Configuring ssh

To: debian-security@lists.debian.org
Subject: Configuring ssh
From: Laurent Michel <ldm@mediaone.net>
Date: Sun, 5 Nov 2000 21:11:20 -0500
Message-id: <[🔎] 00110521112001.22840@thorgal>

Hi all,

I am having some trouble configuring an ssh server on my machine.

Here is the problem. 
My machine sits behind a firewall and ssh is the sole service exposed.
I setup ssh and it appears to work normally, except that it keeps asking me 
for my "normal" password. The pass-phrase is never requested.

I turned debugging on with the ssh client (running on the same machine) and 
here is what I got:

thorgal /etc/pam.d [60] -> ssh -v thorgal
SSH Version OpenSSH-1.2.3, protocol version 1.5.
Compiled with SSL.
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for *
debug: ssh_connect: getuid 500 geteuid 0 anon 0
debug: Connecting to thorgal [127.0.0.1] port 22.
debug: Allocated local port 834.
debug: Connection established.
debug: Remote protocol version 1.5, remote software version OpenSSH-1.2.3
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Forcing accepting of host key for loopback/localhost.
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Trying RSA authentication via agent with 'ldm@thorgal'
debug: Server refused our key.
debug: RSA authentication using agent refused.
debug: Trying RSA authentication with key 'ldm@thorgal'
debug: Server refused our key.
debug: Doing password authentication.
....


So the server refused the RSA-based authenticatioNov  5 21:06:06 thorgal 
sshd[22859]: debug: sshd version OpenSSH-1.2.3
Nov  5 21:06:07 thorgal sshd[22859]: debug: Bind to port 22 on 0.0.0.0.
Nov  5 21:06:07 thorgal sshd[22859]: Server listening on 0.0.0.0 port 22.
Nov  5 21:06:07 thorgal sshd[22859]: Generating 768 bit RSA key.
Nov  5 21:06:08 thorgal sshd[22859]: RSA key generation complete.
Nov  5 21:06:13 thorgal sshd[22859]: debug: Server will not fork when running 
in debugging mode.
Nov  5 21:06:13 thorgal sshd[22859]: Connection from 127.0.0.1 port 834
Nov  5 21:06:13 thorgal sshd[22859]: debug: Client protocol version 1.5; 
client software version OpenSSH-1.2.3
Nov  5 21:06:13 thorgal sshd[22859]: debug: Sent 768 bit public key and 1024 
bit host key.
Nov  5 21:06:13 thorgal sshd[22859]: debug: Encryption type: 3des
Nov  5 21:06:13 thorgal sshd[22859]: debug: Received session key; encryption 
turned on.
Nov  5 21:06:13 thorgal sshd[22859]: debug: Installing crc compensation 
attack detector.
Nov  5 21:06:13 thorgal sshd[22859]: debug: checking for shadow entry
Nov  5 21:06:13 thorgal sshd[22859]: debug: shadow entry found, verifying
Nov  5 21:06:13 thorgal sshd[22859]: debug: completed shadow checks
Nov  5 21:06:13 thorgal sshd[22859]: debug: Starting up PAM with username 
"ldm"
Nov  5 21:06:13 thorgal sshd[22859]: debug: Attempting authentication for ldm.
Nov  5 21:06:13 thorgal sshd[22859]: Failed rsa for ldm from 127.0.0.1 port 
834
Nov  5 21:06:13 thorgal sshd[22859]: Failed rsa for ldm from 127.0.0.1 port 
834

n. So I ran sshd with -d
and Here is what I got:

Nov  5 21:06:06 thorgal sshd[22859]: debug: sshd version OpenSSH-1.2.3
Nov  5 21:06:07 thorgal sshd[22859]: debug: Bind to port 22 on 0.0.0.0.
Nov  5 21:06:07 thorgal sshd[22859]: Server listening on 0.0.0.0 port 22.
Nov  5 21:06:07 thorgal sshd[22859]: Generating 768 bit RSA key.
Nov  5 21:06:08 thorgal sshd[22859]: RSA key generation complete.
Nov  5 21:06:13 thorgal sshd[22859]: debug: Server will not fork when running 
in debugging mode.
Nov  5 21:06:13 thorgal sshd[22859]: Connection from 127.0.0.1 port 834
Nov  5 21:06:13 thorgal sshd[22859]: debug: Client protocol version 1.5; 
client software version OpenSSH-1.2.3
Nov  5 21:06:13 thorgal sshd[22859]: debug: Sent 768 bit public key and 1024 
bit host key.
Nov  5 21:06:13 thorgal sshd[22859]: debug: Encryption type: 3des
Nov  5 21:06:13 thorgal sshd[22859]: debug: Received session key; encryption 
turned on.
Nov  5 21:06:13 thorgal sshd[22859]: debug: Installing crc compensation 
attack detector.
Nov  5 21:06:13 thorgal sshd[22859]: debug: checking for shadow entry
Nov  5 21:06:13 thorgal sshd[22859]: debug: shadow entry found, verifying
Nov  5 21:06:13 thorgal sshd[22859]: debug: completed shadow checks
Nov  5 21:06:13 thorgal sshd[22859]: debug: Starting up PAM with username 
"ldm"
Nov  5 21:06:13 thorgal sshd[22859]: debug: Attempting authentication for ldm.
Nov  5 21:06:13 thorgal sshd[22859]: Failed rsa for ldm from 127.0.0.1 port 
834
Nov  5 21:06:13 thorgal sshd[22859]: Failed rsa for ldm from 127.0.0.1 port 
834


The last two lines are intriguing. I even attempted to wipe out my .ssh and 
regenerate keys but it didn't help.

Any ideas ?

Thanks for any help/pointer.


-- 
  Laurent

Reply to:

Follow-Ups:
- RE: Configuring ssh
  - From: Pollywog <croak@shadypond.com>
- Re: Configuring ssh
  - From: Alan KF LAU <akflau@itsd.gcn.gov.hk>

Prev by Date: Re: log permissions
Next by Date: RE: Configuring ssh
Previous by thread: RE: 'Generic' Firewall Rulesets?
Next by thread: RE: Configuring ssh
Index(es):
- Date
- Thread