Discussion:
problem with HostbasedAuthentication
(too old to reply)
Mahmood Naderan
2011-04-26 05:58:24 UTC
Permalink
Hi,
I am trying to setup a hostbased passwrodless ssh from a client to a server using this guide http://www.ehow.com/how_7621307_set-up-hostbased-authentication.html.

The client looks like:

***@client:~$ cat /etc/ssh/ssh_config  | grep "HostbasedAuthentication"
   HostbasedAuthentication yes 
***@client:~$ cat /etc/ssh/ssh_config  | grep "EnableSSHKeysign"
   EnableSSHKeysign yes


and the server looks like:
***@server:~$ cat /etc/ssh/sshd_config  | grep "HostbasedAuthentication"
HostbasedAuthentication yes 
***@server:~$ cat /etc/ssh/sshd_config  | grep "IgnoreRhosts"
IgnoreRhosts no 

also the server has the key for client:

***@server:~$ cat /etc/ssh/ssh_known_hosts 
client ssh-rsa AAAAB3Nz.....

the ~/.shosts file on the server contains:
***@server:~$ cat .shosts 
client.domain mahmood

Then on both server and client, the ssh service is restarted:
***@client:~$ sudo service ssh restart
ssh start/running, process 1355
***@server:~$ sudo service ssh restart
ssh start/running, process 28982

How, when I run "ssh -vvv server" from client (to show the verbose messages), I still get the password prompt. 

***@client:~$ ssh -vvv server
OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to server [192.168.1.1] port 22.
debug1: Connection established.
debug1: identity file /home/mahmood/.ssh/identity type -1
debug1: identity file /home/mahmood/.ssh/id_rsa type -1
debug1: identity file /home/mahmood/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu4
debug1: match: OpenSSH_5.3p1 Debian-3ubuntu4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu6
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 831
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
cbc,aes256-cbc,arcfour,rijndael-***@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
cbc,aes256-cbc,arcfour,rijndael-***@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-***@openssh.com,hmac-ripemd160,hmac-***@openssh.com,hmac-sha1-96,hmac-
md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-***@openssh.com,hmac-ripemd160,hmac-***@openssh.com,hmac-sha1-96,hmac-
md5-96
debug2: kex_parse_kexinit: none,***@openssh.com,zlib
debug2: kex_parse_kexinit: none,***@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
cbc,aes256-cbc,arcfour,rijndael-***@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
cbc,aes256-cbc,arcfour,rijndael-***@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-***@openssh.com,hmac-ripemd160,hmac-***@openssh.com,hmac-sha1-96,hmac-
md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-***@openssh.com,hmac-ripemd160,hmac-***@openssh.com,hmac-sha1-96,hmac-
md5-96
debug2: kex_parse_kexinit: none,***@openssh.com
debug2: kex_parse_kexinit: none,***@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 855
debug2: dh_gen_key: priv key bits set: 124/256
debug2: bits set: 507/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 999
debug3: check_host_in_hostfile: filename /home/mahmood/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename /home/mahmood/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host 'server' is known and matches the RSA host key.
debug1: Found key in /home/mahmood/.ssh/known_hosts:1
debug2: bits set: 503/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1015
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1063
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/mahmood/.ssh/identity ((nil))
debug2: key: /home/mahmood/.ssh/id_rsa ((nil))
debug2: key: /home/mahmood/.ssh/id_dsa ((nil))
debug3: Wrote 64 bytes for a total of 1127
debug1: Authentications that can continue: publickey,password,hostbased
debug3: start over, passed a different list publickey,password,hostbased
debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,hostbased,publickey,keyboard-interactive,password
debug3: authmethod_lookup hostbased
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled hostbased
debug1: Next authentication method: hostbased
debug2: userauth_hostbased: chost client.
debug2: ssh_keysign called
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug1: permanently_drop_suid: 1000
debug2: we sent a hostbased packet, wait for reply
debug3: Wrote 608 bytes for a total of 1735
debug1: Authentications that can continue: publickey,password,hostbased
debug2: userauth_hostbased: chost client.
debug2: ssh_keysign called
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug1: permanently_drop_suid: 1000
debug2: we sent a hostbased packet, wait for reply
debug3: Wrote 672 bytes for a total of 2407
debug1: Authentications that can continue: publickey,password,hostbased
debug1: No more client hostkeys for hostbased authentication.
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/mahmood/.ssh/identity
debug3: no such identity: /home/mahmood/.ssh/identity
debug1: Trying private key: /home/mahmood/.ssh/id_rsa
debug3: no such identity: /home/mahmood/.ssh/id_rsa
debug1: Trying private key: /home/mahmood/.ssh/id_dsa
debug3: no such identity: /home/mahmood/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
***@server's password: 


Any idea about that?
 
