[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: compromise of gluck.debian.org, lock down of other debian.org machines

Hello,

What is the situation with gluck?

I am cut off from debian-devel, while my mail is accumulating on
gluck, as I can't log in with my DSA key.

I was under the impression from the security announcement that DSA
logins should still be working.

Unfortunately, the ssh connections hang immediately after
authentication succeeds.

I tried contacting James Troup previously, but got no response.

In the meantime I am concerned that my BSMTP mail spool on gluck must
be getting huge.

(I also have some important issues I want to discuss on debian-devel
concerning etch).

Thanks.

(PS: Please send responses directly to me for obvious reasons)

bam@snoopy:~$ ssh -v gluck.debian.org
OpenSSH_3.8.1p1  Debian-krb5 3.8.1p1-7, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /home/bam/.ssh/config
debug1: /home/bam/.ssh/config line 2: Deprecated option "FallBackToRsh"
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to gluck.debian.org [192.25.206.10] port 22.
debug1: Connection established.
debug1: identity file /home/bam/.ssh/identity type -1
debug1: identity file /home/bam/.ssh/id_rsa type -1
debug1: identity file /home/bam/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version 3.9p1
debug1: no match: 3.9p1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1  Debian-krb5 3.8.1p1-7
debug1: Miscellaneous failure
No credentials cache found

debug1: Miscellaneous failure
No credentials cache found

debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 zlib
debug1: kex: client->server aes128-cbc hmac-md5 zlib
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'gluck.debian.org' is known and matches the RSA host key.
debug1: Found key in /home/bam/.ssh/known_hosts:219
debug1: ssh_rsa_verify: signature correct
debug1: Enabling compression at level 6.
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/bam/.ssh/identity
debug1: Trying private key: /home/bam/.ssh/id_rsa
debug1: Offering public key: /home/bam/.ssh/id_dsa
debug1: Remote: Pty allocation disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Port forwarding disabled.
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: read PEM private key done: type DSA
debug1: Remote: Pty allocation disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Port forwarding disabled.
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.


-- 
Brian May <bam@debian.org>
Reply to: