ssh working oddly - 11.11 machine

meh1963 — Mon, 24 Nov 2008 22:20:31 GMT

Hello all -

I've been tasked with installing ssh on an 11.11 machine which is not being cooperative.

I installed the T1741AA package and tested it, and my problem is the inverse of what usually happens - root can login fine, but no normal users can log in.

The server is using PAM.

Here's the sshd_config (active lines only):

Protocol 2
AddressFamily inet # to speed things up
Listenaddress hostname:22
HostKey /opt/ssh/etc/ssh_host_rsa_key
HostKey /opt/ssh/etc/ssh_host_dsa_key
LogLevel DEBUG
PermitRootLogin yes # it allows root login even with this commented out!
StrictModes no #don't think I need this
UsePam yes
PasswordAuthentication yes
X11 Forwarding yes
X11UseLocalhost no
useDNS yes
Subsystem sftp /opt/ssh/libexec/sftp-server

Syslog shows the following with failed logins:

Nov 24 23:08:50 devsrvr sshd[4104]: Connection from 172.19.45.40 port 4876
Nov 24 23:08:50 devsrvr sshd[4104]: SSH: Server;Ltype: Version;Remote: 172.19.45.
40-4876;Protocol: 2.0;Client: PuTTY_Release_0.60
Nov 24 23:09:01 devsrvr sshd[4104]: reverse mapping checking getaddrinfo for 172-
19-45-40.foo.com [172.19.45.40] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov 24 23:09:01 devsrvr sshd[4104]: Failed none for sshtest from 172.19.45.40 port
4876 ssh2

Debug information from sshd -Ddd for this is pretty long - - see below.

Any thoughts as to why root can log in but no one else (user sshtest, created for this purpose) can? It looks as though it's authenticating but it gets to the end and hangs...

The server is patched properly (e.g., with the patches HP requires for ssh)....

Thanks
-Matt-

Debug data:

