Configuring ssh
Hi all,
I am having some trouble configuring an ssh server on my machine.
Here is the problem.
My machine sits behind a firewall and ssh is the sole service exposed.
I setup ssh and it appears to work normally, except that it keeps asking me
for my "normal" password. The pass-phrase is never requested.
I turned debugging on with the ssh client (running on the same machine) and
here is what I got:
thorgal /etc/pam.d [60] -> ssh -v thorgal
SSH Version OpenSSH-1.2.3, protocol version 1.5.
Compiled with SSL.
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for *
debug: ssh_connect: getuid 500 geteuid 0 anon 0
debug: Connecting to thorgal [127.0.0.1] port 22.
debug: Allocated local port 834.
debug: Connection established.
debug: Remote protocol version 1.5, remote software version OpenSSH-1.2.3
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Forcing accepting of host key for loopback/localhost.
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Trying RSA authentication via agent with 'ldm@thorgal'
debug: Server refused our key.
debug: RSA authentication using agent refused.
debug: Trying RSA authentication with key 'ldm@thorgal'
debug: Server refused our key.
debug: Doing password authentication.
....
So the server refused the RSA-based authenticatioNov 5 21:06:06 thorgal
sshd[22859]: debug: sshd version OpenSSH-1.2.3
Nov 5 21:06:07 thorgal sshd[22859]: debug: Bind to port 22 on 0.0.0.0.
Nov 5 21:06:07 thorgal sshd[22859]: Server listening on 0.0.0.0 port 22.
Nov 5 21:06:07 thorgal sshd[22859]: Generating 768 bit RSA key.
Nov 5 21:06:08 thorgal sshd[22859]: RSA key generation complete.
Nov 5 21:06:13 thorgal sshd[22859]: debug: Server will not fork when running
in debugging mode.
Nov 5 21:06:13 thorgal sshd[22859]: Connection from 127.0.0.1 port 834
Nov 5 21:06:13 thorgal sshd[22859]: debug: Client protocol version 1.5;
client software version OpenSSH-1.2.3
Nov 5 21:06:13 thorgal sshd[22859]: debug: Sent 768 bit public key and 1024
bit host key.
Nov 5 21:06:13 thorgal sshd[22859]: debug: Encryption type: 3des
Nov 5 21:06:13 thorgal sshd[22859]: debug: Received session key; encryption
turned on.
Nov 5 21:06:13 thorgal sshd[22859]: debug: Installing crc compensation
attack detector.
Nov 5 21:06:13 thorgal sshd[22859]: debug: checking for shadow entry
Nov 5 21:06:13 thorgal sshd[22859]: debug: shadow entry found, verifying
Nov 5 21:06:13 thorgal sshd[22859]: debug: completed shadow checks
Nov 5 21:06:13 thorgal sshd[22859]: debug: Starting up PAM with username
"ldm"
Nov 5 21:06:13 thorgal sshd[22859]: debug: Attempting authentication for ldm.
Nov 5 21:06:13 thorgal sshd[22859]: Failed rsa for ldm from 127.0.0.1 port
834
Nov 5 21:06:13 thorgal sshd[22859]: Failed rsa for ldm from 127.0.0.1 port
834
n. So I ran sshd with -d
and Here is what I got:
Nov 5 21:06:06 thorgal sshd[22859]: debug: sshd version OpenSSH-1.2.3
Nov 5 21:06:07 thorgal sshd[22859]: debug: Bind to port 22 on 0.0.0.0.
Nov 5 21:06:07 thorgal sshd[22859]: Server listening on 0.0.0.0 port 22.
Nov 5 21:06:07 thorgal sshd[22859]: Generating 768 bit RSA key.
Nov 5 21:06:08 thorgal sshd[22859]: RSA key generation complete.
Nov 5 21:06:13 thorgal sshd[22859]: debug: Server will not fork when running
in debugging mode.
Nov 5 21:06:13 thorgal sshd[22859]: Connection from 127.0.0.1 port 834
Nov 5 21:06:13 thorgal sshd[22859]: debug: Client protocol version 1.5;
client software version OpenSSH-1.2.3
Nov 5 21:06:13 thorgal sshd[22859]: debug: Sent 768 bit public key and 1024
bit host key.
Nov 5 21:06:13 thorgal sshd[22859]: debug: Encryption type: 3des
Nov 5 21:06:13 thorgal sshd[22859]: debug: Received session key; encryption
turned on.
Nov 5 21:06:13 thorgal sshd[22859]: debug: Installing crc compensation
attack detector.
Nov 5 21:06:13 thorgal sshd[22859]: debug: checking for shadow entry
Nov 5 21:06:13 thorgal sshd[22859]: debug: shadow entry found, verifying
Nov 5 21:06:13 thorgal sshd[22859]: debug: completed shadow checks
Nov 5 21:06:13 thorgal sshd[22859]: debug: Starting up PAM with username
"ldm"
Nov 5 21:06:13 thorgal sshd[22859]: debug: Attempting authentication for ldm.
Nov 5 21:06:13 thorgal sshd[22859]: Failed rsa for ldm from 127.0.0.1 port
834
Nov 5 21:06:13 thorgal sshd[22859]: Failed rsa for ldm from 127.0.0.1 port
834
The last two lines are intriguing. I even attempted to wipe out my .ssh and
regenerate keys but it didn't help.
Any ideas ?
Thanks for any help/pointer.
--
Laurent
Reply to: