Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 22 May 2001 16:18:36 -0400 (EDT)
From:      David Miller <dmiller@sparks.net>
To:        stable@freebsd.org
Subject:   4.3R and ssh problems
Message-ID:  <Pine.BSF.4.21.0105221609300.50961-100000@search.sparks.net>

next in thread | raw e-mail | index | archive | help
I've got a pair of 4.3R systems which can't ssh to each other without
using passwords.

hq is the server and a debug session gives me:

su-2.05# sshd  -d -d -d
debug1: sshd version OpenSSH_2.3.0 green@FreeBSD.org 20010321
debug1: read DSA private key done
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from rs-1.mainexp.net port 1056
Connection from 192.168.1.2 port 1056
debug1: Client protocol version 1.5; client software version OpenSSH_2.3.0
green@FreeBSD.org 20010321
debug1: match: OpenSSH_2.3.0 green@FreeBSD.org 20010321 pat
^OpenSSH[-_]2\.3

debug1: Local version string SSH-1.99-OpenSSH_2.3.0 green@FreeBSD.org
20010321
debug1: Sent 768 bit public key and 1024 bit host key.
debug1: Encryption type: blowfish
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug1: Starting up PAM with username "dmiller"
debug1: Attempting authentication for dmiller.


ssh -v from rs-1 for the same session gives me:

bash-2.05$ ssh -v hq.mainexp.net
SSH Version OpenSSH_2.3.0 green@FreeBSD.org 20010321, protocol versions
1.5/2.0.
Compiled with SSL (0x0090600f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: ssh_connect: getuid 100 geteuid 100 anon 1
debug: Connecting to hq.mainexp.net [192.168.1.7] port 22.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0
green@FreeBSD.org 20010321
debug: match: OpenSSH_2.3.0 green@FreeBSD.org 20010321 pat
^OpenSSH[-_]2\.3

debug: Local version string SSH-1.5-OpenSSH_2.3.0 green@FreeBSD.org
20010321
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host 'hq.mainexp.net' is known and matches the RSA host key.
debug: Encryption type: blowfish
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Doing password authentication.
dmiller@hq.mainexp.net's password: 



So why can't I connect without a password?




Machine 1 is:

su-2.05# uname -a
FreeBSD hq.mainexp.net 4.3-RELEASE FreeBSD 4.3-RELEASE #0: Tue May 15
09:41:16 EDT 2001     dmiller@hq.sparks.net:/usr/src/sys/compile/HQ  i386

machine 2 is rs-1.mainexp.net and the same version.

hq has sshd_configured with:
IgnoreRhosts no
RhostsAuthentication no
RhostsRSAAuthentication yes
RSAAuthentication yes

For the sake of completeness, pam.conf has the stock sshd entries:

# OpenSSH with PAM support requires similar modules.  The session one is
# a bit strange, though...
sshd    auth    sufficient      pam_skey.so
#sshd   auth    sufficient      pam_kerberosIV.so
try_first_pass
sshd    auth    required        pam_unix.so
try_first_pass
sshd    session required        pam_permit.so


The known_hosts files should be all set on both systems as I've ssh'd
repeatedly between them and have all variations of the hostname and ip
address included.

DNS matches both forwards and backwards.

hq:~dmiller/.shosts is mode 600 and contains:

rs-1.mainexp.net        dmiller
192.168.1.2             dmiller


Any pointers welcome, I've been pulling my hair out all afternoon on
this.  Surely something trivial?

--- David


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0105221609300.50961-100000>