sun ssh without a password again
in [Solaris]
|
From: The Derfer on 15 Feb 2010 09:52 I'm positive I have all the settings right. I know I copied keys over correctly and I checked things 100x by now. And the damn thing still doesn't work. Here's verbose output ... what could I be missing?? Thank you. -bash-3.2$ /usr/bin/ssh -vvv server Sun_SSH_1.1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090700f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to server [10.156.80.14] port 22. debug1: Connection established. debug1: identity file /export/home/bea//.ssh/identity type -1 debug1: identity file /export/home/bea//.ssh/id_rsa type -1 debug3: Not a RSA1 key file /export/home/bea//.ssh/id_dsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: no key found debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: no key found debug1: identity file /export/home/bea//.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.1 debug1: match: Sun_SSH_1.1.1 pat Sun_SSH_1.1.1* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-Sun_SSH_1.1.1 debug1: SSH2_MSG_KEXINIT sent debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0 debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie- hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des- cbc,blowfish-cbc debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des- cbc,blowfish-cbc debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: en-US debug2: kex_parse_kexinit: en-US debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie- hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,blowfish-cbc,3des-cbc debug2: kex_parse_kexinit: aes128-cbc,blowfish-cbc,3des-cbc debug2: kex_parse_kexinit: hmac-sha1,hmac-md5 debug2: kex_parse_kexinit: hmac-sha1,hmac-md5 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: en-CA,en-US,es,es-MX,fr,fr-CA,i-default debug2: kex_parse_kexinit: en-CA,en-US,es,es-MX,fr,fr-CA,i-default debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: Peer sent proposed langtags, ctos: en-CA,en-US,es,es-MX,fr,fr- CA,i-default debug1: Peer sent proposed langtags, stoc: en-CA,en-US,es,es-MX,fr,fr- CA,i-default debug1: We proposed langtags, ctos: en-US debug1: We proposed langtags, stoc: en-US debug1: Negotiated lang: en-US debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: Remote: Negotiated main locale: en_US debug1: Remote: Negotiated messages locale: en_US debug1: dh_gen_key: priv key bits set: 149/256 debug1: bits set: 1581/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /export/home/bea//.ssh/ known_hosts debug3: check_host_in_hostfile: match line 6 debug3: check_host_in_hostfile: filename /export/home/bea//.ssh/ known_hosts debug3: check_host_in_hostfile: match line 6 debug1: Host 'server' is known and matches the RSA host key. debug1: Found key in /export/home/bea//.ssh/known_hosts:6 debug1: bits set: 1636/3191 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0 debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug2: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug3: input_userauth_banner ***WARNING*** This system is a restricted access system. All activity on this system is subject to monitoring. If information collected reveals possible criminal activity of activity that exceeds privileges, evidence of such activity may be provided to the relevant authorities for further action. By continuing past this point, you expressly consent to this monitoring. debug1: Authentications that can continue: gssapi-keyex,gssapi-with- mic,publickey,password,keyboard-interactive debug3: start over, passed a different list gssapi-keyex,gssapi-with- mic,publickey,password,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /export/home/bea//.ssh/identity debug3: no such identity: /export/home/bea//.ssh/identity debug1: Trying private key: /export/home/bea//.ssh/id_rsa debug3: no such identity: /export/home/bea//.ssh/id_rsa debug1: Trying public key: /export/home/bea//.ssh/id_dsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: gssapi-keyex,gssapi-with- mic,publickey,password,keyboard-interactive debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug1: Authentications that can continue: gssapi-keyex,gssapi-with- mic,publickey,password,keyboard-interactive debug3: userauth_kbdint: disable: no info_req_seen debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: debug3: authmethod_is_enabled password debug1: Next authentication method: password edocs(a)server's password:
From: Zfs.. on 15 Feb 2010 13:25 On Feb 15, 2:52 pm, The Derfer <derf...(a)gmail.com> wrote: > I'm positive I have all the settings right. > I know I copied keys over correctly and I checked things 100x by now. > And the damn thing still doesn't work. > Here's verbose output ... what could I be missing?? > Thank you. > > -bash-3.2$ /usr/bin/ssh -vvv server > Sun_SSH_1.1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090700f > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Rhosts Authentication disabled, originating port will not be > trusted. > debug1: ssh_connect: needpriv 0 > debug1: Connecting to server [10.156.80.14] port 22. > debug1: Connection established. > debug1: identity file /export/home/bea//.ssh/identity type -1 > debug1: identity file /export/home/bea//.ssh/id_rsa type -1 > debug3: Not a RSA1 key file /export/home/bea//.ssh/id_dsa. > debug2: key_type_from_name: unknown key type '-----BEGIN' > debug3: key_read: no key found > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug3: key_read: no space > debug2: key_type_from_name: unknown key type '-----END' > debug3: key_read: no key found > debug1: identity file /export/home/bea//.ssh/id_dsa type 2 > debug1: Remote protocol version 2.0, remote software version > Sun_SSH_1.1.1 > debug1: match: Sun_SSH_1.1.1 pat