From owner-freebsd-questions@FreeBSD.ORG Sun Nov 21 00:21:30 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E5E3116A4CE for ; Sun, 21 Nov 2004 00:21:30 +0000 (GMT) Received: from out002.verizon.net (out002pub.verizon.net [206.46.170.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id 35EA443D2F for ; Sun, 21 Nov 2004 00:21:30 +0000 (GMT) (envelope-from georgiev@vt.edu) Received: from bburg.bg ([151.199.126.93]) by out002.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <20041121002129.IYXM3388.out002.verizon.net@bburg.bg> for ; Sat, 20 Nov 2004 18:21:29 -0600 From: Ivan Georgiev To: freebsd-questions@freebsd.org Date: Sat, 20 Nov 2004 19:21:27 -0500 User-Agent: KMail/1.7.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200411201921.27880.georgiev@vt.edu> X-Authentication-Info: Submitted using SMTP AUTH at out002.verizon.net from [151.199.126.93] at Sat, 20 Nov 2004 18:21:29 -0600 Subject: NEW: cannot ssh to my computer X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Nov 2004 00:21:31 -0000 Hello, Please excuse my re-posting of the same problem but, simply, I have no clue how to fix my account. Below you can see the previous postings. What puzzles me is that if I create a new user this user can connect trough ssh with no problems. Only my account is rejected. Thank you for your help, Ivan > Ivan Georgiev writes: > > On Thursday 18 November 2004 07:08 pm, Lowell Gilbert wrote: > > > Ivan Georgiev writes: > > > > On Thursday 18 November 2004 06:00 pm, Sebastian Holmqvist wrote: > > > > > On Thu, 18 Nov 2004 17:44:05 -0500, Ivan Georgiev > > > > wrote: > > > > > > On Thursday 18 November 2004 08:42 am, Sebastian Holmqvist wrote: > > > > > > > On Thu, 18 Nov 2004 13:26:05 +0000, Daniel Bye > > > > > > > > > > > > > > wrote: > > > > > > > > On Thu, Nov 18, 2004 at 07:49:03AM -0500, Ivan Georgiev wrote: > > > > > > > > > I changed PasswordAuthentication to 'yes' and this time it > > > > > > > > > asks me 6 times for my password (3 times beginning with > > > > > > > > > "Password:" > > > > > > > > > > > > > > > > You can disable these first three by changing > > > > > > > > ChallengeResponseAuthentication to no. > > > > > > > > > > > > > > > > > and another 3 times with "Password for > > > > > > > > > xxxx@yyy.yyy.yyy.yyy) and rejects me again with the same > > > > > > > > > message from sshd. > > > > > > > > > > > > > > > > Sounds like a silly question, I know, but are you typing your > > > > > > > > password correctly? For example, is your local keymap > > > > > > > > sending the right characters to the server? > > > > > > > > > > > > > > > > > Adding more verbosity didn't help me to understand the > > > > > > > > > problem. I also noticed that my ida_dsa.pub key ends with > > > > > > > > > "ivan@" . Usualy I have seen it ending with > > > > > > > > > "someone@some_address_here". Is this a problem? > > > > > > > > > > > > > > > > No, I don't think so. It is just a convenient identifier for > > > > > > > > human consumption - it's somewhat easier to use the last > > > > > > > > little bit of the key than to try and remember the whole > > > > > > > > keyblock! > > > > > > > > > > > > > > > > Have you copied ida_dsa.pub from the client machine to your > > > > > > > > ~/.ssh/authorized_keys file on the server? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Dan > > > > > > > > > > > > > > > > -- > > > > > > > > Daniel Bye > > > > > > > > > > > > > > > > PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc > > > > > > > > PGP Key fingerprint: 3B9D 8BBB EB03 BA83 5DB4 3B88 86FC F03A > > > > > > > > 90A1 BE8F _ ASCII ribbon campaign ( ) - against HTML, vCards > > > > > > > > and X - proprietary attachments in e-mail / \ > > > > > > > > > > > > > > Sure you have changed your keymap? > > > > > > > > > > > > > > And sorry if I misunderstood, are you trying to ssh to the > > > > > > > computer you're sitting on? > > > > > > > > > > > > I do not think I have done any changes to the keymap. And, yes, I > > > > > > am trying to connect to the computer I am sitting on plus have > > > > > > tried to connect from my office computer. In both cases no luck. > > > > > > > > > > > > I will appreciate if you can help me to resolve the issue. > > > > > > > > > > > > Thanks, > > > > > > > > > > > > > > > > > > Ivan > > > > > > > > > > When you connect from the office-computer, what happends? > > > > > > > > As I said - rejects with Permission denied and a message the log: > > > > sshd[25413]: Failed password for ivan from MY_OFFICE_COMPUTER_ADDRESS > > > > port 44517 ssh2 > > > > > > Try "ssh -v" (and if that doesn't tell you enough, "ssh -vv") and look > > > at the debug output when it asks for and rejects the password. If that > > > doesn't give you more of a clue, try doing the equivalent with sshd. > > > > I have tried that already but cannot understand where the problem is. > > Here is small part of the sshd log: > > .... > > debug1: userauth-request for user ivan service ssh-connection method > > password debug1: attempt 5 failures 4 > > debug2: input_userauth_request: try method password > > debug3: mm_auth_password entering > > debug3: mm_request_send entering: type 10 > > debug3: monitor_read: checking request 10 > > debug3: mm_answer_authpassword: sending result 1 > > debug3: mm_request_send entering: type 11 > > debug3: mm_request_receive_expect entering: type 46 > > debug3: mm_request_receive entering > > debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD > > debug3: mm_request_receive_expect entering: type 11 > > debug3: mm_request_receive entering > > debug3: mm_auth_password: user authenticated > > debug3: mm_do_pam_account entering > > debug3: mm_request_send entering: type 46 > > debug3: mm_request_send entering: type 47 > > Failed password for ivan from XXX.XXX.XXX.XXX port 55958 ssh2 > > debug3: mm_request_receive entering > > debug3: mm_request_receive_expect entering: type 47 > > debug3: mm_request_receive entering > > debug3: mm_do_pam_account returning 0 > > Failed password for ivan from XXX.XXX.XXX.XXX port 55958 ssh2 > > Connection closed by XXX.XXX.XXX.XXX > > debug1: do_cleanup > > debug1: PAM: cleanup > > debug3: PAM: sshpam_thread_cleanup entering > > debug1: do_cleanup > > debug1: PAM: cleanup > > debug3: PAM: sshpam_thread_cleanup entering > > .... > > > > and from ssh -vvv > > .... > > ivan@XXX.XXX.XXX.XXX's password: > > debug3: packet_send2: adding 64 (len 59 padlen 5 extra_pad 64) > > debug2: we sent a password packet, wait for reply > > debug1: Authentications that can continue: publickey,password > > debug2: we did not send a packet, disable method > > debug1: No more authentication methods to try. > > Permission denied (publickey,password). > > .... > > Looks like you've either changed your PAM configuration from the > defaults or disabled keyboard-interactive. What changes have you > made? I haven't made any changes in my PAM configuration. The funny thing is that if I create a new user then that user can ssh to the computer with no problems. I guess my account is screwed up somehow. The only thing that that went wrong when I installed 5-3-RELESE for first time like a week or two ago was when I tried to change my shell to bash. I didn't understand at the beginning that there is something like master.passwd. So I was editing the passwd file directly with a text editor. Then I discovered that actually nothing changes so I dug up a bit in the docs and used chpass to set it up correctly. Don't remember doing anything else to my account. Is that relevent to the ssh problem? Thanks, Ivan