Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 10 Feb 2021 15:49:26 +0800
From:      PstreeM China <pstreem@gmail.com>
To:        Bruce Ferrell <bferrell@baywinds.org>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Permission denied via ssh over ipv6
Message-ID:  <CAPDFJPi4MKRVbPe7xDwACHBgUNgQ-3R99=cqssXsq3qxaOSxxw@mail.gmail.com>
In-Reply-To: <06077d2d-2eda-e27a-6b8c-1a4c5ef361aa@baywinds.org>
References:  <CAPDFJPjF19_9kRG0ff5r0cmD=-GpnYjdZNaCTyJEj-Bogw0qEw@mail.gmail.com> <YCNsdWk019SBpLdg@geeks.org> <CAPDFJPjL8EdVfeH43=35cLxRGyE388JYY9qD5JB=gsdwhTh6ag@mail.gmail.com> <06077d2d-2eda-e27a-6b8c-1a4c5ef361aa@baywinds.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Checked the /etc/ssh/sshd_config, the parameter of AddressFamily is =E2=80=
=9CAny=E2=80=9D.

That is default value.

On Wed, Feb 10, 2021 at 14:42 Bruce Ferrell <bferrell@baywinds.org> wrote:

>
> Check the /etc/ssh/sshd_config file for this parameter:
>
> AddressFamily
>
> if it is set to inet, only ipv4 will work
>
> if it is set to any, both ipv4 and ipv6 will work
>
> It can be set to inet6 to make only ipv6 work
>
>
>
> On 2/9/21 10:30 PM, PstreeM China wrote:
> > hi:
> >
> > thanks for your quickly reply.
> > ssh -vvv log as below, we can see the connection has already establishe=
d,
> > but after input the password, it's not work..
> > i'am sure the password is right, try modify the passwd has the same
> issue.
> >
> > about the DNS PTRs, how should i do ? the source is my home pc, not hav=
e
> > DNS domain.
> >
> > --------------------------------
> > rpi% ssh myuser@2607:f130::6287 -vvv
> > OpenSSH_7.9p1, OpenSSL 1.1.1h-freebsd  22 Sep 2020
> > debug1: Reading configuration data /etc/ssh/ssh_config
> > debug2: resolve_canonicalize: hostname 2607:f130::6287 is address
> > debug2: ssh_connect_direct
> > debug1: Connecting to 2607:f130::6287 [2607:f130::6287] port 22.
> > debug1: Connection established.
> > debug1: identity file /home/myuser/.ssh/id_rsa type 0
> > debug1: identity file /home/myuser/.ssh/id_rsa-cert type -1
> > debug1: identity file /home/myuser/.ssh/id_dsa type -1
> > debug1: identity file /home/myuser/.ssh/id_dsa-cert type -1
> > debug1: identity file /home/myuser/.ssh/id_ecdsa type -1
> > debug1: identity file /home/myuser/.ssh/id_ecdsa-cert type -1
> > debug1: identity file /home/myuser/.ssh/id_ed25519 type -1
> > debug1: identity file /home/myuser/.ssh/id_ed25519-cert type -1
> > debug1: identity file /home/myuser/.ssh/id_xmss type -1
> > debug1: identity file /home/myuser/.ssh/id_xmss-cert type -1
> > debug1: Local version string SSH-2.0-OpenSSH_7.9 FreeBSD-20200214
> > debug1: Remote protocol version 2.0, remote software version OpenSSH_7.=
4
> > debug1: match: OpenSSH_7.4 pat
> >
> OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_=
7.5*,OpenSSH_7.6*,OpenSSH_7.7*
> > compat 0x04000002
> > debug2: fd 3 setting O_NONBLOCK
> > debug1: Authenticating to 2607:f130::6287:22 as 'myuser'
> > debug3: Fssh_hostkeys_foreach: reading file
> "/home/myuser/.ssh/known_hosts"
> > debug3: Fssh_record_hostkey: found key type ECDSA in file
> > /home/myuser/.ssh/known_hosts:21
> > debug3: Fssh_load_hostkeys: loaded 1 keys from 2607:f130::6287
> > debug3: order_hostkeyalgs: prefer hostkeyalgs:
> > ecdsa-sha2-nistp256-cert-v01@openssh.com,
> > ecdsa-sha2-nistp384-cert-v01@openssh.com
> > ,ecdsa-sha2-nistp521-cert-v01@openssh.
