what does the client say? (ssh -vvvp 222 localhost) On Tue, 27 Feb 2007, Josh Grosse wrote:
> On Tue, Feb 27, 2007 at 04:20:20PM -0700, Damien Miller wrote: > > Please send a Debug3 trace (sshd -dddp222), debug level 1 doesn't > > contain all the necessary information > > debug2: load_server_config: filename /etc/ssh/sshd_config > debug2: load_server_config: done config len = 268 > debug2: parse_server_config: config /etc/ssh/sshd_config len 268 > debug3: /etc/ssh/sshd_config:12 setting PermitRootLogin no > debug3: /etc/ssh/sshd_config:13 setting PasswordAuthentication no > debug3: /etc/ssh/sshd_config:14 setting ClientAliveInterval 15 > debug3: /etc/ssh/sshd_config:15 setting ClientAliveCountMax 3 > debug3: /etc/ssh/sshd_config:16 setting X11Forwarding yes > debug3: /etc/ssh/sshd_config:17 setting AddressFamily inet > debug3: /etc/ssh/sshd_config:101 setting Subsystem sftp > /usr/libexec/sftp-server > debug1: sshd version OpenSSH_4.5 > debug1: private host key: #0 type 0 RSA1 > debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. > debug1: read PEM private key done: type RSA > debug1: private host key: #1 type 1 RSA > debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. > debug1: read PEM private key done: type DSA > debug1: private host key: #2 type 2 DSA > debug1: rexec_argv[0]='/usr/sbin/sshd' > debug1: rexec_argv[1]='-dddp222' > debug2: fd 4 setting O_NONBLOCK > debug1: Bind to port 222 on 0.0.0.0. > Server listening on 0.0.0.0 port 222. > Generating 768 bit RSA key. > RSA key generation complete. > debug1: fd 5 clearing O_NONBLOCK > debug1: Server will not fork when running in debugging mode. > debug3: send_rexec_state: entering fd = 8 config len 268 > debug3: ssh_msg_send: type 0 > debug3: send_rexec_state: done > debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 > debug1: inetd sockets after dupping: 4, 4 > Connection from 192.168.2.50 port 26193 > debug1: Client protocol version 2.0; client software version OpenSSH_4.5 > debug1: match: OpenSSH_4.5 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-1.99-OpenSSH_4.5 > debug2: fd 4 setting O_NONBLOCK > debug2: Network child is on pid 18455 > debug3: preauth child monitor started > debug3: mm_request_receive entering > debug3: privsep user:group 27:27 > debug1: permanently_set_uid: 27/27 > debug1: list_hostkey_types: ssh-rsa,ssh-dss > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL > PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL > PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL > PROTECTED],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL > PROTECTED],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] > debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: blowfish-cbc > debug2: kex_parse_kexinit: blowfish-cbc > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL > PROTECTED],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL > PROTECTED],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib > debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_init: found hmac-md5 > debug1: kex: client->server blowfish-cbc hmac-md5 none > debug2: mac_init: found hmac-md5 > debug1: kex: server->client blowfish-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received > debug3: mm_request_send entering: type 0 > debug3: monitor_read: checking request 0 > debug3: mm_answer_moduli: got parameters: 1024 1024 8192 > debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI > debug3: mm_request_receive_expect entering: type 1 > debug3: mm_request_receive entering > debug3: mm_request_send entering: type 1 > debug3: mm_choose_dh: remaining 0 > debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent > debug2: dh_gen_key: priv key bits set: 128/256 > debug2: bits set: 535/1024 > debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT > debug2: monitor_read: 0 used once, disabling now > debug3: mm_request_receive entering > debug2: bits set: 533/1024 > debug3: mm_key_sign entering > debug3: mm_request_send entering: type 4 > debug3: monitor_read: checking request 4 > debug3: mm_answer_sign > debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN > debug3: mm_request_receive_expect entering: type 5 > debug3: mm_request_receive entering > debug3: mm_answer_sign: signature 0x7f854a00(271) > debug3: mm_request_send entering: type 5 > debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent > debug2: kex_derive_keys > debug2: set_newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug2: monitor_read: 4 used once, disabling now > debug3: mm_request_receive entering > debug2: set_newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: KEX done > debug1: userauth-request for user josh:skey service ssh-connection method none > debug1: attempt 0 failures 0 > debug3: mm_getpwnamallow entering > debug3: mm_request_send entering: type 6 > debug3: monitor_read: checking request 6 > debug3: mm_answer_pwnamallow > debug3: Trying to reverse map address 192.168.2.50. > debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM > debug3: mm_request_receive_expect entering: type 7 > debug3: mm_request_receive entering > debug2: parse_server_config: config reprocess config len 268 > debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 > debug3: mm_request_send entering: type 7 > debug2: monitor_read: 6 used once, disabling now > debug3: mm_request_receive entering > debug2: input_userauth_request: setting up authctxt for josh > debug3: mm_inform_authserv entering > debug3: mm_request_send entering: type 3 > debug3: monitor_read: checking request 3 > debug3: mm_answer_authserv: service=ssh-connection, style=skey > debug2: monitor_read: 3 used once, disabling now > debug3: mm_request_receive entering > debug2: input_userauth_request: try method none > debug1: userauth-request for user josh:skey service ssh-connection method > publickey > debug1: attempt 1 failures 1 > debug2: input_userauth_request: try method publickey > debug1: test whether pkalg/pkblob are acceptable > debug3: mm_key_allowed entering > debug3: mm_request_send entering: type 20 > debug3: monitor_read: checking request 20 > debug3: mm_answer_keyallowed entering > debug3: mm_answer_keyallowed: key_from_blob: 0x861d1800 > debug1: temporarily_use_uid: 1000/1000 (e=0/0) > debug1: trying public key file /home/josh/.ssh/authorized_keys > debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED > debug3: mm_request_receive_expect entering: type 21 > debug3: mm_request_receive entering > debug3: secure_filename: checking '/home/josh/.ssh' > debug3: secure_filename: checking '/home/josh' > debug3: secure_filename: terminating check at '/home/josh' > debug1: matching key found: file /home/josh/.ssh/authorized_keys, line 2 > Found matching RSA key: 2d:a3:2b:b3:29:a4:ea:9f:64:d1:df:50:87:32:31:c1 > debug1: restore_uid: 0/0 > debug3: mm_answer_keyallowed: key 0x861d1800 is allowed > debug3: mm_request_send entering: type 21 > debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa > Postponed publickey for josh from 192.168.2.50 port 26193 ssh2 > debug3: mm_request_receive entering > debug1: userauth-request for user josh:skey service ssh-connection method > publickey > debug1: attempt 2 failures 1 > debug2: input_userauth_request: try method publickey > debug3: mm_key_allowed entering > debug3: mm_request_send entering: type 20 > debug3: monitor_read: checking request 20 > debug3: mm_answer_keyallowed entering > debug3: mm_answer_keyallowed: key_from_blob: 0x861d1850 > debug1: temporarily_use_uid: 1000/1000 (e=0/0) > debug1: trying public key file /home/josh/.ssh/authorized_keys > debug3: secure_filename: checking '/home/josh/.ssh' > debug3: secure_filename: checking '/home/josh' > debug3: secure_filename: terminating check at '/home/josh' > debug1: matching key found: file /home/josh/.ssh/authorized_keys, line 2 > Found matching RSA key: 2d:a3:2b:b3:29:a4:ea:9f:64:d1:df:50:87:32:31:c1 > debug1: restore_uid: 0/0 > debug3: mm_answer_keyallowed: key 0x861d1850 is allowed > debug3: mm_request_send entering: type 21 > debug3: mm_request_receive entering > debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED > debug3: mm_request_receive_expect entering: type 21 > debug3: mm_request_receive entering > debug3: mm_key_verify entering > debug3: mm_request_send entering: type 22 > debug3: monitor_read: checking request 22 > hash mismatch > debug1: ssh_rsa_verify: signature incorrect > debug3: mm_answer_keyverify: key 0x861d17d0 signature unverified > debug3: mm_request_send entering: type 23 > Failed publickey for josh from 192.168.2.50 port 26193 ssh2 > debug3: mm_request_receive entering > debug3: mm_key_verify: waiting for MONITOR_ANS_KEYVERIFY > debug3: mm_request_receive_expect entering: type 23 > debug3: mm_request_receive entering > debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa > Connection closed by 192.168.2.50 > debug1: do_cleanup > debug1: do_cleanup