// Naderan *Mahmood;
Asif Iqbal
2011-04-27 19:08:45 UTC
Permalink
Change the order method. Have hostbased before password
Sorry where should I do that?
man ssh_config and look into PreferredAuthentications
// Naderan *Mahmood;
Sent: Wednesday, April 27, 2011 9:17 AM
Subject: Re: problem with HostbasedAuthentication
Change the order method. Have hostbased before password
Hi,
I am trying to setup a hostbased passwrodless ssh from a client to a server using this guide http://www.ehow.com/how_7621307_set-up-hostbased-authentication.html.
   HostbasedAuthentication yes
   EnableSSHKeysign yes
HostbasedAuthentication yes
IgnoreRhosts no
client ssh-rsa AAAAB3Nz.....
client.domain mahmood
ssh start/running, process 1355
ssh start/running, process 28982
How, when I run "ssh -vvv server" from client (to show the verbose messages), I still get the password prompt.
OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to server [192.168.1.1] port 22.
debug1: Connection established.
debug1: identity file /home/mahmood/.ssh/identity type -1
debug1: identity file /home/mahmood/.ssh/id_rsa type -1
debug1: identity file /home/mahmood/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu4
debug1: match: OpenSSH_5.3p1 Debian-3ubuntu4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu6
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 831
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
md5-96
md5-96
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
md5-96
md5-96
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 855
debug2: dh_gen_key: priv key bits set: 124/256
debug2: bits set: 507/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 999
debug3: check_host_in_hostfile: filename /home/mahmood/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename /home/mahmood/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host 'server' is known and matches the RSA host key.
debug1: Found key in /home/mahmood/.ssh/known_hosts:1
debug2: bits set: 503/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1015
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1063
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/mahmood/.ssh/identity ((nil))
debug2: key: /home/mahmood/.ssh/id_rsa ((nil))
debug2: key: /home/mahmood/.ssh/id_dsa ((nil))
debug3: Wrote 64 bytes for a total of 1127
debug1: Authentications that can continue: publickey,password,hostbased
debug3: start over, passed a different list publickey,password,hostbased
debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,hostbased,publickey,keyboard-interactive,password
debug3: authmethod_lookup hostbased
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled hostbased
debug1: Next authentication method: hostbased
debug2: userauth_hostbased: chost client.
debug2: ssh_keysign called
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug1: permanently_drop_suid: 1000
debug2: we sent a hostbased packet, wait for reply
debug3: Wrote 608 bytes for a total of 1735
debug1: Authentications that can continue: publickey,password,hostbased
debug2: userauth_hostbased: chost client.
debug2: ssh_keysign called
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug1: permanently_drop_suid: 1000
debug2: we sent a hostbased packet, wait for reply
debug3: Wrote 672 bytes for a total of 2407
debug1: Authentications that can continue: publickey,password,hostbased
debug1: No more client hostkeys for hostbased authentication.
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/mahmood/.ssh/identity
debug3: no such identity: /home/mahmood/.ssh/identity
debug1: Trying private key: /home/mahmood/.ssh/id_rsa
debug3: no such identity: /home/mahmood/.ssh/id_rsa
debug1: Trying private key: /home/mahmood/.ssh/id_dsa
debug3: no such identity: /home/mahmood/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
Any idea about that?
// Naderan *Mahmood;
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Mahmood Naderan
2011-04-28 10:24:56 UTC
Permalink
Can you explain exactly which file I should edit? What is FQDN? By 'hostname', Do you mean server hostname of client hostname.
Should I do that on both side or server side?...

// Naderan *Mahmood;


----- Original Message -----
From: Sharad <***@yahoo.com>
To: Mahmood Naderan <***@yahoo.com>; Asif Iqbal <***@gmail.com>
Cc: "***@securityfocus.com" <***@securityfocus.com>
Sent: Thursday, April 28, 2011 1:16 PM
Subject: Re: problem with HostbasedAuthentication

Sometimes the issue lies with hostname as well. What I mean with that is the known_hosts may have just the host name where as when the connection is established, the debug shows the FQDN. I faced this issue so to be sure, I edited the known_hosts file and inserted the hostname, hostname's FQDN and it's IP address (all comma separated).

Also ensure that you both the hosts' known_hosts files have opposite servers names (as prescribed above).

All the above checks makes it work for me.

Hope this solves.

Kind regards,
Sharad
Subject: Re: problem with HostbasedAuthentication
Date: Thursday, 28 April, 2011, 12:38 AM
On Wed, Apr 27, 2011 at 1:12 AM,
Change the order method. Have hostbased before
password
Sorry where should I do that?
man ssh_config and look into PreferredAuthentications
// Naderan *Mahmood;
Sent: Wednesday, April 27, 2011 9:17 AM
Subject: Re: problem with HostbasedAuthentication
Change the order method. Have hostbased before
password
Hi,
I am trying to setup a hostbased passwrodless ssh
from a client to a server using this guide http://www.ehow.com/how_7621307_set-up-hostbased-authentication.html.
"HostbasedAuthentication"
   HostbasedAuthentication yes
"EnableSSHKeysign"
   EnableSSHKeysign yes
grep "HostbasedAuthentication"
HostbasedAuthentication yes
grep "IgnoreRhosts"
IgnoreRhosts no
client ssh-rsa AAAAB3Nz.....
client.domain mahmood
Then on both server and client, the ssh service is
ssh start/running, process 1355
ssh start/running, process 28982
How, when I run "ssh -vvv server" from client (to
show the verbose messages), I still get the password
prompt.
OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k 25
Mar 2009
debug1: Reading configuration data
/etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to server [192.168.1.1] port
22.
debug1: Connection established.
debug1: identity file /home/mahmood/.ssh/identity
type -1
debug1: identity file /home/mahmood/.ssh/id_rsa
type -1
debug1: identity file /home/mahmood/.ssh/id_dsa
type -1
debug1: Remote protocol version 2.0, remote
software version OpenSSH_5.3p1 Debian-3ubuntu4
debug1: match: OpenSSH_5.3p1 Debian-3ubuntu4 pat
OpenSSH*
debug1: Enabling compatibility mode for protocol
2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1
Debian-3ubuntu6
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 831
debug1: SSH2_MSG_KEXINIT received
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
md5-96
md5-96
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
md5-96
md5-96
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5
none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5
none
SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 855
debug2: dh_gen_key: priv key bits set: 124/256
debug2: bits set: 507/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 999
debug3: check_host_in_hostfile: filename
/home/mahmood/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename
/home/mahmood/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host 'server' is known and matches the RSA
host key.
debug1: Found key in
/home/mahmood/.ssh/known_hosts:1
debug2: bits set: 503/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1015
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1063
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/mahmood/.ssh/identity ((nil))
debug2: key: /home/mahmood/.ssh/id_rsa ((nil))
debug2: key: /home/mahmood/.ssh/id_dsa ((nil))
debug3: Wrote 64 bytes for a total of 1127
publickey,password,hostbased
debug3: start over, passed a different list
publickey,password,hostbased
debug3: preferred
gssapi-keyex,gssapi-with-mic,gssapi,hostbased,publickey,keyboard-interactive,password
debug3: authmethod_lookup hostbased
publickey,keyboard-interactive,password
debug3: authmethod_is_enabled hostbased
debug1: Next authentication method: hostbased
debug2: userauth_hostbased: chost client.
debug2: ssh_keysign called
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug1: permanently_drop_suid: 1000
debug2: we sent a hostbased packet, wait for
reply
debug3: Wrote 608 bytes for a total of 1735
publickey,password,hostbased
debug2: userauth_hostbased: chost client.
debug2: ssh_keysign called
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug1: permanently_drop_suid: 1000
debug2: we sent a hostbased packet, wait for
reply
debug3: Wrote 672 bytes for a total of 2407
publickey,password,hostbased
debug1: No more client hostkeys for hostbased
authentication.
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
/home/mahmood/.ssh/identity
/home/mahmood/.ssh/identity
/home/mahmood/.ssh/id_rsa
/home/mahmood/.ssh/id_rsa
/home/mahmood/.ssh/id_dsa
/home/mahmood/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
Any idea about that?
// Naderan *Mahmood;
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally
read text.
Q: Why is top-posting such a bad thing?
Sharad
2011-04-28 12:50:15 UTC
Permalink
Mahmood,

