Bug 104489 - Can not ssh to rawhide station
Summary: Can not ssh to rawhide station
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: openssh
Version: 1.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: CambridgeBlocker
TreeView+ depends on / blocked
 
Reported: 2003-09-16 11:38 UTC by Nicolas Mailhot
Modified: 2007-04-18 16:57 UTC (History)
4 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2003-09-26 12:02:38 UTC


Attachments (Terms of Use)

Description Nicolas Mailhot 2003-09-16 11:38:58 UTC
The latest rawhide upgrade broke ssh-ing to my station (from the station works)

Setup is a bit particular :
- auth is done via key, not password
- user public info is provided by a ldap server
- passwords are in a kerberos server.

This worked fine in RH8 and RH9, and syster RH8 stations still work, but somehow
ssh-ing to the rawhide one does not work

ssh-ing with password to root which is a local (not ldap+krb) user is still ok
though

Versions :
 
openssh-clients-3.6.1p2-4
openssh-server-3.6.1p2-4
openssh-3.6.1p2-4
openssh-askpass-gnome-3.6.1p2-4
openssh-askpass-3.6.1p2-4
krb5-devel-1.3.1-4
pam_krb5-2.0.2-1
krbafs-1.2.2-1
krbafs-devel-1.2.2-1
krb5-libs-1.3.1-4
docbook-style-dsssl-1.78-2
mod_ssl-2.0.47-6
openssl-0.9.7a-17
openssl-devel-0.9.7a-17
openldap-devel-2.1.22-5
nss_ldap-207-3
openldap-2.1.22-5

Failure logs :

[nim@ulysse nim]$ ssh -v ulysse
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /home/nim/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: Connecting to ulysse [192.168.1.40] port 22.
debug1: Connection established.
debug1: identity file /home/nim/.ssh/identity type 0
debug1: identity file /home/nim/.ssh/id_rsa type -1
debug1: identity file /home/nim/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ulysse' is known and matches the RSA host key.
debug1: Found key in /home/nim/.ssh/known_hosts:26
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/nim/.ssh/id_rsa
debug1: Offering public key: /home/nim/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 434 lastkey 0x830cb68 hint 2
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: channel_free: channel 0: client-session, nchannels 1
Read from remote host ulysse: Connection reset by peer
Connection to ulysse closed.
debug1: Transferred: stdin 0, stdout 0, stderr 86 bytes in 0.2 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 523.5
debug1: Exit status -1

In /var/log/messages :

Sep 16 13:38:22 ulysse sshd(pam_unix)[15655]: check pass; user unknown
Sep 16 13:38:22 ulysse sshd(pam_unix)[15655]: authentication failure; logname=
uid=0 euid=0 tty=NODEVssh ruser= rhost=ulysse.olympe.o2t
Sep 16 13:38:23 ulysse sshd[15655]: pam_krb5[15655]: disallowing NULL authtok
for 'nim'
Sep 16 13:38:23 ulysse sshd[15655]: pam_krb5[15655]: authentication fails for
'nim': Authentication failure (Generic error (see e-text))

Comment 1 Nicolas Mailhot 2003-09-26 12:02:38 UTC
Well, people are once again using my box to burn stuff remotely so I guess it's
fixed (the sneaky bastards didn't even notify me - I had to find a blank CD in
the burner to notice it;)

openssh-3.4p1-7
openssl-0.9.6b-33
krb5-libs-1.2.5-15
pam-0.77-3
pam_krb5-2.0.3-1


Note You need to log in before you can comment on or make changes to this bug.