Re: openssh remote upgrade procedure?
On Tue, 20 May 2008 08:20:04 +0100
"Alexandros Papadopoulos" <apapadop@alumni.cmu.edu> wrote:
> I administer a couple of remote Debian servers and must say the latest
> security update has left me stranded. My only access to these machines
> was over SSH, using keys. So I logged in the other night and this was
> the series of events:
> + I enabled password authentication in sshd_config
> (PasswordAuthentication yes)
> + aptitude update && aptitude dist-upgrade, which updated the packages
> and restarted the openssh daemon
> + shortly thereafter my SSH connection was terminated
> + I tried to login to the machine, but never got the chance:
>
> <snip>
> debug1: Host '[hostname.domainname]:222' is known and matches the RSA
> host key. debug1: Found key in /home/user/.ssh/known_hosts:1
> debug2: bits set: 497/1024
> debug1: ssh_rsa_verify: signature correct
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug2: key: /home/user/.ssh/identity ((nil))
> debug2: key: /home/user/.ssh/id_rsa ((nil))
> debug2: key: /home/user/.ssh/id_dsa ((nil))
> debug1: Authentications that can continue:
> publickey,keyboard-interactive debug3: start over, passed a different
> list publickey,keyboard-interactive debug3: preferred
> gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/user/.ssh/identity
> debug3: no such identity: /home/user/.ssh/identity
> debug1: Trying private key: /home/user/.ssh/id_rsa
> debug3: no such identity: /home/user/.ssh/id_rsa
> debug1: Trying private key: /home/user/.ssh/id_dsa
> debug3: no such identity: /home/user/.ssh/id_dsa
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup keyboard-interactive
> debug3: remaining preferred: password
> debug3: authmethod_is_enabled keyboard-interactive
> debug1: Next authentication method: keyboard-interactive
> debug2: userauth_kbdint
> debug2: we sent a keyboard-interactive packet, wait for reply
> debug1: Authentications that can continue:
> publickey,keyboard-interactive debug3: userauth_kbdint: disable: no
> info_req_seen debug2: we did not send a packet, disable method
> debug1: No more authentication methods to try.
> Permission denied (publickey,keyboard-interactive).
>
> Why does it not give me the opportunity to login via interactive
> password authentication? I tried logging in from a windows box with
> putty and again got a "no authentication methods available" message
> and a dropped connection.
>
> I've instructed people over the phone to check that hosts.deny is
> blank, that denyhosts scripts are stopped, that the openssh daemon is
> restarted (after having regenerated its keys)...
>
> I can't understand what's wrong - would very much like to see a howto
> detailing what the upgrade procedure is for people maintaining servers
> remotely.
I am also maintaining a couple of machines, and I found the information
in /usr/share/doc/openssh-server useful.
> Cheers
>
> -A
>
>
> --
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
Reply to: