openssh problem after going from 5.2.1 to 5.3-beta7
Ulf Zimmermann
ulf at Alameda.net
Mon Oct 11 11:49:14 PDT 2004
Never mind, /usr/src/UPDATING:
20040226:
Some sshd configuration defaults have changed: protocol version 1
is no longer enabled by default, and password authentication is
disabled by default if PAM is enabled (which it is by default).
OpenSSH clients should not be affected by this; other clients may
have to be reconfigured, upgraded or replaced.
On Mon, Oct 11, 2004 at 11:48:06AM -0700, Ulf Zimmermann wrote:
> I have a HP DL380g3 I was running 5.2.1-REL on (I think it was on -p9).
> I did a source upgrade to 5.3-beta7, including mergemaster -p, followed
> by mergemaster which did upgrade /etc/ssh/sshd_config.
>
> When I am now trying to connect from SecureCRT, I get:
>
> SecureCRT has disconnected from the server. Reason: Unable to authenticate
> using any of the configured authentication methods.
>
> Using ssh from another machine (in this case 4.10-p2) works correctly.
> Here is a "-d -p 23" output to capture debug:
>
> evil root /var/log # sshd -d -p 23
> debug1: sshd version OpenSSH_3.8.1p1 FreeBSD-20040419
> debug1: read PEM private key done: type DSA
> debug1: private host key: #0 type 2 DSA
> debug1: Bind to port 23 on ::.
> Server listening on :: port 23.
> debug1: Bind to port 23 on 0.0.0.0.
> Server listening on 0.0.0.0 port 23.
> debug1: Server will not fork when running in debugging mode.
> debug1: res_init()
> Connection from 172.18.42.241 port 4340
> debug1: Client protocol version 2.0; client software version SecureCRT_4.1.7 (build 257) SecureCRT
> debug1: no match: SecureCRT_4.1.7 (build 257) SecureCRT
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 FreeBSD-20040419
> debug1: permanently_set_uid: 22/22
> debug1: list_hostkey_types: ssh-dss
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
> debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
> debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: KEX done
> debug1: userauth-request for user ulf service ssh-connection method none
> debug1: attempt 0 failures 0
> debug1: PAM: initializing for "ulf"
> Failed none for ulf from 172.18.42.241 port 4340 ssh2
> debug1: PAM: setting PAM_RHOST to "172.18.42.241"
> Received disconnect from 172.18.42.241: 14: Unable to authenticate using any of the configured authentication methods.
> debug1: do_cleanup
> debug1: PAM: cleanup
> debug1: do_cleanup
> debug1: PAM: cleanup
>
> SecureCRT profile is protocol ssh2, authentication password (which
> was saved, I unsaved it, it never prompts for password). SSH2 config
> is no compression, Cipher AES-128, AES-192, AES-256, Twofish, Blowfish,
> 3DES and RC4. MAC is MD5, SHA1, SHA1-96 and MD5-96. SSH server is set
> to autodetect, selecting another server doesn't change it.
>
> Anyone have an idea what the problem might be?
>
> --
> Regards, Ulf.
>
> ---------------------------------------------------------------------
> Ulf Zimmermann, 1525 Pacific Ave., Alameda, CA-94501, #: 510-865-0204
> You can find my resume at: http://seven.Alameda.net/~ulf/resume.html
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>
--
Regards, Ulf.
---------------------------------------------------------------------
Ulf Zimmermann, 1525 Pacific Ave., Alameda, CA-94501, #: 510-865-0204
You can find my resume at: http://seven.Alameda.net/~ulf/resume.html
More information about the freebsd-hackers
mailing list