From owner-freebsd-questions@freebsd.org Wed Feb 10 07:49:39 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CCD9653DCD7 for ; Wed, 10 Feb 2021 07:49:39 +0000 (UTC) (envelope-from pstreem@gmail.com) Received: from mail-il1-x129.google.com (mail-il1-x129.google.com [IPv6:2607:f8b0:4864:20::129]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DbBjt4lDkz3M5l for ; Wed, 10 Feb 2021 07:49:38 +0000 (UTC) (envelope-from pstreem@gmail.com) Received: by mail-il1-x129.google.com with SMTP id g9so1026768ilc.3 for ; Tue, 09 Feb 2021 23:49:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QkcMgFd51/xb6N2Njeeki1gg6j0y6X8IIovcKFY6G6I=; b=XBcjEOXMUqL9gQNvhb6cK/ZipWJjRBDU30nynasq8dRGRKIFiv4EqAeaCIkSHiNwC4 oy2/I1c8XXVTfymMACLD+1NGFLEBNSoD7O7y0aKK1Xmvd7YVC9Q5sI6cB+9klytdlIu3 bMx0HaNUhPNIQA1LIWssOk2cwAsiu2DrBOAmf7Fqse/Um2xPk1bIPElVPeDk5Oj2e4Ax M+ryApiixheDPrhChvbxecb0uo7th5taDaceRP61rse4lFhm7tbB77Z2YNc/A4FgJ3Gs WqzFALNGZ1/oqfAAM+oNG0ebgjwzeP6WLm5GZvvuQoDTe0Y9CzsSAN+P8LcoMTeV/7xd hrUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QkcMgFd51/xb6N2Njeeki1gg6j0y6X8IIovcKFY6G6I=; b=fuxg7wnEg204Y9Rf3eoB4wb18KgQ2LZxV0RSuNhsSvRqz0JxBjzG6X0JcTYFm8h3Le JPeKDg6LATAbQGB/tp2PfnjCNM15OzxpMbibDGYfcGdyzXLtbqnN5Y1Hy4CpsNuidCkx B0MZEMkVF/Hm7jEJjO3NdN97DEM383x8Oj4cFWcrcil8UMlE6j2U90VlafKppnoLWBTF GFhH6Wv52uypKyV1sMR5IP2UZj3J9OT6tpLnMHBb+3/Kziw4/COAQVDW0YQ4TUmFicpp DghvK5+lXPFfGOcSWYvLGWsGBqMgn+aY+z/fqcYZ3nNCyDDzSRDCDqzSzgeJ3auWp5XD tWuQ== X-Gm-Message-State: AOAM530vEFfqOGmkRZzmFmk57LtRMnq5QLlJqqT6CpUh2LQOqLGEmbWj Oax0PcYqiOvAAy+m9fBb21o30PZbZvKibRGlHBJUknYd/a5csQ== X-Google-Smtp-Source: ABdhPJzfiMK9QV7Rcl1BhHwkotbrpmyz/AoATaQlovoS9qvU6iEhQRABD05sp92FEztprgn8gCsGc7WbRG1bYpNv+0A= X-Received: by 2002:a05:6e02:1be1:: with SMTP id y1mr1769037ilv.101.1612943377506; Tue, 09 Feb 2021 23:49:37 -0800 (PST) MIME-Version: 1.0 References: <06077d2d-2eda-e27a-6b8c-1a4c5ef361aa@baywinds.org> In-Reply-To: <06077d2d-2eda-e27a-6b8c-1a4c5ef361aa@baywinds.org> From: PstreeM China Date: Wed, 10 Feb 2021 15:49:26 +0800 Message-ID: Subject: Re: Permission denied via ssh over ipv6 To: Bruce Ferrell Cc: freebsd-questions@freebsd.org X-Rspamd-Queue-Id: 4DbBjt4lDkz3M5l X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=XBcjEOXM; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of pstreem@gmail.com designates 2607:f8b0:4864:20::129 as permitted sender) smtp.mailfrom=pstreem@gmail.com X-Spamd-Result: default: False [-4.00 / 15.00]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::129:from]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::129:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::129:from]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Feb 2021 07:49:39 -0000 Checked the /etc/ssh/sshd_config, the parameter of AddressFamily is =E2=80= =9CAny=E2=80=9D. That is default value. On Wed, Feb 10, 2021 at 14:42 Bruce Ferrell wrote: > > Check the /etc/ssh/sshd_config file for this parameter: > > AddressFamily > > if it is set to inet, only ipv4 will work > > if it is set to any, both ipv4 and ipv6 will work > > It can be set to inet6 to make only ipv6 work > > > > On 2/9/21 10:30 PM, PstreeM China wrote: > > hi: > > > > thanks for your quickly reply. > > ssh -vvv log as below, we can see the connection has already establishe= d, > > but after input the password, it's not work.. > > i'am sure the password is right, try modify the passwd has the same > issue. > > > > about the DNS PTRs, how should i do ? the source is my home pc, not hav= e > > DNS domain. > > > > -------------------------------- > > rpi% ssh