Date: Wed, 10 Feb 2021 15:49:26 +0800 From: PstreeM China <pstreem@gmail.com> To: Bruce Ferrell <bferrell@baywinds.org> Cc: freebsd-questions@freebsd.org Subject: Re: Permission denied via ssh over ipv6 Message-ID: <CAPDFJPi4MKRVbPe7xDwACHBgUNgQ-3R99=cqssXsq3qxaOSxxw@mail.gmail.com> In-Reply-To: <06077d2d-2eda-e27a-6b8c-1a4c5ef361aa@baywinds.org> References: <CAPDFJPjF19_9kRG0ff5r0cmD=-GpnYjdZNaCTyJEj-Bogw0qEw@mail.gmail.com> <YCNsdWk019SBpLdg@geeks.org> <CAPDFJPjL8EdVfeH43=35cLxRGyE388JYY9qD5JB=gsdwhTh6ag@mail.gmail.com> <06077d2d-2eda-e27a-6b8c-1a4c5ef361aa@baywinds.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Checked the /etc/ssh/sshd_config, the parameter of AddressFamily is =E2=80= =9CAny=E2=80=9D. That is default value. On Wed, Feb 10, 2021 at 14:42 Bruce Ferrell <bferrell@baywinds.org> wrote: > > Check the /etc/ssh/sshd_config file for this parameter: > > AddressFamily > > if it is set to inet, only ipv4 will work > > if it is set to any, both ipv4 and ipv6 will work > > It can be set to inet6 to make only ipv6 work > > > > On 2/9/21 10:30 PM, PstreeM China wrote: > > hi: > > > > thanks for your quickly reply. > > ssh -vvv log as below, we can see the connection has already establishe= d, > > but after input the password, it's not work.. > > i'am sure the password is right, try modify the passwd has the same > issue. > > > > about the DNS PTRs, how should i do ? the source is my home pc, not hav= e > > DNS domain. > > > > -------------------------------- > > rpi% ssh myuser@2607:f130::6287 -vvv > > OpenSSH_7.9p1, OpenSSL 1.1.1h-freebsd 22 Sep 2020 > > debug1: Reading configuration data /etc/ssh/ssh_config > > debug2: resolve_canonicalize: hostname 2607:f130::6287 is address > > debug2: ssh_connect_direct > > debug1: Connecting to 2607:f130::6287 [2607:f130::6287] port 22. > > debug1: Connection established. > > debug1: identity file /home/myuser/.ssh/id_rsa type 0 > > debug1: identity file /home/myuser/.ssh/id_rsa-cert type -1 > > debug1: identity file /home/myuser/.ssh/id_dsa type -1 > > debug1: identity file /home/myuser/.ssh/id_dsa-cert type -1 > > debug1: identity file /home/myuser/.ssh/id_ecdsa type -1 > > debug1: identity file /home/myuser/.ssh/id_ecdsa-cert type -1 > > debug1: identity file /home/myuser/.ssh/id_ed25519 type -1 > > debug1: identity file /home/myuser/.ssh/id_ed25519-cert type -1 > > debug1: identity file /home/myuser/.ssh/id_xmss type -1 > > debug1: identity file /home/myuser/.ssh/id_xmss-cert type -1 > > debug1: Local version string SSH-2.0-OpenSSH_7.9 FreeBSD-20200214 > > debug1: Remote protocol version 2.0, remote software version OpenSSH_7.= 4 > > debug1: match: OpenSSH_7.4 pat > > > OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_= 7.5*,OpenSSH_7.6*,OpenSSH_7.7* > > compat 0x04000002 > > debug2: fd 3 setting O_NONBLOCK > > debug1: Authenticating to 2607:f130::6287:22 as 'myuser' > > debug3: Fssh_hostkeys_foreach: reading file > "/home/myuser/.ssh/known_hosts" > > debug3: Fssh_record_hostkey: found key type ECDSA in file > > /home/myuser/.ssh/known_hosts:21 > > debug3: Fssh_load_hostkeys: loaded 1 keys from 2607:f130::6287 > > debug3: order_hostkeyalgs: prefer hostkeyalgs: > > ecdsa-sha2-nistp256-cert-v01@openssh.com, > > ecdsa-sha2-nistp384-cert-v01@openssh.com > > ,ecdsa-sha2-nistp521-cert-v01@openssh. > > com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 > > debug3: send packet: type 20 > > debug1: SSH2_MSG_KEXINIT sent > > debug3: receive packet: type 20 > > debug1: SSH2_MSG_KEXINIT received > > debug2: local client KEXINIT proposal > > debug2: KEX algorithms: > > curve25519-sha256,curve25519-sha256@libssh.org > ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-= group-exchange-sha256,d > > > > > iffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellma= n-group14-sha256,diffie-hellman-group14-sha1,ext-info-c > > debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com, > > ecdsa-sha2-nistp384-cert-v01@openssh.com, > > ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nis > > tp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, > > ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com, > > rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@op > > enssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa > > debug2: ciphers ctos: chacha20-poly1305@openssh.com > > ,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com, > > aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc > > debug2: ciphers stoc: chacha20-poly1305@openssh.com > > ,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com, > > aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc > > debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com, > > hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, > > hmac-sha1-etm@openssh.com,umac-64@open > ssh.com, > > umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > > debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com, > > hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, > > hmac-sha1-etm@openssh.com,umac-64@open > ssh.com, > > umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > > debug2: compression ctos: none,zlib@openssh.com,zlib > > debug2: compression stoc: none,zlib@openssh.com,zlib > > debug2: languages ctos: > > debug2: languages stoc: > > debug2: first_kex_follows 0 > > debug2: reserved 0 > > debug2: peer server KEXINIT proposal > > debug2: KEX algorithms: > > curve25519-sha256,curve25519-sha256@libssh.org > ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-= group-exchange-sha256,d > > > > > iffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellma= n-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-= sha1,diffie-hellman > > -group1-sha1 > > debug2: host key algorithms: > > ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 > > debug2: ciphers ctos: chacha20-poly1305@openssh.com > > ,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com, > > aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,bl > > owfish-cbc,cast128-cbc,3des-cbc > > debug2: ciphers stoc: chacha20-poly1305@openssh.com > > ,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com, > > aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,bl > > owfish-cbc,cast128-cbc,3des-cbc > > debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com, > > hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, > > hmac-sha1-etm@openssh.com,umac-64@open > ssh.com, > > umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > > debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com, > > hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, > > hmac-sha1-etm@openssh.com,umac-64@open > ssh.com, > > umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > > debug2: compression ctos: none,zlib@openssh.com > > debug2: compression stoc: none,zlib@openssh.com > > debug2: languages ctos: > > debug2: languages stoc: > > debug2: first_kex_follows 0 > > debug2: reserved 0 > > debug1: kex: algorithm: curve25519-sha256 > > debug1: kex: host key algorithm: ecdsa-sha2-nistp256 > > debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: > > <implicit> compression: none > > debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: > > <implicit> compression: none > > debug3: send packet: type 30 > > debug1: expecting SSH2_MSG_KEX_ECDH_REPLY > > debug3: receive packet: type 31 > > debug1: Server host key: ecdsa-sha2-nistp256 > > SHA256:9b7zNAYeCT72LITVCmeGsXsT5IEsPWXh0FGtzIaR7rw > > debug3: verify_host_key_dns > > debug1: skipped DNS lookup for numerical hostname > > debug3: Fssh_hostkeys_foreach: reading file > "/home/myuser/.ssh/known_hosts" > > debug3: Fssh_record_hostkey: found key type ECDSA in file > > /home/myuser/.ssh/known_hosts:21 > > debug3: Fssh_load_hostkeys: loaded 1 keys from 2607:f130::6287 > > debug1: Host '2607:f130::6287' is known and matches the ECDSA host key. > > debug1: Found key in /home/myuser/.ssh/known_hosts:21 > > debug3: send packet: type 21 > > debug2: set_newkeys: mode 1 > > debug1: rekey after 134217728 blocks > > debug1: SSH2_MSG_NEWKEYS sent > > debug1: expecting SSH2_MSG_NEWKEYS > > debug3: receive packet: type 21 > > debug1: SSH2_MSG_NEWKEYS received > > debug2: set_newkeys: mode 0 > > debug1: rekey after 134217728 blocks > > debug1: Will attempt key: /home/myuser/.ssh/id_rsa RSA > > SHA256:uJkEs7DCUCz5Rsn8sSrWFEeJo8VSHZRRkDKrER8Obic > > debug1: Will attempt key: /home/myuser/.ssh/id_dsa > > debug1: Will attempt key: /home/myuser/.ssh/id_ecdsa > > debug1: Will attempt key: /home/myuser/.ssh/id_ed25519 > > debug1: Will attempt key: /home/myuser/.ssh/id_xmss > > debug2: pubkey_prepare: done > > debug3: send packet: type 5 > > debug3: receive packet: type 7 > > debug1: SSH2_MSG_EXT_INFO received > > debug1: Fssh_kex_input_ext_info: > server-sig-algs=3D<rsa-sha2-256,rsa-sha2-512> > > debug3: receive packet: type 6 > > debug2: service_accept: ssh-userauth > > debug1: SSH2_MSG_SERVICE_ACCEPT received > > debug3: send packet: type 50 > > debug3: receive packet: type 51 > > debug1: Authentications that can continue: > > publickey,gssapi-keyex,gssapi-with-mic,password > > debug3: start over, passed a different list > > publickey,gssapi-keyex,gssapi-with-mic,password > > debug3: preferred publickey,keyboard-interactive,password > > debug3: authmethod_lookup publickey > > debug3: remaining preferred: keyboard-interactive,password > > debug3: authmethod_is_enabled publickey > > debug1: Next authentication method: publickey > > debug1: Offering public key: /home/myuser/.ssh/id_rsa RSA > > SHA256:uJkEs7DCUCz5Rsn8sSrWFEeJo8VSHZRRkDKrER8Obic > > debug3: send packet: type 50 > > debug2: we sent a publickey packet, wait for reply > > debug3: receive packet: type 51 > > debug1: Authentications that can continue: > > publickey,gssapi-keyex,gssapi-with-mic,password > > debug1: Trying private key: /home/myuser/.ssh/id_dsa > > debug3: no such identity: /home/myuser/.ssh/id_dsa: No such file or > > directory > > debug1: Trying private key: /home/myuser/.ssh/id_ecdsa > > debug3: no such identity: /home/myuser/.ssh/id_ecdsa: No such file or > > directory > > debug1: Trying private key: /home/myuser/.ssh/id_ed25519 > > debug3: no such identity: /home/myuser/.ssh/id_ed25519: No such file or > > directory > > debug1: Trying private key: /home/myuser/.ssh/id_xmss > > debug3: no such identity: /home/myuser/.ssh/id_xmss: No such file or > > directory > > debug2: we did not send a packet, disable method > > debug3: authmethod_lookup password > > debug3: remaining preferred: ,password > > debug3: authmethod_is_enabled password > > debug1: Next authentication method: password > > myuser@2607:f130::6287's password: > > debug3: send packet: type 50 > > debug2: we sent a password packet, wait for reply > > debug3: receive packet: type 51 > > debug1: Authentications that can continue: > > publickey,gssapi-keyex,gssapi-with-mic,password > > Permission denied, please try again. > > myuser@2607:f130::6287's password: > > debug3: send packet: type 50 > > debug2: we sent a password packet, wait for reply > > debug3: receive packet: type 51 > > debug1: Authentications that can continue: > > publickey,gssapi-keyex,gssapi-with-mic,password > > Permission denied, please try again. > > myuser@2607:f130::6287's password: > > > > On Wed, Feb 10, 2021 at 1:18 PM Doug McIntyre <merlyn@geeks.org> wrote: > > > >> On Wed, Feb 10, 2021 at 11:47:08AM +0800, PstreeM China wrote: > >>> Very thanks, this problem has searched from google, but not find the > >>> solution to fix this issue. > >>> > >>> new install FreeBSD in virtual machine. > >>> Freebsd version is 12.2 > >>> Duel stack support ipv4 and ipv6; enable sshd as default. > >>> I can ping the ipv4 and ipv6 address. > >>> > >>> The problem is: > >>> SSH over ipv4 is work well. > >>> But ssh over ipv6, Can be connected, but after input the password, it > is > >>> failed , give the notify : permission denied. > >>> can not log into the server. > >>> I am sure the password is right. > >> > >> Have you run 'ssh -vvv' to see all the very verbose debug information? > >> > >> Do you have proper DNS PTRs setup for your IPv6 block? It could be > >> blocked by mismatch reverse DNS. > >> > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPDFJPi4MKRVbPe7xDwACHBgUNgQ-3R99=cqssXsq3qxaOSxxw>