> >   com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
> > debug3: send packet: type 20
> > debug1: SSH2_MSG_KEXINIT sent
> > debug3: receive packet: type 20
> > debug1: SSH2_MSG_KEXINIT received
> > debug2: local client KEXINIT proposal
> > debug2: KEX algorithms:
> > curve25519-sha256,curve25519-sha256@libssh.org
> ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-=
group-exchange-sha256,d
> >
> >
>  iffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellma=
n-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
> > debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,
> > ecdsa-sha2-nistp384-cert-v01@openssh.com,
> > ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nis
> >           tp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
> > ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,
> > rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@op
> >         enssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
> > debug2: ciphers ctos: chacha20-poly1305@openssh.com
> > ,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,
> > aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
> > debug2: ciphers stoc: chacha20-poly1305@openssh.com
> > ,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,
> > aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
> > debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,
> > hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
> > hmac-sha1-etm@openssh.com,umac-64@open
> ssh.com,
> > umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
> > debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,
> > hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
> > hmac-sha1-etm@openssh.com,umac-64@open
> ssh.com,
> > umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
> > debug2: compression ctos: none,zlib@openssh.com,zlib
> > debug2: compression stoc: none,zlib@openssh.com,zlib
> > debug2: languages ctos:
> > debug2: languages stoc:
> > debug2: first_kex_follows 0
> > debug2: reserved 0
> > debug2: peer server KEXINIT proposal
> > debug2: KEX algorithms:
> > curve25519-sha256,curve25519-sha256@libssh.org
> ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-=
group-exchange-sha256,d
> >
> >
>  iffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellma=
n-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-=
sha1,diffie-hellman
> >                               -group1-sha1
> > debug2: host key algorithms:
> > ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
> > debug2: ciphers ctos: chacha20-poly1305@openssh.com
> > ,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,
> > aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,bl
> >               owfish-cbc,cast128-cbc,3des-cbc
> > debug2: ciphers stoc: chacha20-poly1305@openssh.com
> > ,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,
> > aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,bl
> >               owfish-cbc,cast128-cbc,3des-cbc
> > debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,
> > hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
> > hmac-sha1-etm@openssh.com,umac-64@open
> ssh.com,
> > umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
> > debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,
> > hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
> > hmac-sha1-etm@openssh.com,umac-64@open
> ssh.com,
> > umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
> > debug2: compression ctos: none,zlib@openssh.com
> > debug2: compression stoc: none,zlib@openssh.com
> > debug2: languages ctos:
> > debug2: languages stoc:
> > debug2: first_kex_follows 0
> > debug2: reserved 0
> > debug1: kex: algorithm: curve25519-sha256
> > debug1: kex: host key algorithm: ecdsa-sha2-nistp256
> > debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC:
> > <implicit> compression: none
> > debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC:
> > <implicit> compression: none
> > debug3: send packet: type 30
> > debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> > debug3: receive packet: type 31
> > debug1: Server host key: ecdsa-sha2-nistp256
> > SHA256:9b7zNAYeCT72LITVCmeGsXsT5IEsPWXh0FGtzIaR7rw
> > debug3: verify_host_key_dns
> > debug1: skipped DNS lookup for numerical hostname
> > debug3: Fssh_hostkeys_foreach: reading file
> "/home/myuser/.ssh/known_hosts"
> > debug3: Fssh_record_hostkey: found key type ECDSA in file
> > /home/myuser/.ssh/known_hosts:21
> > debug3: Fssh_load_hostkeys: loaded 1 keys from 2607:f130::6287
> > debug1: Host '2607:f130::6287' is known and matches the ECDSA host key.
> > debug1: Found key in /home/myuser/.ssh/known_hosts:21
> > debug3: send packet: type 21
> > debug2: set_newkeys: mode 1
> > debug1: rekey after 134217728 blocks
> > debug1: SSH2_MSG_NEWKEYS sent
> > debug1: expecting SSH2_MSG_NEWKEYS
> > debug3: receive packet: type 21
> > debug1: SSH2_MSG_NEWKEYS received
> > debug2: set_newkeys: mode 0
> > debug1: rekey after 134217728 blocks
> > debug1: Will attempt key: /home/myuser/.ssh/id_rsa RSA
> > SHA256:uJkEs7DCUCz5Rsn8sSrWFEeJo8VSHZRRkDKrER8Obic
> > debug1: Will attempt key: /home/myuser/.ssh/id_dsa
> > debug1: Will attempt key: /home/myuser/.ssh/id_ecdsa
> > debug1: Will attempt key: /home/myuser/.ssh/id_ed25519
> > debug1: Will attempt key: /home/myuser/.ssh/id_xmss
> > debug2: pubkey_prepare: done
> > debug3: send packet: type 5
> > debug3: receive packet: type 7
> > debug1: SSH2_MSG_EXT_INFO received
> > debug1: Fssh_kex_input_ext_info:
> server-sig-algs=3D<rsa-sha2-256,rsa-sha2-512>
> > debug3: receive packet: type 6
> > debug2: service_accept: ssh-userauth
> > debug1: SSH2_MSG_SERVICE_ACCEPT received
> > debug3: send packet: type 50
> > debug3: receive packet: type 51
> > debug1: Authentications that can continue:
> > publickey,gssapi-keyex,gssapi-with-mic,password
> > debug3: start over, passed a different list
> > publickey,gssapi-keyex,gssapi-with-mic,password
> > debug3: preferred publickey,keyboard-interactive,password
> > debug3: authmethod_lookup publickey
> > debug3: remaining preferred: keyboard-interactive,password
> > debug3: authmethod_is_enabled publickey
> > debug1: Next authentication method: publickey
> > debug1: Offering public key: /home/myuser/.ssh/id_rsa RSA
> > SHA256:uJkEs7DCUCz5Rsn8sSrWFEeJo8VSHZRRkDKrER8Obic
> > debug3: send packet: type 50
> > debug2: we sent a publickey packet, wait for reply
> > debug3: receive packet: type 51
> > debug1: Authentications that can continue:
> > publickey,gssapi-keyex,gssapi-with-mic,password
> > debug1: Trying private key: /home/myuser/.ssh/id_dsa
> > debug3: no such identity: /home/myuser/.ssh/id_dsa: No such file or
> > directory
> > debug1: Trying private key: /home/myuser/.ssh/id_ecdsa
> > debug3: no such identity: /home/myuser/.ssh/id_ecdsa: No such file or
> > directory
> > debug1: Trying private key: /home/myuser/.ssh/id_ed25519
> > debug3: no such identity: /home/myuser/.ssh/id_ed25519: No such file or
> > directory
> > debug1: Trying private key: /home/myuser/.ssh/id_xmss
> > debug3: no such identity: /home/myuser/.ssh/id_xmss: No such file or
> > directory
> > debug2: we did not send a packet, disable method
> > debug3: authmethod_lookup password
> > debug3: remaining preferred: ,password
> > debug3: authmethod_is_enabled password
> > debug1: Next authentication method: password
> > myuser@2607:f130::6287's password:
> > debug3: send packet: type 50
> > debug2: we sent a password packet, wait for reply
> > debug3: receive packet: type 51
> > debug1: Authentications that can continue:
> > publickey,gssapi-keyex,gssapi-with-mic,password
> > Permission denied, please try again.
> > myuser@2607:f130::6287's password:
> > debug3: send packet: type 50
> > debug2: we sent a password packet, wait for reply
> > debug3: receive packet: type 51
> > debug1: Authentications that can continue:
> > publickey,gssapi-keyex,gssapi-with-mic,password
> > Permission denied, please try again.
> > myuser@2607:f130::6287's password:
> >
> > On Wed, Feb 10, 2021 at 1:18 PM Doug McIntyre <merlyn@geeks.org> wrote:
> >
> >> On Wed, Feb 10, 2021 at 11:47:08AM +0800, PstreeM China wrote:
> >>> Very thanks, this problem has searched from google, but not find the
> >>> solution to fix this issue.
> >>>
> >>> new install FreeBSD in virtual machine.
> >>> Freebsd version is 12.2
> >>> Duel stack support ipv4 and ipv6; enable sshd as default.
> >>> I can ping the ipv4 and ipv6 address.
> >>>
> >>> The problem is:
> >>> SSH over ipv4 is work well.
> >>> But ssh over ipv6, Can be connected, but after input the password, it
> is
> >>> failed , give the notify : permission denied.
> >>> can not log into the server.
> >>> I am sure the password is right.
> >>
> >> Have you run 'ssh -vvv' to see all the very verbose debug information?
> >>
> >> Do you have proper DNS PTRs setup for your IPv6 block? It could be
> >> blocked by mismatch reverse DNS.
> >>
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe@freebsd.org"
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPDFJPi4MKRVbPe7xDwACHBgUNgQ-3R99=cqssXsq3qxaOSxxw>