On Tue, Feb 22, 2005 at 06:13:28PM -0500, Nelson Castillo wrote: > Hi. > > I cannot login to an sarge host, even If i use "ssh localhost" with > a non-root user. Users have passwords. > > It sould not matter much, but it's a UML machine with an updated sarge > filesystem created with debootstrap. > > Maybe I still have to configure something... > I just run base-config and set up networking,,,, > > Maybe this is a common problem. What should I do? > > It's the first time this happens to me and I've been using sarge for > quite a while. > > Thanks, > Nelson.- > Hi Nelson! > Client: > > n@mdk:~/uml$ ssh -v 192.168.0.3 -p 2000 > OpenSSH_3.8.1p1 Debian-8.sarge.4, OpenSSL 0.9.7e 25 Oct 2004 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Connecting to 192.168.0.3 [192.168.0.3] port 2000. > debug1: Connection established. > debug1: identity file /home/n/.ssh/identity type -1 > debug1: identity file /home/n/.ssh/id_rsa type -1 > debug1: identity file /home/n/.ssh/id_dsa type -1 > debug1: Remote protocol version 2.0, remote software version > OpenSSH_3.8.1p1 Debian-8.sarge.4 > debug1: match: OpenSSH_3.8.1p1 Debian-8.sarge.4 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.4 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-cbc hmac-md5 none > debug1: kex: client->server aes128-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Host '192.168.0.3' is known and matches the RSA host key. > debug1: Found key in /home/n/.ssh/known_hosts:8 > debug1: ssh_rsa_verify: signature correct > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: publickey,keyboard-interactive > debug1: Next authentication method: publickey > debug1: Trying private key: /home/n/.ssh/identity > debug1: Trying private key: /home/n/.ssh/id_rsa > debug1: Trying private key: /home/n/.ssh/id_dsa Hmm, looks fine until here... if you'd add your RSA key to the target user's authorized_keys file, you should already be able to log in (because then this auth method would succeed). Ok, but your key isn't found, so we proceed... > debug1: Next authentication method: keyboard-interactive > Connection closed by 192.168.0.3 Hmm, no prompt, just closing? > Server: > > debug3: mm_request_send entering: type 3 > debug2: input_userauth_request: try method none > Failed none for n from 192.168.0.1 port 38042 ssh2 > debug3: monitor_read: checking request 45 > debug1: PAM: initializing for "n" > debug1: userauth-request for user n service ssh-connection method > keyboard-interactive > debug1: attempt 1 failures 1 Hmm, where did all the public-key stuff go? We're already in keyboard- interactive? > debug2: input_userauth_request: try method keyboard-interactive > debug1: keyboard-interactive devs > debug1: auth2_challenge: user=n devs= > debug1: kbdint_alloc: devices 'pam' > debug2: auth2_challenge_start: devices pam > debug2: kbdint_next_device: devices <empty> > debug1: auth2_challenge_start: trying authentication method 'pam' > debug3: mm_sshpam_init_ctx > debug3: mm_request_send entering: type 48 > debug3: mm_sshpam_init_ctx: waiting for MONITOR_ANS_PAM_INIT_CTX > debug3: mm_request_receive_expect entering: type 49 > debug3: mm_request_receive entering > debug3: Trying to reverse map address 192.168.0.1. > debug1: PAM: setting PAM_RHOST to "uml-host" > debug1: PAM: setting PAM_TTY to "ssh" > debug2: monitor_read: 45 used once, disabling now > debug3: mm_request_receive entering > debug3: monitor_read: checking request 3 > debug3: mm_answer_authserv: service=ssh-connection, style= > debug2: monitor_read: 3 used once, disabling now > debug3: mm_request_receive entering > debug3: monitor_read: checking request 48 > debug3: mm_answer_pam_init_ctx > debug3: PAM: sshpam_init_ctx entering > debug3: mm_request_send entering: type 49 > debug3: mm_sshpam_query > debug3: mm_request_send entering: type 50 > debug3: mm_sshpam_query: waiting for MONITOR_ANS_PAM_QUERY > debug3: mm_request_receive_expect entering: type 51 > debug3: mm_request_receive entering > debug3: mm_request_receive entering > debug3: monitor_read: checking request 50 > debug3: mm_answer_pam_query > debug3: PAM: sshpam_query entering > debug1: do_cleanup > debug1: PAM: cleanup > debug3: PAM: sshpam_thread_cleanup entering > Segmentation fault Whoa! Well, that explains the missing password prompt. I'd guess there's something wrong with your PAM configuration. Try to disable PAM for ssh (change UsePAM to "no" in /etc/ssh/sshd_config), and see if that works... if it does, then we'll have a closer look at your PAM config. HTH, Jan -- Jan C. Nordholz <jckn At gmx net>
Attachment:
signature.asc
Description: Digital signature