 0' Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: PAY offered - sshd won't allow client from same domain X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Sep 2006 13:51:41 -0000 On Sep 16, 2006, at 6:05 PM, ke han wrote: > > On Sep 16, 2006, at 4:50 PM, Garrett Cooper wrote: > >> ssh -vv server1.domain.com > > form OS X: (real domain name edited to domain.com) > > > ssh -vv server1.domain.com > OpenSSH_4.2p1, OpenSSL 0.9.7i 14 Oct 2005 > debug1: Reading configuration data /etc/ssh_config > debug2: ssh_connect: needpriv 0 > debug1: Connecting to server1.domain.com [209.216.230.199] port 22. > debug1: Connection established. > debug1: identity file /Users/jhancock/.ssh/identity type -1 > debug1: identity file /Users/jhancock/.ssh/id_rsa type -1 > debug2: key_type_from_name: unknown key type '-----BEGIN' > debug2: key_type_from_name: unknown key type 'Proc-Type:' > debug2: key_type_from_name: unknown key type 'DEK-Info:' > debug2: key_type_from_name: unknown key type '-----END' > debug1: identity file /Users/jhancock/.ssh/id_dsa type 2 > debug1: Remote protocol version 2.0, remote software version > OpenSSH_4.2p1 FreeBSD-20050903 > debug1: match: OpenSSH_4.2p1 FreeBSD-20050903 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_4.2 > debug2: fd 3 setting O_NONBLOCK > debug1: Miscellaneous failure > No credentials cache found > > debug1: Miscellaneous failure > No credentials cache found > > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: diffie-hellman-group-exchange- > sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- > cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- > cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- > cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- > cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- > ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- > ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib > debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: diffie-hellman-group-exchange- > sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-dss > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- > cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- > cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- > cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- > cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- > ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- > ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib@openssh.com > debug2: kex_parse_kexinit: none,zlib@openssh.com > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_init: found hmac-md5 > debug1: kex: server->client aes128-cbc hmac-md5 none > debug2: mac_init: found hmac-md5 > debug1: kex: client->server aes128-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug2: dh_gen_key: priv key bits set: 132/256 > debug2: bits set: 523/1024 > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Host 'server1.domain.com' is known and matches the DSA host > key. > debug1: Found key in /Users/jhancock/.ssh/known_hosts:2 > debug2: bits set: 527/1024 > debug1: ssh_dss_verify: signature correct > debug2: kex_derive_keys > debug2: set_newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug2: set_newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > Read from socket failed: Connection reset by peer Your problem appears to be in how your user is being authenticated and not your DNS setup, I think. Example: shiina:~ gcooper$ uname -a Darwin shiina.local 8.7.0 Darwin Kernel Version 8.7.0: Fri May 26 15:20:53 PDT 2006; root:xnu-792.6.76.obj~1/RELEASE_PPC Power Macintosh powerpc shiina:~ gcooper$ ssh -vv tebo.cs.washington.edu OpenSSH_4.2p1, OpenSSL 0.9.7i 14 Oct 2005 debug1: Reading configuration data /etc/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to tebo.cs.washington.edu [128.208.6.74] port 22. debug1: Connection established. debug1: identity file /Users/gcooper/.ssh/identity type -1 debug2: key_type_from_name: unknown key type '-----BEGIN' debug2: key_type_from_name: unknown key type 'Proc-Type:' debug2: key_type_from_name: unknown key type 'DEK-Info:' debug2: key_type_from_name: unknown key type '-----END' debug1: identity file /Users/gcooper/.ssh/id_rsa type 1 debug1: identity file /Users/gcooper/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.2 debug2: fd 3 setting O_NONBLOCK debug1: Miscellaneous failure No credentials cache found debug1: Miscellaneous failure No credentials cache found debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie- hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie- hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 125/256 debug2: bits set: 512/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'tebo.cs.washington.edu' is known and matches the RSA host key. debug1: Found key in /Users/gcooper/.ssh/known_hosts:43 debug2: bits set: 504/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth The only thing I can tell that's different is that I'm trying to connect to a Linux host with an RSA host key, where you're trying to connect to a FreeBSD host with a DSA key. Have you tried deleting or renaming your DSA/RSA public key and then try connecting to the FreeBSD host again? -Garrett