Re: openssh remote upgrade procedure?

To: debian-security@lists.debian.org
Subject: Re: openssh remote upgrade procedure?
From: "Alexandros Papadopoulos" <apapadop@alumni.cmu.edu>
Date: Fri, 23 May 2008 07:27:51 +0100
Message-id: <[🔎] feffd9290805222327j20f01633j31912732c37c5c6d@mail.gmail.com>
In-reply-to: <[🔎] 1211498884.20864.2.camel@localhost.localdomain>
References: <[🔎] feffd9290805200020o34e17836jff6ecded3a5d41fc@mail.gmail.com> <[🔎] 1211288569.32360.2.camel@localhost.localdomain> <[🔎] feffd9290805201245p33e3a254n710aaf0725b71677@mail.gmail.com> <[🔎] 20080521003805.3dd885cc.knl@bitflop.com> <[🔎] feffd9290805212349oacca8b6t7e5fe047a03d68b3@mail.gmail.com> <[🔎] 1211498884.20864.2.camel@localhost.localdomain>

On Fri, May 23, 2008 at 12:28 AM, Karl Goetz <karl@kgoetz.id.au> wrote:
> On Thu, 2008-05-22 at 07:49 +0100, Alexandros Papadopoulos wrote:
>> Hi all, thanks for the suggestions so far.
>>
>> I talked local staff through backing up the sshd configuration file,
>> purging the openssh-server package and then reinstalling openssh.
>>
>> I'm quite frustrated to say this didn't fix anything. Had exactly the
>> same behaviour:
>>
>> <snip>
>> debug1: Next authentication method: keyboard-interactive
>> debug2: userauth_kbdint
>> debug2: we sent a keyboard-interactive packet, wait for reply
>> debug1: Authentications that can continue: publickey,keyboard-interactive
>> debug3: userauth_kbdint: disable: no info_req_seen
>> debug2: we did not send a packet, disable method
>> debug1: No more authentication methods to try.
>> Permission denied (publickey,keyboard-interactive).
>>
>> I did two further tests:
>>
>> 1. ssh from the box itself to localhost: Same result, permission was
>> denied, no info_req_seen
>> 2. tail -f /var/log/auth.log on the server - staff reported no new
>> entries while I was attempting to login
>>
>> Does this mean that we never get to the authentication mechanism?
>>
>> I'm quite clueless now, I too was expecting that a purge and reinstall
>> would fix it.
>
> sorry if i'm being dense - did you mv $HOME/.ssh/authorized_keys aside?

I believe I did, but will have local staff check that again today.
I've also generated a new keypair and will send that over and walk
them through installing a new authorized_keys.

Something else that tiger (http://www.nongnu.org/tiger/) did come up
with yesterday (and got mailed to me, hence I know) was this:

# Performing check of user accounts...
OLD: --WARN-- [acc021w] Login ID sshd appears to be a dormant account.
# Performing check of group files...
# Performing check of passwd files...

Something happened there...

Will let you know later if I get to the bottom of this. I don't like
the debug option because then I will have a non technical person
reading debugging information off a monitor and I'll be paying for the
international call. Not good.

Cheers

-A

Reply to:

References:
- openssh remote upgrade procedure?
  - From: "Alexandros Papadopoulos" <apapadop@alumni.cmu.edu>
- Re: openssh remote upgrade procedure?
  - From: Karl Goetz <karl@kgoetz.id.au>
- Re: openssh remote upgrade procedure?
  - From: "Alexandros Papadopoulos" <apapadop@alumni.cmu.edu>
- Re: openssh remote upgrade procedure?
  - From: "Kim N. Lesmer" <knl@bitflop.com>
- Re: openssh remote upgrade procedure?
  - From: "Alexandros Papadopoulos" <apapadop@alumni.cmu.edu>
- Re: openssh remote upgrade procedure?
  - From: Karl Goetz <karl@kgoetz.id.au>

Prev by Date: Re: Status of CVE-2008-1615 in stable?
Next by Date: Re: openssh remote upgrade procedure?
Previous by thread: Re: openssh remote upgrade procedure?
Next by thread: Re: openssh remote upgrade procedure?
Index(es):
- Date
- Thread