I know, I know... I just haven't had the time to upgrade my live servers when I should have.
And thank <whoever> that I didn't! It took more than a week to upgrade the four machines! (lots of home build packages from unstable etc). Anyway, now all my machines are sarge and the shell server is experiencing some strange ssh behaviour... Everything works linux (woody, sarge and dapper) to linux, but from windows (SecureCRT) to linux, I don't even get the option to enter a password... Just: ----- s n i p ----- SecureCRT has disconnecteed from the server. Reason: Unable to authenticate using any of the configured authentication methods ----- s n i p ----- Running with trace/debug shows this: ----- s n i p ----- [SSH LOCAL ONLY] : Connect: <linux_server>:22 [direct] [SSH LOCAL ONLY] : State Change: SSH_STATE_UNKNOWN->SSH_STATE_CONNECTING [SSH LOCAL ONLY] : State Change: SSH_STATE_CONNECTING->SSH_STATE_EXPECT_IDENTIFIER [SSH LOCAL ONLY] : connected [SSH LOCAL ONLY] : RECV : Remote Identifier = "SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.6" [SSH LOCAL ONLY] : Autodetected Server Mode: IETF Draft Compliant [SSH LOCAL ONLY] : SEND : KEXINIT [SSH LOCAL ONLY] : State Change: SSH_STATE_EXPECT_IDENTIFIER->SSH_STATE_INITIAL_KEYEXCHANGE [SSH LOCAL ONLY] : RECV : Read kexinit [SSH LOCAL ONLY] : Kex Method = diffie-hellman-group-exchange-sha1 [SSH LOCAL ONLY] : Host Key Algo = ssh-dss [SSH LOCAL ONLY] : Send Cipher = aes128-cbc [SSH LOCAL ONLY] : Recv Cipher = aes128-cbc [SSH LOCAL ONLY] : Send Mac = hmac-md5 [SSH LOCAL ONLY] : Recv Mac = hmac-md5 [SSH LOCAL ONLY] : Compressor = none [SSH LOCAL ONLY] : Decompressor = none [SSH LOCAL ONLY] : SEND : KEXDH_GEX_REQUEST [SSH LOCAL ONLY] : RECV : KEXDH_GEX_GROUP [SSH LOCAL ONLY] : SEND : KEXDH_INIT [SSH LOCAL ONLY] : RECV : KEXDH_REPLY [SSH LOCAL ONLY] : SEND : NEWKEYS [SSH LOCAL ONLY] : State Change: SSH_STATE_INITIAL_KEYEXCHANGE->SSH_STATE_INITIAL_EXPECT_NEWKEYS [SSH LOCAL ONLY] : RECV : NEWKEYS [SSH LOCAL ONLY] : State Change: SSH_STATE_INITIAL_EXPECT_NEWKEYS->SSH_STATE_USERAUTH [SSH LOCAL ONLY] : SEND : SERVICE_REQUEST [userauth] [SSH LOCAL ONLY] : RECV : SERVICE_ACCEPT <offered to enter account name> [SSH LOCAL ONLY] : SENT : USERAUTH_REQUEST [none] [SSH LOCAL ONLY] : RECV : USERAUTH_FAILURE, continuations [publickey,keyboard-interactive] [SSH LOCAL ONLY] : SEND: Disconnect packet: Unable to authenticate using any of the configured authentication methods. [SSH LOCAL ONLY] : State Change: SSH_STATE_USERAUTH->SSH_STATE_CLOSING [SSH LOCAL ONLY] : State Change: SSH_STATE_CLOSING->SSH_STATE_CLOSED ----- s n i p ----- And this is the server in '-dd -e': ----- s n i p ----- debug2: read_server_config: filename /etc/ssh/sshd_config debug1: sshd version OpenSSH_3.8.1p1 Debian-8.sarge.6 debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: Bind to port 22 on <linux_server>. Server listening on <linux_server> port 22. debug1: Server will not fork when running in debugging mode. Connection from <windows_machine_behind_linux_NAT_firewall> port 4348 debug1: Client protocol version 2.0; client software version 3.3.1 SecureCRT debug1: no match: 3.3.1 SecureCRT debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.6 debug2: Network child is on pid 11009 debug1: permanently_set_uid: 100/65534 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss,ssh-rsa debug2: kex_parse_kexinit: aes128-cbc,aes192-cbc,aes256-cbc,twofish-cbc,blowfish-cbc,3des-cbc,arcfour debug2: kex_parse_kexinit: aes128-cbc,aes192-cbc,aes256-cbc,twofish-cbc,blowfish-cbc,3des-cbc,arcfour debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received debug2: monitor_read: 0 used once, disabling now debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug2: dh_gen_key: priv key bits set: 129/256 debug2: bits set: 508/1024 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug2: bits set: 518/1024 debug2: monitor_read: 4 used once, disabling now debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done <offered to enter account name> debug1: userauth-request for user turbo service ssh-connection method none debug1: attempt 0 failures 0 debug2: monitor_read: 6 used once, disabling now debug2: input_userauth_request: setting up authctxt for turbo debug2: input_userauth_request: try method none Failed none for turbo from <windows_machine_behind_linux_NAT_firewall> port 4348 ssh2 debug1: PAM: initializing for "turbo" debug1: PAM: setting PAM_RHOST to "<FQDN_of_linux_NAT_firewall" debug1: PAM: setting PAM_TTY to "ssh" debug2: monitor_read: 45 used once, disabling now debug2: monitor_read: 3 used once, disabling now Received disconnect from <windows_machine_behind_linux_NAT_firewall>: 14: Unable to authenticate using any of the configured authentication methods. debug1: do_cleanup debug1: do_cleanup ----- s n i p ----- The SecureCRT version is a little old, but... Anyone got an idea? -- bomb smuggle supercomputer SDI cryptographic jihad Nazi toluene iodine ammonium explosion congress domestic disruption KGB 767 [See http://www.aclu.org/echelonwatch/index.html for more about this] [Or http://www.europarl.eu.int/tempcom/echelon/pdf/rapport_echelon_en.pdf] If neither of these works, try http://www.aclu.org and search for echelon. Note. This is a real, not fiction. http://www.theregister.co.uk/2001/09/06/eu_releases_echelon_spying_report/ http://www.aclu.org/safefree/nsaspying/23989res20060131.html#echelon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