The files are /home/username/.ssh/known_hosts on both server and client.

By FQDN, I meant host's fully qualified domain name.

Following is the example:

Assuming both client and server are linux hosts:

Server IP: 192.168.1.1
Client IP: 192.168.1.101

Server Name: lnx_srvr_1.domain.com
Client Name: lnx_clnt_101.domain.com

User name on each host is mahmood.

Following would be the entries in .shosts on lnx_srvr_1


lnx_srvr_1:/home/mahmood $ cat .shosts

lnx_clnt_101.domain.com mahmood
192.168.1.101 mahmood
lnx_clnt_101 mahmood

Following should exist in /home/mahmood/.ssh/known_hosts file on the server side:
192.168.1.101,lnx_clnt_101,lnx_clnt_101.domain.com ssh-rsa AAAAB3Nz...

Following should also exist in /home/mahmood/.ssh/known_hosts file on the client side:
192.168.1.1,lnx_srvr_1,lnx_srvr_1.domain.com ssh-rsa AAAAB3Nz...

Ensure that .ssh directory on both client and server are rwx for owner only and group/rest of world is 000.

Hope this helps! Good Luck! :)

Regards,
Sharad
Subject: Re: problem with HostbasedAuthentication
Date: Thursday, 28 April, 2011, 3:54 PM
Can you explain exactly which file I
should edit? What is FQDN? By 'hostname', Do you mean server
hostname of client hostname.
Should I do that on both side or server side?...
// Naderan *Mahmood;
----- Original Message -----
Sent: Thursday, April 28, 2011 1:16 PM
Subject: Re: problem with HostbasedAuthentication
Sometimes the issue lies with hostname as well. What I mean
with that is the known_hosts may have just the host name
where as when the connection is established, the debug shows
the FQDN. I faced this issue so to be sure, I edited the
known_hosts file and inserted the hostname, hostname's FQDN
and it's IP address (all comma separated).
Also ensure that you both the hosts' known_hosts files have
opposite servers names (as prescribed above).
All the above checks makes it work for me.
Hope this solves.
Kind regards,
Sharad
Subject: Re: problem with HostbasedAuthentication
Date: Thursday, 28 April, 2011, 12:38 AM
On Wed, Apr 27, 2011 at 1:12 AM,
Change the order method. Have hostbased
before
password
Sorry where should I do that?
man ssh_config and look into PreferredAuthentications
// Naderan *Mahmood;
Sent: Wednesday, April 27, 2011 9:17 AM
Subject: Re: problem with
HostbasedAuthentication
Change the order method. Have hostbased before
password
On Apr 26, 2011 11:52 PM, "Mahmood Naderan"
Hi,
I am trying to setup a hostbased passwrodless
ssh
from a client to a server using this guide http://www.ehow.com/how_7621307_set-up-hostbased-authentication.html.
grep
"HostbasedAuthentication"
   HostbasedAuthentication yes
grep
"EnableSSHKeysign"
   EnableSSHKeysign yes
|
grep "HostbasedAuthentication"
HostbasedAuthentication yes
|
grep "IgnoreRhosts"
IgnoreRhosts no
/etc/ssh/ssh_known_hosts
client ssh-rsa AAAAB3Nz.....
client.domain mahmood
Then on both server and client, the ssh
service is
ssh start/running, process 1355
ssh start/running, process 28982
How, when I run "ssh -vvv server" from client
(to
show the verbose messages), I still get the password
prompt.
OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k
25
Mar 2009
debug1: Reading configuration data
/etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to server [192.168.1.1]
port
22.
debug1: Connection established.
debug1: identity file
/home/mahmood/.ssh/identity
type -1
debug1: identity file
/home/mahmood/.ssh/id_rsa
type -1
debug1: identity file
/home/mahmood/.ssh/id_dsa
type -1
debug1: Remote protocol version 2.0, remote
software version OpenSSH_5.3p1 Debian-3ubuntu4
debug1: match: OpenSSH_5.3p1 Debian-3ubuntu4
pat
OpenSSH*
debug1: Enabling compatibility mode for
protocol
2.0
debug1: Local version string
SSH-2.0-OpenSSH_5.3p1
Debian-3ubuntu6
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 831
debug1: SSH2_MSG_KEXINIT received
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
md5-96
md5-96
debug2: kex_parse_kexinit: first_kex_follows
0
debug2: kex_parse_kexinit: reserved 0
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
md5-96
md5-96
debug2: kex_parse_kexinit: first_kex_follows
0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr
hmac-md5
none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr
hmac-md5
none
SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)
sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 855
124/256
debug2: bits set: 507/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 999
debug3: check_host_in_hostfile: filename
/home/mahmood/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename
/home/mahmood/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host 'server' is known and matches
the RSA
host key.
debug1: Found key in
/home/mahmood/.ssh/known_hosts:1
debug2: bits set: 503/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1015
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1063
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/mahmood/.ssh/identity
((nil))
debug2: key: /home/mahmood/.ssh/id_rsa
((nil))
debug2: key: /home/mahmood/.ssh/id_dsa
((nil))
debug3: Wrote 64 bytes for a total of 1127
publickey,password,hostbased
debug3: start over, passed a different list
publickey,password,hostbased
debug3: preferred
gssapi-keyex,gssapi-with-mic,gssapi,hostbased,publickey,keyboard-interactive,password
debug3: authmethod_lookup hostbased
publickey,keyboard-interactive,password
debug3: authmethod_is_enabled hostbased
hostbased
debug2: userauth_hostbased: chost client.
debug2: ssh_keysign called
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug1: permanently_drop_suid: 1000
debug2: we sent a hostbased packet, wait for
reply
debug3: Wrote 608 bytes for a total of 1735
publickey,password,hostbased
debug2: userauth_hostbased: chost client.
debug2: ssh_keysign called
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug1: permanently_drop_suid: 1000
debug2: we sent a hostbased packet, wait for
reply
debug3: Wrote 672 bytes for a total of 2407
publickey,password,hostbased
debug1: No more client hostkeys for
hostbased
authentication.
debug2: we did not send a packet, disable
method
debug3: authmethod_lookup publickey
keyboard-interactive,password
debug3: authmethod_is_enabled publickey
publickey
/home/mahmood/.ssh/identity
/home/mahmood/.ssh/identity
/home/mahmood/.ssh/id_rsa
/home/mahmood/.ssh/id_rsa
/home/mahmood/.ssh/id_dsa
/home/mahmood/.ssh/id_dsa
debug2: we did not send a packet, disable
method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
Any idea about that?
// Naderan *Mahmood;
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people
normally
read text.
Q: Why is top-posting such a bad thing?
Mahmood Naderan
2011-04-28 17:42:42 UTC
Permalink
Dear Sharad,
I am now trying to setup a hostbased ssh from server to client (previously client->server worked fine based on your help). I want it to be bidirectional.
 
I did the same thing in reverse (now the client becomes server and the server becoms client). However this is what I get while trying to ssh from server to client:
 
 
debug3: Wrote 48 bytes for a total of 1063
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/mahmood/.ssh/identity ((nil))
debug2: key: /home/mahmood/.ssh/id_rsa ((nil))
debug2: key: /home/mahmood/.ssh/id_dsa ((nil))
debug3: Wrote 64 bytes for a total of 1127
debug1: Authentications that can continue: publickey,password,hostbased
debug3: start over, passed a different list publickey,password,hostbased
debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,hostbased,publickey,keyboard-interactive,password
debug3: authmethod_lookup hostbased
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled hostbased
debug1: Next authentication method: hostbased
get_socket_address: getnameinfo 8 failed: Name or service not known
debug2: userauth_hostbased: chost server.
debug2: ssh_keysign called
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug1: permanently_drop_suid: 1000
get_socket_address: getnameinfo 8 failed: Name or service not known
cannot get sockname for fd
ssh_keysign: no reply
key_sign failed
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/mahmood/.ssh/identity
debug3: no such identity: /home/mahmood/.ssh/identity
debug1: Trying private key: /home/mahmood/.ssh/id_rsa
debug3: no such identity: /home/mahmood/.ssh/id_rsa
debug1: Trying private key: /home/mahmood/.ssh/id_dsa
debug3: no such identity: /home/mahmood/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
***@192.168.1.3's password:

 
What is your suggestion?

// Naderan *Mahmood;


----- Original Message -----
From: Sharad <***@yahoo.com>
To: Mahmood Naderan <***@yahoo.com>
Cc: "***@securityfocus.com" <***@securityfocus.com>
Sent: Thursday, April 28, 2011 5:20 PM
Subject: Re: problem with HostbasedAuthentication

Mahmood,

The files are /home/username/.ssh/known_hosts on both server and client.

By FQDN, I meant host's fully qualified domain name.

Following is the example:

Assuming both client and server are linux hosts:

Server IP: 192.168.1.1
Client IP: 192.168.1.101

Server Name: lnx_srvr_1.domain.com
Client Name: lnx_clnt_101.domain.com

User name on each host is mahmood.

Following would be the entries in .shosts on lnx_srvr_1


lnx_srvr_1:/home/mahmood $ cat .shosts

lnx_clnt_101.domain.com mahmood
192.168.1.101 mahmood
lnx_clnt_101 mahmood

Following should exist in /home/mahmood/.ssh/known_hosts file on the server side:
192.168.1.101,lnx_clnt_101,lnx_clnt_101.domain.com  ssh-rsa AAAAB3Nz...

Following should also exist in /home/mahmood/.ssh/known_hosts file on the client side:
192.168.1.1,lnx_srvr_1,lnx_srvr_1.domain.com  ssh-rsa AAAAB3Nz...

Ensure that .ssh directory on both client and server are rwx for owner only and group/rest of world is 000.

Hope this helps! Good Luck! :)

Regards,
Sharad 
Subject: Re: problem with HostbasedAuthentication
Date: Thursday, 28 April, 2011, 3:54 PM
Can you explain exactly which file I
should edit? What is FQDN? By 'hostname', Do you mean server
hostname of client hostname.
Should I do that on both side or server side?...
// Naderan *Mahmood;
----- Original Message -----
Sent: Thursday, April 28, 2011 1:16 PM
Subject: Re: problem with HostbasedAuthentication
Sometimes the issue lies with hostname as well. What I mean
with that is the known_hosts may have just the host name
where as when the connection is established, the debug shows
the FQDN. I faced this issue so to be sure, I edited the
known_hosts file and inserted the hostname, hostname's FQDN
and it's IP address (all comma separated).
Also ensure that you both the hosts' known_hosts files have
opposite servers names (as prescribed above).
All the above checks makes it work for me.
Hope this solves.
Kind regards,
Sharad
Subject: Re: problem with HostbasedAuthentication
Date: Thursday, 28 April, 2011, 12:38 AM
On Wed, Apr 27, 2011 at 1:12 AM,
Change the order method. Have hostbased
before
password
Sorry where should I do that?
man ssh_config and look into PreferredAuthentications
// Naderan *Mahmood;
Sent: Wednesday, April 27, 2011 9:17 AM
Subject: Re: problem with
HostbasedAuthentication
Change the order method. Have hostbased before
password
On Apr 26, 2011 11:52 PM, "Mahmood Naderan"
Hi,
I am trying to setup a hostbased passwrodless
ssh
from a client to a server using this guide http://www.ehow.com/how_7621307_set-up-hostbased-authentication.html.
grep
"HostbasedAuthentication"
   HostbasedAuthentication yes
grep
"EnableSSHKeysign"
   EnableSSHKeysign yes
|
grep "HostbasedAuthentication"
HostbasedAuthentication yes
|
grep "IgnoreRhosts"
IgnoreRhosts no
/etc/ssh/ssh_known_hosts
client ssh-rsa AAAAB3Nz.....
client.domain mahmood
Then on both server and client, the ssh
service is
ssh start/running, process 1355
ssh start/running, process 28982
How, when I run "ssh -vvv server" from client
(to
show the verbose messages), I still get the password
prompt.
OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k
25
Mar 2009
debug1: Reading configuration data
/etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to server [192.168.1.1]
port
22.
debug1: Connection established.
debug1: identity file
/home/mahmood/.ssh/identity
type -1
debug1: identity file
/home/mahmood/.ssh/id_rsa
type -1
debug1: identity file
/home/mahmood/.ssh/id_dsa
type -1
debug1: Remote protocol version 2.0, remote
software version OpenSSH_5.3p1 Debian-3ubuntu4
debug1: match: OpenSSH_5.3p1 Debian-3ubuntu4
pat
OpenSSH*
debug1: Enabling compatibility mode for
protocol
2.0
debug1: Local version string
SSH-2.0-OpenSSH_5.3p1
Debian-3ubuntu6
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 831
debug1: SSH2_MSG_KEXINIT received
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
md5-96
md5-96
debug2: kex_parse_kexinit: first_kex_follows
0
debug2: kex_parse_kexinit: reserved 0
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
md5-96
md5-96
debug2: kex_parse_kexinit: first_kex_follows
0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr
hmac-md5
none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr
hmac-md5
none
SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)
sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 855
124/256
debug2: bits set: 507/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 999
debug3: check_host_in_hostfile: filename
/home/mahmood/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename
/home/mahmood/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host 'server' is known and matches
the RSA
host key.
debug1: Found key in
/home/mahmood/.ssh/known_hosts:1
debug2: bits set: 503/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1015
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1063
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/mahmood/.ssh/identity
((nil))
debug2: key: /home/mahmood/.ssh/id_rsa
((nil))
debug2: key: /home/mahmood/.ssh/id_dsa
((nil))
debug3: Wrote 64 bytes for a total of 1127
publickey,password,hostbased
debug3: start over, passed a different list
publickey,password,hostbased
debug3: preferred
gssapi-keyex,gssapi-with-mic,gssapi,hostbased,publickey,keyboard-interactive,password
debug3: authmethod_lookup hostbased
publickey,keyboard-interactive,password
debug3: authmethod_is_enabled hostbased
hostbased
debug2: userauth_hostbased: chost client.
debug2: ssh_keysign called
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug1: permanently_drop_suid: 1000
debug2: we sent a hostbased packet, wait for
reply
debug3: Wrote 608 bytes for a total of 1735
publickey,password,hostbased
debug2: userauth_hostbased: chost client.
debug2: ssh_keysign called
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug1: permanently_drop_suid: 1000
debug2: we sent a hostbased packet, wait for
reply
debug3: Wrote 672 bytes for a total of 2407
publickey,password,hostbased
debug1: No more client hostkeys for
hostbased
authentication.
debug2: we did not send a packet, disable
method
debug3: authmethod_lookup publickey
keyboard-interactive,password
debug3: authmethod_is_enabled publickey
publickey
/home/mahmood/.ssh/identity
/home/mahmood/.ssh/identity
/home/mahmood/.ssh/id_rsa
/home/mahmood/.ssh/id_rsa
/home/mahmood/.ssh/id_dsa
/home/mahmood/.ssh/id_dsa
debug2: we did not send a packet, disable
method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
Any idea about that?
// Naderan *Mahmood;
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people
normally
read text.
Q: Why is top-posting such a bad thing?
Asif Iqbal
2011-04-28 20:37:54 UTC
Permalink
Post by Mahmood Naderan
Post by Asif Iqbal
man ssh_config and look into PreferredAuthentications
...
HostbasedAuthentication yes
PreferredAuthentications hostbased,keyboard-interactive,password,publickey
...
restart was not necessary.
Post by Mahmood Naderan
OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to server [192.168.1.1] port 22.
debug1: connect to address 192.168.1.1 port 22: Connection refused
ssh: connect to host server port 22: Connection refused
if suggestion from Sharad did not help post the debug output of the
sshd as well.
Post by Mahmood Naderan
Post by Asif Iqbal
It could be a permissions issue.  Try 'chmod 600 ~/.shosts'.
I changed to 600 however still get the same prompt
// Naderan *Mahmood;
----- Original Message -----
Sent: Wednesday, April 27, 2011 11:38 PM
Subject: Re: problem with HostbasedAuthentication
Post by Asif Iqbal
Change the order method. Have hostbased before password
Sorry where should I do that?
man ssh_config and look into PreferredAuthentications
Post by Asif Iqbal
// Naderan *Mahmood;
Sent: Wednesday, April 27, 2011 9:17 AM
Subject: Re: problem with HostbasedAuthentication
Change the order method. Have hostbased before password
Hi,
I am trying to setup a hostbased passwrodless ssh from a client to a server using this guide http://www.ehow.com/how_7621307_set-up-hostbased-authentication.html.
   HostbasedAuthentication yes
   EnableSSHKeysign yes
HostbasedAuthentication yes
IgnoreRhosts no
client ssh-rsa AAAAB3Nz.....
client.domain mahmood
ssh start/running, process 1355
ssh start/running, process 28982
How, when I run "ssh -vvv server" from client (to show the verbose messages), I still get the password prompt.
OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to server [192.168.1.1] port 22.
debug1: Connection established.
debug1: identity file /home/mahmood/.ssh/identity type -1
debug1: identity file /home/mahmood/.ssh/id_rsa type -1
debug1: identity file /home/mahmood/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu4
debug1: match: OpenSSH_5.3p1 Debian-3ubuntu4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu6
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 831
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
md5-96
md5-96
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
md5-96
md5-96
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 855
debug2: dh_gen_key: priv key bits set: 124/256
debug2: bits set: 507/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 999
debug3: check_host_in_hostfile: filename /home/mahmood/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename /home/mahmood/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host 'server' is known and matches the RSA host key.
debug1: Found key in /home/mahmood/.ssh/known_hosts:1
debug2: bits set: 503/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1015
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1063
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/mahmood/.ssh/identity ((nil))
debug2: key: /home/mahmood/.ssh/id_rsa ((nil))
debug2: key: /home/mahmood/.ssh/id_dsa ((nil))
debug3: Wrote 64 bytes for a total of 1127
debug1: Authentications that can continue: publickey,password,hostbased
debug3: start over, passed a different list publickey,password,hostbased
debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,hostbased,publickey,keyboard-interactive,password
debug3: authmethod_lookup hostbased
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled hostbased
debug1: Next authentication method: hostbased
debug2: userauth_hostbased: chost client.
debug2: ssh_keysign called
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug1: permanently_drop_suid: 1000
debug2: we sent a hostbased packet, wait for reply
debug3: Wrote 608 bytes for a total of 1735
debug1: Authentications that can continue: publickey,password,hostbased
debug2: userauth_hostbased: chost client.
debug2: ssh_keysign called
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug1: permanently_drop_suid: 1000
debug2: we sent a hostbased packet, wait for reply
debug3: Wrote 672 bytes for a total of 2407
debug1: Authentications that can continue: publickey,password,hostbased
debug1: No more client hostkeys for hostbased authentication.
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/mahmood/.ssh/identity
debug3: no such identity: /home/mahmood/.ssh/identity
debug1: Trying private key: /home/mahmood/.ssh/id_rsa
debug3: no such identity: /home/mahmood/.ssh/id_rsa
debug1: Trying private key: /home/mahmood/.ssh/id_dsa
debug3: no such identity: /home/mahmood/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
Any idea about that?
// Naderan *Mahmood;
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Sharad
2011-04-28 08:46:46 UTC
Permalink
Sometimes the issue lies with hostname as well. What I mean with that is the known_hosts may have just the host name where as when the connection is established, the debug shows the FQDN. I faced this issue so to be sure, I edited the known_hosts file and inserted the hostname, hostname's FQDN and it's IP address (all comma separated).

Also ensure that you both the hosts' known_hosts files have opposite servers names (as prescribed above).

All the above checks makes it work for me.

Hope this solves.

Kind regards,
Sharad
Subject: Re: problem with HostbasedAuthentication
Date: Thursday, 28 April, 2011, 12:38 AM
On Wed, Apr 27, 2011 at 1:12 AM,
Change the order method. Have hostbased before
password
Sorry where should I do that?
man ssh_config and look into PreferredAuthentications
// Naderan *Mahmood;
Sent: Wednesday, April 27, 2011 9:17 AM
Subject: Re: problem with HostbasedAuthentication
Change the order method. Have hostbased before
password
Hi,
I am trying to setup a hostbased passwrodless ssh
from a client to a server using this guide http://www.ehow.com/how_7621307_set-up-hostbased-authentication.html.
"HostbasedAuthentication"
   HostbasedAuthentication yes
"EnableSSHKeysign"
   EnableSSHKeysign yes
grep "HostbasedAuthentication"
HostbasedAuthentication yes
grep "IgnoreRhosts"
IgnoreRhosts no
client ssh-rsa AAAAB3Nz.....
client.domain mahmood
Then on both server and client, the ssh service is
ssh start/running, process 1355
ssh start/running, process 28982
How, when I run "ssh -vvv server" from client (to
show the verbose messages), I still get the password
prompt.
OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k 25
Mar 2009
debug1: Reading configuration data
/etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to server [192.168.1.1] port
22.
debug1: Connection established.
debug1: identity file /home/mahmood/.ssh/identity
type -1
debug1: identity file /home/mahmood/.ssh/id_rsa
type -1
debug1: identity file /home/mahmood/.ssh/id_dsa
type -1
debug1: Remote protocol version 2.0, remote
software version OpenSSH_5.3p1 Debian-3ubuntu4
debug1: match: OpenSSH_5.3p1 Debian-3ubuntu4 pat
OpenSSH*
debug1: Enabling compatibility mode for protocol
2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1
Debian-3ubuntu6
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 831
debug1: SSH2_MSG_KEXINIT received
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
md5-96
md5-96
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-
md5-96
md5-96
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5
none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5
none
SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 855
debug2: dh_gen_key: priv key bits set: 124/256
debug2: bits set: 507/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 999
debug3: check_host_in_hostfile: filename
/home/mahmood/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename
/home/mahmood/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host 'server' is known and matches the RSA
host key.
debug1: Found key in
/home/mahmood/.ssh/known_hosts:1
debug2: bits set: 503/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1015
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1063
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/mahmood/.ssh/identity ((nil))
debug2: key: /home/mahmood/.ssh/id_rsa ((nil))
debug2: key: /home/mahmood/.ssh/id_dsa ((nil))
debug3: Wrote 64 bytes for a total of 1127
publickey,password,hostbased
debug3: start over, passed a different list
publickey,password,hostbased
debug3: preferred
gssapi-keyex,gssapi-with-mic,gssapi,hostbased,publickey,keyboard-interactive,password
debug3: authmethod_lookup hostbased
publickey,keyboard-interactive,password
debug3: authmethod_is_enabled hostbased
debug1: Next authentication method: hostbased
debug2: userauth_hostbased: chost client.
debug2: ssh_keysign called
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug1: permanently_drop_suid: 1000
debug2: we sent a hostbased packet, wait for
reply
debug3: Wrote 608 bytes for a total of 1735
publickey,password,hostbased
debug2: userauth_hostbased: chost client.
debug2: ssh_keysign called
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug1: permanently_drop_suid: 1000
debug2: we sent a hostbased packet, wait for
reply
debug3: Wrote 672 bytes for a total of 2407
publickey,password,hostbased
debug1: No more client hostkeys for hostbased
authentication.
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
/home/mahmood/.ssh/identity
/home/mahmood/.ssh/identity
/home/mahmood/.ssh/id_rsa
/home/mahmood/.ssh/id_rsa
/home/mahmood/.ssh/id_dsa
/home/mahmood/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
Any idea about that?
// Naderan *Mahmood;
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally
read text.
Q: Why is top-posting such a bad thing?
Mahmood Naderan
2011-04-30 04:57:06 UTC
Permalink
Try disabling KeySign and set it to no in the config files and restart SSHD. Try it again.
Seems to be solved. Thanks Sharad. It is now bidirectional.

// Naderan *Mahmood;


----- Original Message -----
From: Sharad <***@yahoo.com>
To: Mahmood Naderan <***@yahoo.com>
Cc:
Sent: Friday, April 29, 2011 9:41 PM
Subject: Re: problem with HostbasedAuthentication

Hello Mahmood,

Try disabling KeySign and set it to no in the config files and restart SSHD. Try it again.

Regards,
Sharad
Subject: Re: problem with HostbasedAuthentication
Date: Friday, 29 April, 2011, 5:31 PM
 
ssh stop/waiting
 
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 649
debug2: parse_server_config: config /etc/ssh/sshd_config
len 649
debug3: /etc/ssh/sshd_config:5 setting Port 22
debug3: /etc/ssh/sshd_config:9 setting Protocol 2
debug3: /etc/ssh/sshd_config:11 setting HostKey
/etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:12 setting HostKey
/etc/ssh/ssh_host_dsa_key
debug3: /etc/ssh/sshd_config:14 setting
UsePrivilegeSeparation yes
debug3: /etc/ssh/sshd_config:17 setting
KeyRegenerationInterval 3600
debug3: /etc/ssh/sshd_config:18 setting ServerKeyBits 768
debug3: /etc/ssh/sshd_config:21 setting SyslogFacility
AUTH
debug3: /etc/ssh/sshd_config:22 setting LogLevel INFO
debug3: /etc/ssh/sshd_config:25 setting LoginGraceTime 120
debug3: /etc/ssh/sshd_config:26 setting PermitRootLogin
yes
debug3: /etc/ssh/sshd_config:27 setting StrictModes yes
debug3: /etc/ssh/sshd_config:29 setting RSAAuthentication
yes
debug3: /etc/ssh/sshd_config:30 setting
PubkeyAuthentication yes
debug3: /etc/ssh/sshd_config:34 setting IgnoreRhosts no
debug3: /etc/ssh/sshd_config:36 setting
RhostsRSAAuthentication no
debug3: /etc/ssh/sshd_config:38 setting
HostbasedAuthentication yes
debug3: /etc/ssh/sshd_config:43 setting
PermitEmptyPasswords no
debug3: /etc/ssh/sshd_config:47 setting
ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:62 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:63 setting X11DisplayOffset
10
debug3: /etc/ssh/sshd_config:64 setting PrintMotd no
debug3: /etc/ssh/sshd_config:65 setting PrintLastLog yes
debug3: /etc/ssh/sshd_config:66 setting TCPKeepAlive yes
debug3: /etc/ssh/sshd_config:73 setting AcceptEnv LANG
LC_*
debug3: /etc/ssh/sshd_config:75 setting Subsystem sftp
/usr/lib/openssh/sftp-server
debug3: /etc/ssh/sshd_config:86 setting UsePAM yes
debug1: sshd version OpenSSH_5.3p1 Debian-3ubuntu6
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: Checking blacklist file
/usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file
/etc/ssh/blacklist.RSA-2048
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: Checking blacklist file
/usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file
/etc/ssh/blacklist.DSA-1024
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
 
 
While it is listenning, in another shell I ran
 
Then in the first terminal (which -ddd is on) I see
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging
mode.
debug3: send_rexec_state: entering fd = 8 config len 649
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.1.1 port 42036
debug1: Client protocol version 2.0; client software
version OpenSSH_5.3p1 Debian-3ubuntu4
debug1: match: OpenSSH_5.3p1 Debian-3ubuntu4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1
Debian-3ubuntu6
debug2: fd 3 setting O_NONBLOCK
debug2: Network child is on pid 2829
debug3: preauth child monitor started
debug3: mm_request_receive entering
debug3: privsep user:group 103:65534
debug1: permanently_set_uid: 103/65534
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 784 bytes for a total of 823
debug1: SSH2_MSG_KEXINIT received
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug3: mm_request_send entering: type 0
debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
debug3: mm_request_receive_expect entering: type 1
debug3: mm_request_receive entering
debug3: monitor_read: checking request 0
debug3: mm_answer_moduli: got parameters: 1024 1024 8192
debug3: mm_request_send entering: type 1
debug2: monitor_read: 0 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_choose_dh: remaining 0
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug3: Wrote 152 bytes for a total of 975
debug2: dh_gen_key: priv key bits set: 129/256
debug2: bits set: 504/1024
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 551/1024
debug3: mm_key_sign entering
debug3: mm_request_send entering: type 5
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
debug3: mm_request_receive_expect entering: type 6
debug3: mm_request_receive entering
debug3: monitor_read: checking request 5
debug3: mm_answer_sign
debug3: mm_answer_sign: signature 0x7f0bb6bdfbf0(271)
debug3: mm_request_send entering: type 6
debug2: monitor_read: 5 used once, disabling now
debug3: mm_request_receive entering
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 720 bytes for a total of 1695
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug3: Wrote 48 bytes for a total of 1743
debug1: userauth-request for user mahmood service
ssh-connection method none
debug1: attempt 0 failures 0
debug3: mm_getpwnamallow entering
debug3: mm_request_send entering: type 7
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
debug3: mm_request_receive_expect entering: type 8
debug3: mm_request_receive entering
debug3: monitor_read: checking request 7
debug3: mm_answer_pwnamallow
debug3: Trying to reverse map address 192.168.1.1.
debug2: parse_server_config: config reprocess config len
649
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 8
debug2: monitor_read: 7 used once, disabling now
debug3: mm_request_receive entering
debug2: input_userauth_request: setting up authctxt for
mahmood
debug3: mm_start_pam entering
debug3: mm_request_send entering: type 50
debug3: mm_inform_authserv entering
debug3: monitor_read: checking request 50
debug3: mm_request_send entering: type 3
debug1: PAM: initializing for "mahmood"
debug2: input_userauth_request: try method none
debug3: mm_auth_password entering
debug3: mm_request_send entering: type 11
debug3: mm_auth_password: waiting for
MONITOR_ANS_AUTHPASSWORD
debug3: mm_request_receive_expect entering: type 12
debug3: mm_request_receive entering
debug1: PAM: setting PAM_RHOST to "server"
debug1: PAM: setting PAM_TTY to "ssh"
debug2: monitor_read: 50 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 3
debug3: mm_answer_authserv: service=ssh-connection, style=,
role=
debug2: monitor_read: 3 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 11
debug3: mm_answer_authpassword: sending result 0
debug3: mm_request_send entering: type 12
Failed none for mahmood from 192.168.1.1 port 42036 ssh2
debug3: mm_request_receive entering
debug3: mm_auth_password: user not authenticated
debug3: Wrote 64 bytes for a total of 1807
 
 
 
and in the second shell that I used -vvv, I see
 
OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.3 [192.168.1.3] port 22.
debug1: Connection established.
debug1: identity file /home/mahmood/.ssh/identity type -1
debug1: identity file /home/mahmood/.ssh/id_rsa type -1
debug1: identity file /home/mahmood/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software
version OpenSSH_5.3p1 Debian-3ubuntu6
debug1: match: OpenSSH_5.3p1 Debian-3ubuntu6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1
Debian-3ubuntu4
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 831
debug1: SSH2_MSG_KEXINIT received
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)
sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 855
debug2: dh_gen_key: priv key bits set: 131/256
debug2: bits set: 551/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 999
debug3: check_host_in_hostfile: filename
/home/mahmood/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host '192.168.1.3' is known and matches the RSA
host key.
debug1: Found key in /home/mahmood/.ssh/known_hosts:1
debug2: bits set: 504/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1015
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1063
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/mahmood/.ssh/identity ((nil))
debug2: key: /home/mahmood/.ssh/id_rsa ((nil))
debug2: key: /home/mahmood/.ssh/id_dsa ((nil))
debug3: Wrote 64 bytes for a total of 1127
publickey,password,hostbased
debug3: start over, passed a different list
publickey,password,hostbased
debug3: preferred
gssapi-keyex,gssapi-with-mic,gssapi,hostbased,publickey,keyboard-interactive,password
debug3: authmethod_lookup hostbased
publickey,keyboard-interactive,password
debug3: authmethod_is_enabled hostbased
debug1: Next authentication method: hostbased
get_socket_address: getnameinfo 8 failed: Name or service
not known
debug2: userauth_hostbased: chost server.
debug2: ssh_keysign called
debug3: ssh_msg_send: type 2
debug3: ssh_msg_recv entering
debug1: permanently_drop_suid: 1000
get_socket_address: getnameinfo 8 failed: Name or service
not known
cannot get sockname for fd
ssh_keysign: no reply
key_sign failed
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/mahmood/.ssh/identity
debug3: no such identity: /home/mahmood/.ssh/identity
debug1: Trying private key: /home/mahmood/.ssh/id_rsa
debug3: no such identity: /home/mahmood/.ssh/id_rsa
debug1: Trying private key: /home/mahmood/.ssh/id_dsa
debug3: no such identity: /home/mahmood/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
 
Hope that is the correct information you need.
Thanks.
 
// Naderan *Mahmood;
Loading...