From owner-freebsd-questions@FreeBSD.ORG Sat Nov 20 14:42:31 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C3A1116A4CE for ; Sat, 20 Nov 2004 14:42:31 +0000 (GMT) Received: from mail1.speakeasy.net (mail1.speakeasy.net [216.254.0.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC12143D1F for ; Sat, 20 Nov 2004 14:42:29 +0000 (GMT) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: (qmail 3963 invoked from network); 20 Nov 2004 14:42:29 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail1.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 20 Nov 2004 14:42:29 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id C862265; Sat, 20 Nov 2004 09:42:28 -0500 (EST) Sender: lowell@be-well.ilk.org To: Ivan Georgiev References: <200411172035.59370.dsyphers@u.washington.edu> <200411181815.52222.georgiev@vt.edu> <44sm76pung.fsf@be-well.ilk.org> <200411181943.50933.georgiev@vt.edu> From: Lowell Gilbert Date: 20 Nov 2004 09:42:28 -0500 In-Reply-To: <200411181943.50933.georgiev@vt.edu> Message-ID: <44k6sgd1kb.fsf@be-well.ilk.org> Lines: 124 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-questions@freebsd.org Subject: Re: CANNOT SSH to my computer X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Nov 2004 14:42:31 -0000 Ivan Georgiev writes: > On Thursday 18 November 2004 07:08 pm, Lowell Gilbert wrote: > > Ivan Georgiev writes: > > > On Thursday 18 November 2004 06:00 pm, Sebastian Holmqvist wrote: > > > > On Thu, 18 Nov 2004 17:44:05 -0500, Ivan Georgiev > wrote: > > > > > On Thursday 18 November 2004 08:42 am, Sebastian Holmqvist wrote: > > > > > > On Thu, 18 Nov 2004 13:26:05 +0000, Daniel Bye > > > > > > > > > > > > wrote: > > > > > > > On Thu, Nov 18, 2004 at 07:49:03AM -0500, Ivan Georgiev wrote: > > > > > > > > I changed PasswordAuthentication to 'yes' and this time it asks > > > > > > > > me 6 times for my password (3 times beginning with "Password:" > > > > > > > > > > > > > > You can disable these first three by changing > > > > > > > ChallengeResponseAuthentication to no. > > > > > > > > > > > > > > > and another 3 times with "Password for xxxx@yyy.yyy.yyy.yyy) > > > > > > > > and rejects me again with the same message from sshd. > > > > > > > > > > > > > > Sounds like a silly question, I know, but are you typing your > > > > > > > password correctly? For example, is your local keymap sending > > > > > > > the right characters to the server? > > > > > > > > > > > > > > > Adding more verbosity didn't help me to understand the problem. > > > > > > > > I also noticed that my ida_dsa.pub key ends with "ivan@" . > > > > > > > > Usualy I have seen it ending with "someone@some_address_here". > > > > > > > > Is this a problem? > > > > > > > > > > > > > > No, I don't think so. It is just a convenient identifier for > > > > > > > human consumption - it's somewhat easier to use the last little > > > > > > > bit of the key than to try and remember the whole keyblock! > > > > > > > > > > > > > > Have you copied ida_dsa.pub from the client machine to your > > > > > > > ~/.ssh/authorized_keys file on the server? > > > > > > > > > > > > > > > > > > > > > > > > > > > > Dan > > > > > > > > > > > > > > -- > > > > > > > Daniel Bye > > > > > > > > > > > > > > PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc > > > > > > > PGP Key fingerprint: 3B9D 8BBB EB03 BA83 5DB4 3B88 86FC F03A 90A1 > > > > > > > BE8F _ ASCII ribbon campaign ( ) - against HTML, vCards and X - > > > > > > > proprietary attachments in e-mail / \ > > > > > > > > > > > > Sure you have changed your keymap? > > > > > > > > > > > > And sorry if I misunderstood, are you trying to ssh to the computer > > > > > > you're sitting on? > > > > > > > > > > I do not think I have done any changes to the keymap. And, yes, I am > > > > > trying to connect to the computer I am sitting on plus have tried to > > > > > connect from my office computer. In both cases no luck. > > > > > > > > > > I will appreciate if you can help me to resolve the issue. > > > > > > > > > > Thanks, > > > > > > > > > > > > > > > Ivan > > > > > > > > When you connect from the office-computer, what happends? > > > > > > As I said - rejects with Permission denied and a message the log: > > > sshd[25413]: Failed password for ivan from MY_OFFICE_COMPUTER_ADDRESS > > > port 44517 ssh2 > > > > Try "ssh -v" (and if that doesn't tell you enough, "ssh -vv") and look > > at the debug output when it asks for and rejects the password. If that > > doesn't give you more of a clue, try doing the equivalent with sshd. > > I have tried that already but cannot understand where the problem is. Here is > small part of the sshd log: > .... > debug1: userauth-request for user ivan service ssh-connection method password > debug1: attempt 5 failures 4 > debug2: input_userauth_request: try method password > debug3: mm_auth_password entering > debug3: mm_request_send entering: type 10 > debug3: monitor_read: checking request 10 > debug3: mm_answer_authpassword: sending result 1 > debug3: mm_request_send entering: type 11 > debug3: mm_request_receive_expect entering: type 46 > debug3: mm_request_receive entering > debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD > debug3: mm_request_receive_expect entering: type 11 > debug3: mm_request_receive entering > debug3: mm_auth_password: user authenticated > debug3: mm_do_pam_account entering > debug3: mm_request_send entering: type 46 > debug3: mm_request_send entering: type 47 > Failed password for ivan from XXX.XXX.XXX.XXX port 55958 ssh2 > debug3: mm_request_receive entering > debug3: mm_request_receive_expect entering: type 47 > debug3: mm_request_receive entering > debug3: mm_do_pam_account returning 0 > Failed password for ivan from XXX.XXX.XXX.XXX port 55958 ssh2 > Connection closed by XXX.XXX.XXX.XXX > debug1: do_cleanup > debug1: PAM: cleanup > debug3: PAM: sshpam_thread_cleanup entering > debug1: do_cleanup > debug1: PAM: cleanup > debug3: PAM: sshpam_thread_cleanup entering > .... > > and from ssh -vvv > .... > ivan@XXX.XXX.XXX.XXX's password: > debug3: packet_send2: adding 64 (len 59 padlen 5 extra_pad 64) > debug2: we sent a password packet, wait for reply > debug1: Authentications that can continue: publickey,password > debug2: we did not send a packet, disable method > debug1: No more authentication methods to try. > Permission denied (publickey,password). > .... Looks like you've either changed your PAM configuration from the defaults or disabled keyboard-interactive. What changes have you made?