Upgrade from woody to sarge - ssh strangeness

To: debian-devel@lists.debian.org
Cc: Matthew Vernon <matthew@debian.org>
Subject: Upgrade from woody to sarge - ssh strangeness
From: Turbo Fredriksson <turbo@debian.org>
Date: Mon, 15 Jan 2007 14:43:09 +0100
Message-id: <[🔎] 8764b8xv6a.fsf@pumba.bayour.com>

I know, I know... I just haven't had the time to upgrade my
live servers when I should have.

And thank <whoever> that I didn't! It took more than a week to
upgrade the four machines! (lots of home build packages from
unstable etc).


Anyway, now all my machines are sarge and the shell server
is experiencing some strange ssh behaviour...

Everything works linux (woody, sarge and dapper) to linux, but from
windows (SecureCRT) to linux, I don't even get the option to enter
a password...

Just:

----- s n i p -----
SecureCRT has disconnecteed from the server. Reason:
Unable to authenticate using any of the configured authentication methods
----- s n i p -----

Running with trace/debug shows this:

----- s n i p -----
[SSH LOCAL ONLY] : Connect: <linux_server>:22 [direct]
[SSH LOCAL ONLY] : State Change: SSH_STATE_UNKNOWN->SSH_STATE_CONNECTING
[SSH LOCAL ONLY] : State Change: SSH_STATE_CONNECTING->SSH_STATE_EXPECT_IDENTIFIER
[SSH LOCAL ONLY] : connected
[SSH LOCAL ONLY] : RECV : Remote Identifier = "SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.6"
[SSH LOCAL ONLY] : Autodetected Server Mode: IETF Draft Compliant
[SSH LOCAL ONLY] : SEND : KEXINIT
[SSH LOCAL ONLY] : State Change: SSH_STATE_EXPECT_IDENTIFIER->SSH_STATE_INITIAL_KEYEXCHANGE
[SSH LOCAL ONLY] : RECV : Read kexinit
[SSH LOCAL ONLY] : Kex Method = diffie-hellman-group-exchange-sha1
[SSH LOCAL ONLY] : Host Key Algo = ssh-dss
[SSH LOCAL ONLY] : Send Cipher = aes128-cbc
[SSH LOCAL ONLY] : Recv Cipher = aes128-cbc
[SSH LOCAL ONLY] : Send Mac = hmac-md5
[SSH LOCAL ONLY] : Recv Mac = hmac-md5
[SSH LOCAL ONLY] : Compressor = none
[SSH LOCAL ONLY] : Decompressor = none
[SSH LOCAL ONLY] : SEND : KEXDH_GEX_REQUEST
[SSH LOCAL ONLY] : RECV : KEXDH_GEX_GROUP
[SSH LOCAL ONLY] : SEND : KEXDH_INIT
[SSH LOCAL ONLY] : RECV : KEXDH_REPLY
[SSH LOCAL ONLY] : SEND : NEWKEYS
[SSH LOCAL ONLY] : State Change: SSH_STATE_INITIAL_KEYEXCHANGE->SSH_STATE_INITIAL_EXPECT_NEWKEYS
[SSH LOCAL ONLY] : RECV : NEWKEYS
[SSH LOCAL ONLY] : State Change: SSH_STATE_INITIAL_EXPECT_NEWKEYS->SSH_STATE_USERAUTH
[SSH LOCAL ONLY] : SEND : SERVICE_REQUEST [userauth]
[SSH LOCAL ONLY] : RECV : SERVICE_ACCEPT
<offered to enter account name>
[SSH LOCAL ONLY] : SENT : USERAUTH_REQUEST [none]
[SSH LOCAL ONLY] : RECV : USERAUTH_FAILURE, continuations [publickey,keyboard-interactive]
[SSH LOCAL ONLY] : SEND: Disconnect packet: Unable to authenticate using any of the configured authentication methods.
[SSH LOCAL ONLY] : State Change: SSH_STATE_USERAUTH->SSH_STATE_CLOSING
[SSH LOCAL ONLY] : State Change: SSH_STATE_CLOSING->SSH_STATE_CLOSED
----- s n i p -----

And this is the server in '-dd -e':

----- s n i p -----
debug2: read_server_config: filename /etc/ssh/sshd_config
debug1: sshd version OpenSSH_3.8.1p1 Debian-8.sarge.6
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: Bind to port 22 on <linux_server>.
Server listening on <linux_server> port 22.
debug1: Server will not fork when running in debugging mode.
Connection from <windows_machine_behind_linux_NAT_firewall> port 4348
debug1: Client protocol version 2.0; client software version 3.3.1 SecureCRT
debug1: no match: 3.3.1 SecureCRT
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.6
debug2: Network child is on pid 11009
debug1: permanently_set_uid: 100/65534
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss,ssh-rsa
debug2: kex_parse_kexinit: aes128-cbc,aes192-cbc,aes256-cbc,twofish-cbc,blowfish-cbc,3des-cbc,arcfour
debug2: kex_parse_kexinit: aes128-cbc,aes192-cbc,aes256-cbc,twofish-cbc,blowfish-cbc,3des-cbc,arcfour
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received
debug2: monitor_read: 0 used once, disabling now
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug2: dh_gen_key: priv key bits set: 129/256
debug2: bits set: 508/1024
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 518/1024
debug2: monitor_read: 4 used once, disabling now
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
<offered to enter account name>
debug1: userauth-request for user turbo service ssh-connection method none
debug1: attempt 0 failures 0
debug2: monitor_read: 6 used once, disabling now
debug2: input_userauth_request: setting up authctxt for turbo
debug2: input_userauth_request: try method none
Failed none for turbo from <windows_machine_behind_linux_NAT_firewall> port 4348 ssh2
debug1: PAM: initializing for "turbo"
debug1: PAM: setting PAM_RHOST to "<FQDN_of_linux_NAT_firewall"
debug1: PAM: setting PAM_TTY to "ssh"
debug2: monitor_read: 45 used once, disabling now
debug2: monitor_read: 3 used once, disabling now
Received disconnect from <windows_machine_behind_linux_NAT_firewall>: 14: Unable to authenticate using any of the configured authentication methods.

debug1: do_cleanup
debug1: do_cleanup
----- s n i p -----

The SecureCRT version is a little old, but...

Anyone got an idea?
-- 
bomb smuggle supercomputer SDI cryptographic jihad Nazi toluene iodine
ammonium explosion congress domestic disruption KGB 767
[See http://www.aclu.org/echelonwatch/index.html for more about this]
[Or http://www.europarl.eu.int/tempcom/echelon/pdf/rapport_echelon_en.pdf]
If neither of these works, try http://www.aclu.org and search for echelon.
Note. This is a real, not fiction.
http://www.theregister.co.uk/2001/09/06/eu_releases_echelon_spying_report/
http://www.aclu.org/safefree/nsaspying/23989res20060131.html#echelon

Reply to:

Follow-Ups:
- Re: Upgrade from woody to sarge - ssh strangeness
  - From: aaron@sysdev.oucs.ox.ac.uk
- Re: Upgrade from woody to sarge - ssh strangeness
  - From: The Fungi <fungi@yuggoth.org>

Prev by Date: Re: Debian Mirror with lzma compressed packages
Next by Date: Re: Upgrade from woody to sarge - ssh strangeness
Previous by thread: Bug#406964: ITP: ocsinventory-agent -- Hardware and software inventory tool (client)
Next by thread: Re: Upgrade from woody to sarge - ssh strangeness
Index(es):
- Date
- Thread