myuser@2607:f130::6287 -vvv > > OpenSSH_7.9p1, OpenSSL 1.1.1h-freebsd 22 Sep 2020 > > debug1: Reading configuration data /etc/ssh/ssh_config > > debug2: resolve_canonicalize: hostname 2607:f130::6287 is address > > debug2: ssh_connect_direct > > debug1: Connecting to 2607:f130::6287 [2607:f130::6287] port 22. > > debug1: Connection established. > > debug1: identity file /home/myuser/.ssh/id_rsa type 0 > > debug1: identity file /home/myuser/.ssh/id_rsa-cert type -1 > > debug1: identity file /home/myuser/.ssh/id_dsa type -1 > > debug1: identity file /home/myuser/.ssh/id_dsa-cert type -1 > > debug1: identity file /home/myuser/.ssh/id_ecdsa type -1 > > debug1: identity file /home/myuser/.ssh/id_ecdsa-cert type -1 > > debug1: identity file /home/myuser/.ssh/id_ed25519 type -1 > > debug1: identity file /home/myuser/.ssh/id_ed25519-cert type -1 > > debug1: identity file /home/myuser/.ssh/id_xmss type -1 > > debug1: identity file /home/myuser/.ssh/id_xmss-cert type -1 > > debug1: Local version string SSH-2.0-OpenSSH_7.9 FreeBSD-20200214 > > debug1: Remote protocol version 2.0, remote software version OpenSSH_7.= 4 > > debug1: match: OpenSSH_7.4 pat > > > OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_= 7.5*,OpenSSH_7.6*,OpenSSH_7.7* > > compat 0x04000002 > > debug2: fd 3 setting O_NONBLOCK > > debug1: Authenticating to 2607:f130::6287:22 as 'myuser' > > debug3: Fssh_hostkeys_foreach: reading file > "/home/myuser/.ssh/known_hosts" > > debug3: Fssh_record_hostkey: found key type ECDSA in file > > /home/myuser/.ssh/known_hosts:21 > > debug3: Fssh_load_hostkeys: loaded 1 keys from 2607:f130::6287 > > debug3: order_hostkeyalgs: prefer hostkeyalgs: > > ecdsa-sha2-nistp256-cert-v01@openssh.com, > > ecdsa-sha2-nistp384-cert-v01@openssh.com > > ,ecdsa-sha2-nistp521-cert-v01@openssh. > > com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 > > debug3: send packet: type 20 > > debug1: SSH2_MSG_KEXINIT sent > > debug3: receive packet: type 20 > > debug1: SSH2_MSG_KEXINIT received > > debug2: local client KEXINIT proposal > > debug2: KEX algorithms: > > curve25519-sha256,curve25519-sha256@libssh.org > ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-= group-exchange-sha256,d > > > > > iffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellma= n-group14-sha256,diffie-hellman-group14-sha1,ext-info-c > > debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com, > > ecdsa-sha2-nistp384-cert-v01@openssh.com, > > ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nis > > tp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, > > ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com, > > rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@op > > enssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa > > debug2: ciphers ctos: chacha20-poly1305@openssh.com > > ,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com, > > aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc > > debug2: ciphers stoc: chacha20-poly1305@openssh.com > > ,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com, > > aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc > > debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com, > > hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, > > hmac-sha1-etm@openssh.com,umac-64@open > ssh.com, > > umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > > debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com, > > hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, > > hmac-sha1-etm@openssh.com,umac-64@open > ssh.com, > > umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > > debug2: compression ctos: none,zlib@openssh.com,zlib > > debug2: compression stoc: none,zlib@openssh.com,zlib > > debug2: languages ctos: > > debug2: languages stoc: > > debug2: first_kex_follows 0 > > debug2: reserved 0 > > debug2: peer server KEXINIT proposal > > debug2: KEX algorithms: > > curve25519-sha256,curve25519-sha256@libssh.org > ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-= group-exchange-sha256,d > > > > > iffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellma= n-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-= sha1,diffie-hellman > > -group1-sha1 > > debug2: host key algorithms: > > ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 > > debug2: ciphers ctos: chacha20-poly1305@openssh.com > > ,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com, > > aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,bl > > owfish-cbc,cast128-cbc,3des-cbc > > debug2: ciphers stoc: chacha20-poly1305@openssh.com > > ,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com, > > aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,bl > > owfish-cbc,cast128-cbc,3des-cbc > > debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com, > > hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, > > hmac-sha1-etm@openssh.com,umac-64@open > ssh.com, > > umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > > debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com, > > hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, > > hmac-sha1-etm@openssh.com,umac-64@open > ssh.com, > > umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > > debug2: compression ctos: none,zlib@openssh.com > > debug2: compression stoc: none,zlib@openssh.com > > debug2: languages ctos: > > debug2: languages stoc: > > debug2: first_kex_follows 0 > > debug2: reserved 0 > > debug1: kex: algorithm: curve25519-sha256 > > debug1: kex: host key algorithm: ecdsa-sha2-nistp256 > > debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: > > compression: none > > debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: > > compression: none > > debug3: send packet: type 30 > > debug1: expecting SSH2_MSG_KEX_ECDH_REPLY > > debug3: receive packet: type 31 > > debug1: Server host key: ecdsa-sha2-nistp256 > > SHA256:9b7zNAYeCT72LITVCmeGsXsT5IEsPWXh0FGtzIaR7rw > > debug3: verify_host_key_dns > > debug1: skipped DNS lookup for numerical hostname > > debug3: Fssh_hostkeys_foreach: reading file > "/home/myuser/.ssh/known_hosts" > > debug3: Fssh_record_hostkey: found key type ECDSA in file > > /home/myuser/.ssh/known_hosts:21 > > debug3: Fssh_load_hostkeys: loaded 1 keys from 2607:f130::6287 > > debug1: Host '2607:f130::6287' is known and matches the ECDSA host key. > > debug1: Found key in /home/myuser/.ssh/known_hosts:21 > > debug3: send packet: type 21 > > debug2: set_newkeys: mode 1 > > debug1: rekey after 134217728 blocks > > debug1: SSH2_MSG_NEWKEYS sent > > debug1: expecting SSH2_MSG_NEWKEYS > > debug3: receive packet: type 21 > > debug1: SSH2_MSG_NEWKEYS received > > debug2: set_newkeys: mode 0 > > debug1: rekey after 134217728 blocks > > debug1: Will attempt key: /home/myuser/.ssh/id_rsa RSA > > SHA256:uJkEs7DCUCz5Rsn8sSrWFEeJo8VSHZRRkDKrER8Obic > > debug1: Will attempt key: /home/myuser/.ssh/id_dsa > > debug1: Will attempt key: /home/myuser/.ssh/id_ecdsa > > debug1: Will attempt key: /home/myuser/.ssh/id_ed25519 > > debug1: Will attempt key: /home/myuser/.ssh/id_xmss > > debug2: pubkey_prepare: done > > debug3: send packet: type 5 > > debug3: receive packet: type 7 > > debug1: SSH2_MSG_EXT_INFO received > > debug1: Fssh_kex_input_ext_info: > server-sig-algs=3D > > debug3: receive packet: type 6 > > debug2: service_accept: ssh-userauth > > debug1: SSH2_MSG_SERVICE_ACCEPT received > > debug3: send packet: type 50 > > debug3: receive packet: type 51 > > debug1: Authentications that can continue: > > publickey,gssapi-keyex,gssapi-with-mic,password > > debug3: start over, passed a different list > > publickey,gssapi-keyex,gssapi-with-mic,password > > debug3: preferred publickey,keyboard-interactive,password > > debug3: authmethod_lookup publickey > > debug3: remaining preferred: keyboard-interactive,password > > debug3: authmethod_is_enabled publickey > > debug1: Next authentication method: publickey > > debug1: Offering public key: /home/myuser/.ssh/id_rsa RSA > > SHA256:uJkEs7DCUCz5Rsn8sSrWFEeJo8VSHZRRkDKrER8Obic > > debug3: send packet: type 50 > > debug2: we sent a publickey packet, wait for reply > > debug3: receive packet: type 51 > > debug1: Authentications that can continue: > > publickey,gssapi-keyex,gssapi-with-mic,password > > debug1: Trying private key: /home/myuser/.ssh/id_dsa > > debug3: no such identity: /home/myuser/.ssh/id_dsa: No such file or > > directory > > debug1: Trying private key: /home/myuser/.ssh/id_ecdsa > > debug3: no such identity: /home/myuser/.ssh/id_ecdsa: No such file or > > directory > > debug1: Trying private key: /home/myuser/.ssh/id_ed25519 > > debug3: no such identity: /home/myuser/.ssh/id_ed25519: No such file or > > directory > > debug1: Trying private key: /home/myuser/.ssh/id_xmss > > debug3: no such identity: /home/myuser/.ssh/id_xmss: No such file or > > directory > > debug2: we did not send a packet, disable method > > debug3: authmethod_lookup password > > debug3: remaining preferred: ,password > > debug3: authmethod_is_enabled password > > debug1: Next authentication method: password > > myuser@2607:f130::6287's password: > > debug3: send packet: type 50 > > debug2: we sent a password packet, wait for reply > > debug3: receive packet: type 51 > > debug1: Authentications that can continue: > > publickey,gssapi-keyex,gssapi-with-mic,password > > Permission denied, please try again. > > myuser@2607:f130::6287's password: > > debug3: send packet: type 50 > > debug2: we sent a password packet, wait for reply > > debug3: receive packet: type 51 > > debug1: Authentications that can continue: > > publickey,gssapi-keyex,gssapi-with-mic,password > > Permission denied, please try again. > > myuser@2607:f130::6287's password: > > > > On Wed, Feb 10, 2021 at 1:18 PM Doug McIntyre wrote: > > > >> On Wed, Feb 10, 2021 at 11:47:08AM +0800, PstreeM China wrote: > >>> Very thanks, this problem has searched from google, but not find the > >>> solution to fix this issue. > >>> > >>> new install FreeBSD in virtual machine. > >>> Freebsd version is 12.2 > >>> Duel stack support ipv4 and ipv6; enable sshd as default. > >>> I can ping the ipv4 and ipv6 address. > >>> > >>> The problem is: > >>> SSH over ipv4 is work well. > >>> But ssh over ipv6, Can be connected, but after input the password, it > is > >>> failed , give the notify : permission denied. > >>> can not log into the server. > >>> I am sure the password is right. > >> > >> Have you run 'ssh -vvv' to see all the very verbose debug information? > >> > >> Do you have proper DNS PTRs setup for your IPv6 block? It could be > >> blocked by mismatch reverse DNS. > >> > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >