openssh remote upgrade procedure?

To: debian-security@lists.debian.org
Subject: openssh remote upgrade procedure?
From: "Alexandros Papadopoulos" <apapadop@alumni.cmu.edu>
Date: Tue, 20 May 2008 08:20:04 +0100
Message-id: <[🔎] feffd9290805200020o34e17836jff6ecded3a5d41fc@mail.gmail.com>

I administer a couple of remote Debian servers and must say the latest
security update has left me stranded. My only access to these machines
was over SSH, using keys. So I logged in the other night and this was
the series of events:
+  I enabled password authentication in sshd_config (PasswordAuthentication yes)
+ aptitude update && aptitude dist-upgrade, which updated the packages
and restarted the openssh daemon
+ shortly thereafter my SSH connection was terminated
+ I tried to login to the machine, but never got the chance:

<snip>
debug1: Host '[hostname.domainname]:222' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug2: bits set: 497/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/user/.ssh/identity ((nil))
debug2: key: /home/user/.ssh/id_rsa ((nil))
debug2: key: /home/user/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,keyboard-interactive
debug3: start over, passed a different list publickey,keyboard-interactive
debug3: preferred
gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/identity
debug3: no such identity: /home/user/.ssh/identity
debug1: Trying private key: /home/user/.ssh/id_rsa
debug3: no such identity: /home/user/.ssh/id_rsa
debug1: Trying private key: /home/user/.ssh/id_dsa
debug3: no such identity: /home/user/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).

Why does it not give me the opportunity to login via interactive
password authentication? I tried logging in from a windows box with
putty and again got a "no authentication methods available" message
and a dropped connection.

I've instructed people over the phone to check that hosts.deny is
blank, that denyhosts scripts are stopped, that the openssh daemon is
restarted (after having regenerated its keys)...

I can't understand what's wrong - would very much like to see a howto
detailing what the upgrade procedure is for people maintaining servers
remotely.

Cheers

-A

Reply to:

Follow-Ups:
- Re: openssh remote upgrade procedure?
  - From: Rico Secada <coolzone@it.dk>
- Re: openssh remote upgrade procedure?
  - From: "Michel Messerschmidt" <lists@michel-messerschmidt.de>
- Re: openssh remote upgrade procedure?
  - From: CaT <cat@zip.com.au>
- Re: openssh remote upgrade procedure?
  - From: Karl Goetz <karl@kgoetz.id.au>

Prev by Date: Re: openssh lockup after blacklist hits
Next by Date: Re: openssh remote upgrade procedure?
Previous by thread: Re: openssh lockup after blacklist hits
Next by thread: Re: openssh remote upgrade procedure?
Index(es):
- Date
- Thread