CANNOT SSH to my computer

Loren M. Lang lorenl at alzatex.com
Fri Nov 19 01:20:21 PST 2004 

On Thu, Nov 18, 2004 at 07:43:50PM -0500, Ivan Georgiev wrote:
> On Thursday 18 November 2004 07:08 pm, Lowell Gilbert wrote:
> > Ivan Georgiev <georgiev at vt.edu> writes:
> > > On Thursday 18 November 2004 06:00 pm, Sebastian Holmqvist wrote:
> > > > On Thu, 18 Nov 2004 17:44:05 -0500, Ivan Georgiev <georgiev at vt.edu> 
> wrote:
> > > > > On Thursday 18 November 2004 08:42 am, Sebastian Holmqvist wrote:
> > > > > > On Thu, 18 Nov 2004 13:26:05 +0000, Daniel Bye
> > > > > >
> > > > > > <freebsd-questions at slightlystrange.org> wrote:
> > > > > > > On Thu, Nov 18, 2004 at 07:49:03AM -0500, Ivan Georgiev wrote:
> > > > > > > > I changed PasswordAuthentication to 'yes' and this time it asks
> > > > > > > > me 6 times for my password (3 times beginning with "Password:"
> > > > > > >
> > > > > > > You can disable these first three by changing
> > > > > > > ChallengeResponseAuthentication to no.
> > > > > > >
> > > > > > > > and another 3 times with "Password for xxxx at yyy.yyy.yyy.yyy)
> > > > > > > > and rejects me again with the same message from sshd.
> > > > > > >
> > > > > > > Sounds like a silly question, I know, but are you typing your
> > > > > > > password correctly?  For example, is your local keymap sending
> > > > > > > the right characters to the server?
> > > > > > >
> > > > > > > > Adding more verbosity didn't help me to understand the problem.
> > > > > > > > I also noticed that my ida_dsa.pub key ends with "ivan@" .
> > > > > > > > Usualy I have seen it ending with "someone at some_address_here".
> > > > > > > > Is this a problem?
> > > > > > >
> > > > > > > No, I don't think so.  It is just a convenient identifier for
> > > > > > > human consumption - it's somewhat easier to use the last little
> > > > > > > bit of the key than to try and remember the whole keyblock!
> > > > > > >
> > > > > > > Have you copied ida_dsa.pub from the client machine to your
> > > > > > > ~/.ssh/authorized_keys file on the server?
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Dan
> > > > > > >
> > > > > > > --
> > > > > > > Daniel Bye
> > > > > > >
> > > > > > > PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc
> > > > > > > PGP Key fingerprint: 3B9D 8BBB EB03 BA83 5DB4 3B88 86FC F03A 90A1
> > > > > > > BE8F _ ASCII ribbon campaign ( ) - against HTML, vCards and  X -
> > > > > > > proprietary attachments in e-mail / \
> > > > > >
> > > > > > Sure you have changed your keymap?
> > > > > >
> > > > > > And sorry if I misunderstood, are you trying to ssh to the computer
> > > > > > you're sitting on?
> > > > >
> > > > > I do not think I have done any changes to the keymap. And, yes, I am
> > > > > trying to connect to the computer I am sitting on plus have tried to
> > > > > connect from my office computer. In both cases no luck.
> > > > >
> > > > > I will appreciate if you can help me to resolve the issue.
> > > > >
> > > > > Thanks,
> > > > >
> > > > >
> > > > > Ivan
> > > >
> > > > When you connect from the office-computer, what happends?
> > >
> > > As I said - rejects with Permission denied and a message the log:
> > > sshd[25413]: Failed password for ivan from MY_OFFICE_COMPUTER_ADDRESS
> > > port 44517 ssh2
> >
> > Try "ssh -v" (and if that doesn't tell you enough, "ssh -vv") and look
> > at the debug output when it asks for and rejects the password.  If that
> > doesn't give you more of a clue, try doing the equivalent with sshd.

I'm curious, could this be a pam configuration problem?  What version of
FreeBSD did you say you were using?  5.x and newer I believe rely on pam
which is configured in /etc/pam.d/.  There should be one file per
service in there, for example, sshd configures the authentication for
the ssh daemon.  Look through that and see if it could be
mis-configured.

> 
> I have tried that already but cannot understand where the problem is. Here is 
> small part of the sshd log:
> ....
> debug1: userauth-request for user ivan service ssh-connection method password
> debug1: attempt 5 failures 4
> debug2: input_userauth_request: try method password
> debug3: mm_auth_password entering
> debug3: mm_request_send entering: type 10
> debug3: monitor_read: checking request 10
> debug3: mm_answer_authpassword: sending result 1
> debug3: mm_request_send entering: type 11
> debug3: mm_request_receive_expect entering: type 46
> debug3: mm_request_receive entering
> debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
> debug3: mm_request_receive_expect entering: type 11
> debug3: mm_request_receive entering
> debug3: mm_auth_password: user authenticated
> debug3: mm_do_pam_account entering
> debug3: mm_request_send entering: type 46
> debug3: mm_request_send entering: type 47
> Failed password for ivan from XXX.XXX.XXX.XXX port 55958 ssh2
> debug3: mm_request_receive entering
> debug3: mm_request_receive_expect entering: type 47
> debug3: mm_request_receive entering
> debug3: mm_do_pam_account returning 0
> Failed password for ivan from XXX.XXX.XXX.XXX port 55958 ssh2
> Connection closed by XXX.XXX.XXX.XXX
> debug1: do_cleanup
> debug1: PAM: cleanup
> debug3: PAM: sshpam_thread_cleanup entering
> debug1: do_cleanup
> debug1: PAM: cleanup
> debug3: PAM: sshpam_thread_cleanup entering
> ....
> 
> and from ssh -vvv 
> ....
> ivan at XXX.XXX.XXX.XXX's password:
> debug3: packet_send2: adding 64 (len 59 padlen 5 extra_pad 64)
> debug2: we sent a password packet, wait for reply
> debug1: Authentications that can continue: publickey,password
> debug2: we did not send a packet, disable method
> debug1: No more authentication methods to try.
> Permission denied (publickey,password).
> ....
> 
> Thank you for looking at this,
> Ivan
> 
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

-- 
I sense much NT in you.
NT leads to Bluescreen.
Bluescreen leads to downtime.
Downtime leads to suffering.
NT is the path to the darkside.
Powerful Unix is.

Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc
Fingerprint: B3B9 D669 69C9 09EC 1BCD  835A FAF3 7A46 E4A3 280C

More information about the freebsd-questions mailing list