On Tue, Sep 14, 2004 at 04:08:38PM +0200, felix wrote: > i had the same problem just a few days ago on a newly installed computer. > the solution was that on one particular machine the /home/.ssh-directory for This is the destination machine: /user1: total 12 drwxr-xr-x 3 user1 user1 4096 2004-09-14 14:13 . drwxr-xr-x 30 root root 4096 2004-09-14 14:13 .. drwxr-xr-x 2 user1 user1 4096 2004-09-14 14:13 .ssh /user1/.ssh: total 12 drwxr-xr-x 2 user1 user1 4096 2004-09-14 14:13 . drwxr-xr-x 3 user1 user1 4096 2004-09-14 14:13 .. -rw------- 1 user1 user1 614 2004-09-14 14:13 authorized_keys authorized keys contains the id_dsa.pub from the client machine; and this is the client machine: /user1: total 1 drwxr-xr-x 3 root root 72 Sep 14 14:11 . drwxr-xr-x 33 root root 904 Sep 14 14:11 .. drwxr-xr-x 2 root root 104 Sep 14 14:11 .ssh /user1/.ssh: total 8 drwxr-xr-x 2 root root 104 Sep 14 14:11 . drwxr-xr-x 3 root root 72 Sep 14 14:11 .. -rw------- 1 root root 668 Sep 14 14:11 id_dsa -rw-r--r-- 1 root root 614 Sep 14 14:11 id_dsa.pub > this user was generated by ssh-keygen with the wrong permission (it was > worldwritable for some reason, did not go into details to figure out why) > i'm not sure, wether this will do in your case, but try <ssh -v> to get all > the stuff, that's how i finally noticed what went wrong. Yeah, I've been running both client and server with debug: client side: user1@otv:~$ ssh -2 -v share1.islandone.org -l user1 OpenSSH_3.8.1p1 Debian 1:3.8.1p1-8, OpenSSL 0.9.7d 17 Mar 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to share1.islandone.org [10.0.0.171] port 22. debug1: Connection established. debug1: identity file /user1/.ssh/id_rsa type -1 debug1: identity file /user1/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8.1p1 Debian 1:3.8.1p1-8 debug1: match: OpenSSH_3.8.1p1 Debian 1:3.8.1p1-8 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 Debian 1:3.8.1p1-8 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY The authenticity of host 'share1.islandone.org (10.0.0.171)' can't be established. DSA key fingerprint is 4d:e0:d5:2f:f4:4c:fe:ba:2a:b0:67:0b:7a:bc:2f:79. Are you sure you want to continue connecting (yes/no)? yes Failed to add the host to the list of known hosts (/user1/.ssh/known_hosts). debug1: ssh_dss_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /user1/.ssh/id_rsa debug1: Offering public key: /user1/.ssh/id_dsa debug1: Server accepts key: pkalg ssh-dss blen 434 Enter passphrase for key '/user1/.ssh/id_dsa': debug1: Next authentication method: keyboard-interactive Password: ^C and the server side: debug1: sshd version OpenSSH_3.8.1p1 Debian 1:3.8.1p1-8 debug1: read PEM private key done: type DSA debug1: private host key: #0 type 2 DSA socket: Address family not supported by protocol debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: Server will not fork when running in debugging mode. Connection from 10.0.0.25 port 2743 debug1: Client protocol version 2.0; client software version OpenSSH_3.8.1p1 Debian 1:3.8.1p1-8 debug1: match: OpenSSH_3.8.1p1 Debian 1:3.8.1p1-8 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 Debian 1:3.8.1p1-8 debug1: permanently_set_uid: 101/65534 debug1: list_hostkey_types: ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: client->server aes128-cbc hmac-md5 none debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user user1 service ssh-connection method none debug1: attempt 0 failures 0 Failed none for user1 from 10.0.0.25 port 2743 ssh2 debug1: PAM: initializing for "user1" debug1: userauth-request for user user1 service ssh-connection method publickey debug1: attempt 1 failures 1 debug1: test whether pkalg/pkblob are acceptable reverse mapping checking getaddrinfo for scout.islandone.org failed - POSSIBLE BREAKIN ATTEMPT! debug1: PAM: setting PAM_RHOST to "10.0.0.25" debug1: PAM: setting PAM_TTY to "ssh" debug1: temporarily_use_uid: 1008/1008 (e=0/0) debug1: trying public key file /user1/.ssh/authorized_keys debug1: matching key found: file /user1/.ssh/authorized_keys, line 1 Found matching DSA key: ee:c5:7d:12:df:db:e7:d6:aa:43:17:c0:19:e0:a0:35 debug1: restore_uid: 0/0 Postponed publickey for user1 from 10.0.0.25 port 2743 ssh2 debug1: userauth-request for user user1 service ssh-connection method keyboard-interactive debug1: attempt 2 failures 1 debug1: keyboard-interactive devs debug1: auth2_challenge: user=user1 devs= debug1: kbdint_alloc: devices 'pam' debug1: auth2_challenge_start: trying authentication method 'pam' Postponed keyboard-interactive for user1 from 10.0.0.25 port 2743 ssh2 Connection closed by 10.0.0.25 And yes, there are some things on my test lan's dns that need sorted :-) I might add that the target machine is a testbed with sarge-di installed about a week or two ago and then updated and added to via dselect. So it is really bog-standard debian. -- ------------------------------------------------------ Dale Amon amon@islandone.org +44-7802-188325 International linux systems consultancy Hardware & software system design, security and networking, systems programming and Admin "Have Laptop, Will Travel" ------------------------------------------------------
Attachment:
signature.asc
Description: Digital signature