Sun_SSH_1.1.1* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-Sun_SSH_1.1.1 > debug1: SSH2_MSG_KEXINIT sent > debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 > && !0 > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie- > hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des- > cbc,blowfish-cbc > debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des- > cbc,blowfish-cbc > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: en-US > debug2: kex_parse_kexinit: en-US > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie- > hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: aes128-cbc,blowfish-cbc,3des-cbc > debug2: kex_parse_kexinit: aes128-cbc,blowfish-cbc,3des-cbc > debug2: kex_parse_kexinit: hmac-sha1,hmac-md5 > debug2: kex_parse_kexinit: hmac-sha1,hmac-md5 > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: en-CA,en-US,es,es-MX,fr,fr-CA,i-default > debug2: kex_parse_kexinit: en-CA,en-US,es,es-MX,fr,fr-CA,i-default > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_init: found hmac-md5 > debug1: kex: server->client aes128-cbc hmac-md5 none > debug2: mac_init: found hmac-md5 > debug1: kex: client->server aes128-cbc hmac-md5 none > debug1: Peer sent proposed langtags, ctos: en-CA,en-US,es,es-MX,fr,fr- > CA,i-default > debug1: Peer sent proposed langtags, stoc: en-CA,en-US,es,es-MX,fr,fr- > CA,i-default > debug1: We proposed langtags, ctos: en-US > debug1: We proposed langtags, stoc: en-US > debug1: Negotiated lang: en-US > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug1: Remote: Negotiated main locale: en_US > debug1: Remote: Negotiated messages locale: en_US > debug1: dh_gen_key: priv key bits set: 149/256 > debug1: bits set: 1581/3191 > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug3: check_host_in_hostfile: filename /export/home/bea//.ssh/ > known_hosts > debug3: check_host_in_hostfile: match line 6 > debug3: check_host_in_hostfile: filename /export/home/bea//.ssh/ > known_hosts > debug3: check_host_in_hostfile: match line 6 > debug1: Host 'server' is known and matches the RSA host key. > debug1: Found key in /export/home/bea//.ssh/known_hosts:6 > debug1: bits set: 1636/3191 > debug1: ssh_rsa_verify: signature correct > debug2: kex_derive_keys > debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 > && !0 > debug1: newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: done: ssh_kex2. > debug1: send SSH2_MSG_SERVICE_REQUEST > debug2: service_accept: ssh-userauth > debug1: got SSH2_MSG_SERVICE_ACCEPT > debug3: input_userauth_banner > > ***WARNING*** > > This system is a restricted access system. All activity on this > system is > subject to monitoring. If information collected reveals possible > criminal > activity of activity that exceeds privileges, evidence of such > activity may > be provided to the relevant authorities for further action. By > continuing past > this point, you expressly consent to this monitoring. > > debug1: Authentications that can continue: gssapi-keyex,gssapi-with- > mic,publickey,password,keyboard-interactive > debug3: start over, passed a different list gssapi-keyex,gssapi-with- > mic,publickey,password,keyboard-interactive > debug3: preferred publickey,keyboard-interactive,password > debug3: authmethod_lookup publickey > debug3: remaining preferred: keyboard-interactive,password > debug3: authmethod_is_enabled publickey > debug1: Next authentication method: publickey > debug1: Trying private key: /export/home/bea//.ssh/identity > debug3: no such identity: /export/home/bea//.ssh/identity > debug1: Trying private key: /export/home/bea//.ssh/id_rsa > debug3: no such identity: /export/home/bea//.ssh/id_rsa > debug1: Trying public key: /export/home/bea//.ssh/id_dsa > debug3: send_pubkey_test > debug2: we sent a publickey packet, wait for reply > debug1: Authentications that can continue: gssapi-keyex,gssapi-with- > mic,publickey,password,keyboard-interactive > debug2: we did not send a packet, disable method > debug3: authmethod_lookup keyboard-interactive > debug3: remaining preferred: password > debug3: authmethod_is_enabled keyboard-interactive > debug1: Next authentication method: keyboard-interactive > debug2: userauth_kbdint > debug2: we sent a keyboard-interactive packet, wait for reply > debug1: Authentications that can continue: gssapi-keyex,gssapi-with- > mic,publickey,password,keyboard-interactive > debug3: userauth_kbdint: disable: no info_req_seen > debug2: we did not send a packet, disable method > debug3: authmethod_lookup password > debug3: remaining preferred: > debug3: authmethod_is_enabled password > debug1: Next authentication method: password > edocs(a)server's password: Are any of the remote users directory structure's permissions set to world or group rw ? Do you get anything in /var/adm/messages on the remote machine ?
From: Darren Dunham on 16 Feb 2010 15:12 On Feb 15, 6:52 am, The Derfer <derf...(a)gmail.com> wrote: > I'm positive I have all the settings right. > I know I copied keys over correctly and I checked things 100x by now. > And the damn thing still doesn't work. > Here's verbose output ... what could I be missing?? > Thank you. > > -bash-3.2$ /usr/bin/ssh -vvv server > Sun_SSH_1.1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090700f > debug1: Reading configuration data /etc/ssh/ssh_config [snip debug output of client] The client isn't told why things don't work. That gives extra information to an attacker. So there's not going to be much in the logs that will help you. If an obvious permissions check doesn't turn up anything, get a verbose log from the server during a connection (often easiest to do this on an alternate port so you don't have to modify the running sshd). -- Darren
|
Pages: 1 Prev: vxdmp for sun cluster did devices Next: Future Terminal Emulator? |