_Release_0.60
debug1: no match: PuTTY_Release_0.60
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1+sftpfilecontrol-v1.2-hpn13v5
debug2: fd 5 setting O_NONBLOCK
debug3: privsep user:group 105:104
debug1: permanently_set_uid: 105/104
debug1: MYFLAG IS 1
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128
debug2: kex_parse_kexinit: aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-sha1
debug1: REQUESTED ENC.NAME is 'aes256-ctr'
debug1: kex: client->server aes256-ctr hmac-sha1 none
SSH: Server;Ltype: Kex;Remote: 172.19.45.40-4886;Enc: aes256-ctr;MAC: hmac-sha1;Comp: none
debug2: mac_setup: found hmac-sha1
debug1: REQUESTED ENC.NAME is 'aes256-ctr'
debug1: kex: server->client aes256-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received
debug3: mm_request_send entering: type 0
debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
debug3: mm_request_receive_expect entering: type 1
debug3: mm_request_receive entering
debug2: Network child is on pid 4130
debug3: preauth child monitor started
debug3: mm_request_receive entering
debug3: monitor_read: checking request 0
debug3: mm_answer_moduli: got parameters: 1024 4096 8192
debug3: mm_request_send entering: type 1
debug3: mm_choose_dh: remaining 0
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug2: monitor_read: 0 used once, disabling now
debug3: mm_request_receive entering
debug2: dh_gen_key: priv key bits set: 267/512
debug2: bits set: 2080/4096
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 2127/4096
debug3: mm_key_sign entering
debug3: mm_request_send entering: type 4
debug3: monitor_read: checking request 4
debug3: mm_answer_sign
debug3: mm_answer_sign: signature 40059a70(271)
debug3: mm_request_send entering: type 5
debug2: monitor_read: 4 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
debug3: mm_request_receive_expect entering: type 5
debug3: mm_request_receive entering
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug2: cipher_init: set keylen (16 -> 32)
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug2: cipher_init: set keylen (16 -> 32)
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user sshtest service ssh-connection method none
SSH: Server;Ltype: Authname;Remote: 172.19.45.40-4886;Name: sshtest
debug1: attempt 0 failures 0
debug3: mm_getpwnamallow entering
debug3: mm_request_send entering: type 6
debug3: monitor_read: checking request 6
debug3: mm_answer_pwnamallow
debug3: Trying to reverse map address 172.19.45.40.
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
debug3: mm_request_receive_expect entering: type 7
debug3: mm_request_receive entering
reverse mapping checking getaddrinfo for 172-19-45-40.xilinx.com [172.19.45.40] failed - POSSIBLE BREAK-IN ATTEMPT!
debug2: parse_server_config: config reprocess config len 547
debug1: Config token is port
debug1: Config token is protocol
debug1: Config token is addressfamily
debug1: Config token is listenaddress
debug1: Config token is hostkey
debug1: Config token is hostkey
debug1: Config token is syslogfacility
debug1: Config token is loglevel
debug1: Config token is permitrootlogin
debug1: Config token is strictmodes
debug1: Config token is passwordauthentication
debug1: Config token is usepam
debug1: Config token is passwordauthentication
debug1: Config token is x11forwarding
debug1: Config token is x11uselocalhost
debug1: Config token is uselogin
debug1: Config token is usedns
debug1: Config token is subsystem
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: mm_request_receive entering
debug2: input_userauth_request: setting up authctxt for sshtest
debug3: mm_start_pam entering
debug3: mm_request_send entering: type 45
debug3: monitor_read: checking request 45
debug1: PAM: initializing for "sshtest"
debug1: PAM: setting PAM_RHOST to "172.19.45.40"
debug2: monitor_read: 45 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_inform_authserv entering
debug3: mm_request_send entering: type 3
debug3: monitor_read: checking request 3
debug3: mm_answer_authserv: service=ssh-connection, style=
debug2: monitor_read: 3 used once, disabling now
debug3: mm_request_receive entering
debug3: auth_allowed: method=none user=sshtest
debug3: Trying to reverse map address 172.19.45.40.
debug2: input_userauth_request: try method none
debug3: mm_auth_password entering
debug3: mm_request_send entering: type 10
debug3: monitor_read: checking request 10
debug3: mm_answer_authpassword: sending result 0
debug3: mm_request_send entering: type 11
Failed none for sshtest from 172.19.45.40 port 4886 ssh2
debug1: audit event euid 0 user sshtest event 3 (AUTH_FAIL_NONE)
debug3: mm_request_receive entering
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
debug3: mm_request_receive_expect entering: type 11
debug3: mm_request_receive entering
debug3: mm_auth_password: user not authenticated
debug3: auth_allowed: method=publickey user=sshtest
debug3: auth_allowed: method=password user=sshtest
debug3: auth_allowed: method=keyboard-interactive user=sshtest
debug1: userauth-request for user sshtest service ssh-connection method keyboard-interactive
debug1: attempt 1 failures 0
debug3: auth_allowed: method=keyboard-interactive user=sshtest
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=sshtest devs=
debug1: kbdint_alloc: devices 'pam'
debug2: auth2_challenge_start: devices pam
debug3: auth_allowed: method=chrsp-pam user=sshtest
debug2: kbdint_next_device: devices
debug1: auth2_challenge_start: trying authentication method 'pam'
debug3: mm_sshpam_init_ctx
debug3: mm_request_send entering: type 48
debug3: monitor_read: checking request 48
debug3: mm_answer_pam_init_ctx
debug3: PAM: sshpam_init_ctx entering
debug3: PAM: sshpam_thread_conv entering, 1 messages
debug3: ssh_msg_send: type 1
debug3: ssh_msg_recv entering
debug3: mm_request_send entering: type 49
debug3: mm_request_receive entering
debug3: mm_sshpam_init_ctx: waiting for MONITOR_ANS_PAM_INIT_CTX
debug3: mm_request_receive_expect entering: type 49
debug3: mm_request_receive entering
debug3: mm_sshpam_query
debug3: mm_request_send entering: type 50
debug3: monitor_read: checking request 50
debug3: mm_answer_pam_query
debug3: PAM: sshpam_query entering
debug3: ssh_msg_recv entering
debug3: mm_request_send entering: type 51
debug3: mm_request_receive entering
debug3: mm_sshpam_query: waiting for MONITOR_ANS_PAM_QUERY
debug3: mm_request_receive_expect entering: type 51
debug3: mm_request_receive entering
debug3: mm_sshpam_query: pam_query returned 0
Postponed keyboard-interactive for sshtest from 172.19.45.40 port 4886 ssh2
debug3: mm_sshpam_respond
debug3: mm_request_send entering: type 52
debug3: monitor_read: checking request 52
debug3: mm_answer_pam_respond
debug2: PAM: sshpam_respond entering, 1 responses
debug3: ssh_msg_send: type 6
debug3: mm_request_send entering: type 53
debug3: mm_request_receive entering
debug3: mm_sshpam_respond: waiting for MONITOR_ANS_PAM_RESPOND
debug3: mm_request_receive_expect entering: type 53
debug3: mm_request_receive entering
debug3: mm_sshpam_respond: pam_respond returned 1
debug3: mm_sshpam_query
debug3: mm_request_send entering: type 50
debug3: monitor_read: checking request 50
debug3: mm_answer_pam_query
debug3: PAM: sshpam_query entering
debug3: ssh_msg_recv entering
debug3: mm_sshpam_query: waiting for MONITOR_ANS_PAM_QUERY
debug3: mm_request_receive_expect entering: type 51
debug3: mm_request_receive entering

(hangs here and never gets out).

Re: ssh working oddly - 11.11 machine

Steven E. Protter — Mon, 24 Nov 2008 23:41:09 GMT

Shalom,

Could be a bad version. Try an earlier version perhaps from an Application CD.

Could be you need to take sshd_config from a working system and put it on this system.

SEP

Re: ssh working oddly - 11.11 machine

meh1963 — Mon, 24 Nov 2008 23:50:44 GMT

Well, eventually it worked - briefly - when I added

HostbasedUsesNameFromPacketOnly yes

It worked once and then it bailed. Very odd....

topic Re: ssh working oddly - 11.11 machine in Operating System - HP-UX

ssh working oddly - 11.11 machine

Re: ssh working oddly - 11.11 machine

Re: ssh working oddly - 11.11 machine