Hi there,
This might provide a clue:
debug1: PAM setting tty to "/dev/pts/3"
PAM session setup failed[28]: Module is unknown
-Anne
This one time, Alexis Sukrieh wrote:
> here is the full output
>
> ( I've turned UsePrivilegeSeparation to "no" )
>
>
> _______________________________________________________
> poseidon:~# sshd -ddd
> debug1: sshd version OpenSSH_3.4p1 Debian 1:3.4p1-2
> debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
> debug1: read PEM private key done: type RSA
> debug1: private host key: #0 type 1 RSA
> debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
> debug1: read PEM private key done: type DSA
> debug1: private host key: #1 type 2 DSA
> debug1: Bind to port 22 on 0.0.0.0.
> Server listening on 0.0.0.0 port 22.
> debug1: Server will not fork when running in debugging mode.
> Connection from 127.0.0.1 port 32989
> debug1: Client protocol version 2.0; client software version OpenSSH_3.4p1
> Debian 1:3.4p1-2
> debug1: match: OpenSSH_3.4p1 Debian 1:3.4p1-2 pat OpenSSH*
> Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-2
> debug1: list_hostkey_types: ssh-rsa,ssh-dss
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none
> debug2: kex_parse_kexinit: none
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
> WARNING: /etc/ssh/moduli does not exist, using old modulus
> debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
> debug1: dh_gen_key: priv key bits set: 131/256
> debug1: bits set: 486/1024
> debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
> debug1: bits set: 531/1024
> debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
> debug1: kex_derive_keys
> debug1: newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: waiting for SSH2_MSG_NEWKEYS
> debug1: newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: KEX done
> debug1: userauth-request for user sukria service ssh-connection method none
> debug1: attempt 0 failures 0
> debug2: input_userauth_request: setting up authctxt for sukria
> debug1: Starting up PAM with username "sukria"
> debug3: Trying to reverse map address 127.0.0.1.
> debug1: PAM setting rhost to "poseidon"
> debug2: input_userauth_request: try method none
> Failed none for sukria from 127.0.0.1 port 32989 ssh2
> debug1: userauth-request for user sukria service ssh-connection method
> keyboard-interactive
> debug1: attempt 1 failures 1
> debug2: input_userauth_request: try method keyboard-interactive
> debug1: keyboard-interactive devs
> debug1: auth2_challenge: user=sukria devs=
> debug1: kbdint_alloc: devices ''
> debug2: auth2_challenge_start: devices
> Failed keyboard-interactive for sukria from 127.0.0.1 port 32989 ssh2
> debug1: userauth-request for user sukria service ssh-connection method
> password
> debug1: attempt 2 failures 2
> debug2: input_userauth_request: try method password
> debug1: PAM Password authentication accepted for user "sukria"
> debug2: pam_acct_mgmt() = 0
> Accepted password for sukria from 127.0.0.1 port 32989 ssh2
> debug1: Entering interactive session for SSH2.
> debug1: fd 3 setting O_NONBLOCK
> debug1: fd 8 setting O_NONBLOCK
> debug1: server_init_dispatch_20
> debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384
> debug1: input_session_request
> debug1: channel 0: new [server-session]
> debug1: session_new: init
> debug1: session_new: session 0
> debug1: session_open: channel 0
> debug1: session_open: session 0: link with channel 0
> debug1: server_input_channel_open: confirm session
> debug1: server_input_channel_req: channel 0 request pty-req reply 0
> debug1: session_by_channel: session 0 channel 0
> debug1: session_input_channel_req: session 0 req pty-req
> debug1: Allocating pty.
> debug1: session_pty_req: session 0 alloc /dev/pts/3
> debug3: tty_parse_modes: SSH2 n_bytes 256
> debug3: tty_parse_modes: ospeed 9600
> debug3: tty_parse_modes: ispeed 9600
> debug3: tty_parse_modes: 1 3
> debug3: tty_parse_modes: 2 28
> debug3: tty_parse_modes: 3 127
> debug3: tty_parse_modes: 4 21
> debug3: tty_parse_modes: 5 4
> debug3: tty_parse_modes: 6 0
> debug3: tty_parse_modes: 7 0
> debug3: tty_parse_modes: 8 17
> debug3: tty_parse_modes: 9 19
> debug3: tty_parse_modes: 10 26
> debug3: tty_parse_modes: 12 18
> debug3: tty_parse_modes: 13 23
> debug3: tty_parse_modes: 14 22
> debug3: tty_parse_modes: 18 15
> debug3: tty_parse_modes: 30 0
> debug3: tty_parse_modes: 31 0
> debug3: tty_parse_modes: 32 0
> debug3: tty_parse_modes: 33 0
> debug3: tty_parse_modes: 34 0
> debug3: tty_parse_modes: 35 0
> debug3: tty_parse_modes: 36 1
> debug3: tty_parse_modes: 37 0
> debug3: tty_parse_modes: 38 1
> debug3: tty_parse_modes: 39 0
> debug3: tty_parse_modes: 40 0
> debug3: tty_parse_modes: 41 0
> debug3: tty_parse_modes: 50 1
> debug3: tty_parse_modes: 51 1
> debug3: tty_parse_modes: 52 0
> debug3: tty_parse_modes: 53 1
> debug3: tty_parse_modes: 54 1
> debug3: tty_parse_modes: 55 1
> debug3: tty_parse_modes: 56 0
> debug3: tty_parse_modes: 57 0
> debug3: tty_parse_modes: 58 0
> debug3: tty_parse_modes: 59 1
> debug3: tty_parse_modes: 60 1
> debug3: tty_parse_modes: 61 1
> debug3: tty_parse_modes: 62 0
> debug3: tty_parse_modes: 70 1
> debug3: tty_parse_modes: 71 0
> debug3: tty_parse_modes: 72 1
> debug3: tty_parse_modes: 73 0
> debug3: tty_parse_modes: 74 0
> debug3: tty_parse_modes: 75 0
> debug3: tty_parse_modes: 90 1
> debug3: tty_parse_modes: 91 1
> debug3: tty_parse_modes: 92 0
> debug3: tty_parse_modes: 93 0
> debug1: server_input_channel_req: channel 0 request shell reply 0
> debug1: session_by_channel: session 0 channel 0
> debug1: session_input_channel_req: session 0 req shell
> debug1: PAM setting tty to "/dev/pts/3"
> PAM session setup failed[28]: Module is unknown
> debug1: Calling cleanup 0x805a3ec(0x80917a0)
> debug1: session_pty_cleanup: session 0 release /dev/pts/3
> debug1: Calling cleanup 0x80604b8(0x0)
> debug1: channel_free: channel 0: server-session, nchannels 1
> debug3: channel_free: status: The following connections are open:
> #0 server-session (t10 r0 i0/0 o0/0 fd -1/-1)
>
> debug3: channel_close_fds: channel 0: r -1 w -1 e -1
> debug1: Calling cleanup 0x8052b48(0x0)
> debug1: Calling cleanup 0x806be4c(0x0)
> poseidon:~#
>
>
> At 07:22 02/10/2002 -0700, Anne Carasik wrote:
> >Kill your sshd. Run it in debugging mode (it will not
> >fork a process):
> >
> ># sshd -ddd
> >
> >Open another window, now run the client in verbose mode:
> >
> >$ ssh -vvv user@host
> >
> >Then email us the output. :) Otherwise, this is really difficult
> >to troubleshoot.
> >
> >-Anne
> >
> >
> >
> >This one time, Alexis Sukrieh wrote:
> >> You're right, it was set to yes but after putting it to 'no', the same
> >> problem is still there...
> >>
> >> At 16:11 02/10/2002 +0200, you wrote:
> >> >You need to turn off UsePrivilegeSeparation
> >> >in your /etc/ssh/sshd_config file.
> >> >
> >> >"UsePrivilegeSeparation no"
> >>
> >>
> >>
> >>
> >> Alexis Sukrieh (sukria), <alexis@sukria.net>
> >> . homepage - [http://sukria.net]
> >> . clef PGP - [http://sukria.net/print.php?c=privacy]
> >> . mydynaweb - [http://www.mydynaweb.net]
> >> ______________________________________________
> >>
> >>
> >> --
> >> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> >> with a subject of "unsubscribe". Trouble? Contact
> >> listmaster@lists.debian.org
> >>
> >
> >--
> > .-"".__."``". Anne Carasik, System Administrator
> > .-.--. _...' (/) (/) ``' gator at cacr dot caltech dot edu
> >(O/ O) \-' ` -="""=. ', Center for Advanced Computing Research
> >~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
>
> Alexis Sukrieh (sukria), <alexis@sukria.net>
> . homepage - [http://sukria.net]
> . clef PGP - [http://sukria.net/print.php?c=privacy]
> . mydynaweb - [http://www.mydynaweb.net]
> ______________________________________________
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
--
.-"".__."``". Anne Carasik, System Administrator
.-.--. _...' (/) (/) ``' gator at cacr dot caltech dot edu
(O/ O) \-' ` -="""=. ', Center for Advanced Computing Research
~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Attachment:
pgppiOfOtCFWZ.pgp
Description: PGP signature