Mailing List Archive

Gene,

I can't find your previous post in my mailbox. Did it have some more
information than this one? Which platform(s) you running on would be
helpful. The version(s) of openssh would be useful too.

If you're using Solaris or Linux and running PAM, it's possible that you
haven't installed the PAM support file, included in the
distribution. See INSTALL for details.

Ta,
-Andre


On Fri, Jan 14, 2000 at 03:51:53PM -0600, Gene Imes wrote:
>
> I may have posted this before but got no reply.
>
> I run sshd -d and try to login from another machine and this is what
> happens:
>
> gene@bubba:/usr/include/asm> sudo sshd -d
> Password:
> debug: sshd version OpenSSH-1.2.1
> Server listening on port 22.
> Generating 768 bit RSA key.
> RSA key generation complete.
> debug: Server will not fork when running in debugging mode.
> Connection from 216.131.4.131 port 1023
> debug: Client protocol version 1.5; client software version 1.2.27
> debug: Sent 768 bit public key and 1024 bit host key.
> debug: Encryption type: 3des
> debug: Received session key; encryption turned on.
> debug: Installing crc compensation attack detector.
> debug: Attempting authentication for gene.
> Failed password for gene from 216.131.4.131 port 1023
> Connection closed by 216.131.4.131
> debug: Calling cleanup 0x805724c(0x0)
>
> The password is correct though.
>
> Please email me a reply, I am not subscribed.
>
> Thanks,
>
> ::::: Gene Imes http://www.ozob.net :::::
>

--
Andre Lucas <andre.lucas@dial.pipex.com>
http://dspace.dial.pipex.com/andre.lucas/

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 14 Jan 2000, Gene Imes wrote:

>
> I may have posted this before but got no reply.
>
> I run sshd -d and try to login from another machine and this is what
> happens:

You will need to supply a lot more information. What OS are you
using? What options OpenSSH was compiled with? Are you using PAM?
Shadowed passwords? NIS?

Regards,
Damien Miller

- --
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE4gP4KormJ9RG1dI8RApelAKCdJf1QAUEsKCYc8rfHlzZHvzy8WACfeRt9
c78j3wwYPmSRQyVtmTElR1I=
=f+lW
-----END PGP SIGNATURE-----

On Sat, 15 Jan 2000, Andre Lucas wrote:

> Gene,
>
> I can't find your previous post in my mailbox. Did it have some more
> information than this one? Which platform(s) you running on would be
> helpful. The version(s) of openssh would be useful too.

Ok, I am a nitwit. I compiled openssh-1.2.1pre25.tar.gz with
openssl-0.9.4.tar.gz on a Slackware 7.0 Linux box.

>
> If you're using Solaris or Linux and running PAM, it's possible that you
> haven't installed the PAM support file, included in the
> distribution. See INSTALL for details.
>

I don't use PAM. The original details are below.

Thanks for the help.



> On Fri, Jan 14, 2000 at 03:51:53PM -0600, Gene Imes wrote:
> >
> > I run sshd -d and try to login from another machine and this is what
> > happens:
> >
> > gene@bubba:/usr/include/asm> sudo sshd -d
> > Password:
> > debug: sshd version OpenSSH-1.2.1
> > Server listening on port 22.
> > Generating 768 bit RSA key.
> > RSA key generation complete.
> > debug: Server will not fork when running in debugging mode.
> > Connection from 216.131.4.131 port 1023
> > debug: Client protocol version 1.5; client software version 1.2.27
> > debug: Sent 768 bit public key and 1024 bit host key.
> > debug: Encryption type: 3des
> > debug: Received session key; encryption turned on.
> > debug: Installing crc compensation attack detector.
> > debug: Attempting authentication for gene.
> > Failed password for gene from 216.131.4.131 port 1023
> > Connection closed by 216.131.4.131
> > debug: Calling cleanup 0x805724c(0x0)
> >
> > The password is correct though.
> >
> > Please email me a reply, I am not subscribed.
> >
> > Thanks,
> >

::::: Gene Imes http://www.ozob.net :::::

On Sun, 16 Jan 2000, Damien Miller wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Fri, 14 Jan 2000, Gene Imes wrote:
>
> >
> > I may have posted this before but got no reply.
> >
> > I run sshd -d and try to login from another machine and this is what
> > happens:
>
> You will need to supply a lot more information. What OS are you
> using? What options OpenSSH was compiled with? Are you using PAM?
> Shadowed passwords? NIS?
>
> Regards,
> Damien Miller
>

Sorry for the lack of details.

This is what happens:

root@bubba:/usr/src/openssh-1.2.1pre25# sshd -d
debug: sshd version OpenSSH-1.2.1
Server listening on port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug: Server will not fork when running in debugging mode.
Connection from 216.131.4.131 port 1023
debug: Client protocol version 1.5; client software version 1.2.27
debug: Sent 768 bit public key and 1024 bit host key.
debug: Encryption type: 3des
debug: Received session key; encryption turned on.
debug: Installing crc compensation attack detector.

I try to login from remote machine:

debug: Attempting authentication for gene.
Failed password for gene from 216.131.4.131 port 1023
Connection closed by 216.131.4.131
debug: Calling cleanup 0x805724c(0x0)

sshd terminates.

On remote machine:

Permission denied.


I compiled openssh-1.2.1pre25.tar.gz with openssl-0.9.4.tar.gz and
configured openssh like so:

./configure --prefix=/usr --sysconfdir=/etc --without-pam

This is on a Slackware 7.0 Linux box, no PAM, with shadowed passwords, and
no NIS.

Thanks for any help.

::::: Gene Imes http://www.ozob.net :::::

On Wed, 19 Jan 2000, Gene Imes wrote:

> I compiled openssh-1.2.1pre25.tar.gz with openssl-0.9.4.tar.gz and
> configured openssh like so:
>
> ./configure --prefix=/usr --sysconfdir=/etc --without-pam
>
> This is on a Slackware 7.0 Linux box, no PAM, with shadowed
> passwords, and no NIS.

Are you using MD5 passwords? You can tell if your crypted passwords
in /etc/shadow begin with '$1$'. If so, you need to enable
--with-md5-passwords

Damien

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)

On Mon, 27 Mar 2000, James Thompson wrote:

> On Mon, 27 Mar 2000, Paul Thomas wrote:
>
> > Hi,
> >
> > If there is a place to post this, please advise, but I am stuck. I
> > have recently installed openssh-1.2.3 on a Red Hat 6.1 installation.
> > Everything compile ok but I don't get no password auththenticcation.
>
> Did you remember to copy the sshd.pam file in contrib/redhat/sshd.pam to
> /etc/pam.d/ssh?

No, I didn't do that but now I just did and still no go. I recompiled
ssh without PAM support to try and simplify things somewhat.

I just changed the LogLevel from INFO to DEBUG in sshd_config and
restarted sshd, but the logging has not become more verbose or
if logging is not in /var/log/messages, I don't know where the
logging is being written to.

Thanks,

--Paul T.


--
'...if clones are outlawed then only outlaws will have clones...'

On Mon, 27 Mar 2000, Paul Thomas wrote:

> No, I didn't do that but now I just did and still no go. I recompiled
> ssh without PAM support to try and simplify things somewhat.
>
> I just changed the LogLevel from INFO to DEBUG in sshd_config and
> restarted sshd, but the logging has not become more verbose or
> if logging is not in /var/log/messages, I don't know where the
> logging is being written to.

The easiest way to get verbose debugging is to run sshd in debug
mode:

ssh -d -p 2222

Will start a sshd in the foreground with all logs going to stderr
listening on port 2222. You can then connect to it with:

ssh -p 2222 localhost

Regards,
Damien Miller

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)

On Wed, 29 Mar 2000, Damien Miller wrote:

> The easiest way to get verbose debugging is to run sshd in debug
> mode:
>
> ssh -d -p 2222
>
> Will start a sshd in the foreground with all logs going to stderr
> listening on port 2222. You can then connect to it with:
>
> ssh -p 2222 localhost

Thanks Damien,

I took your suggestion and the error message is still the
same basically. Here is what happens:

[root@chime etc]# /usr/local/sbin/sshd -d -p 2222
debug: sshd version OpenSSH-1.2.3
debug: Bind to port 2222 on 0.0.0.0.
Server listening on 0.0.0.0 port 2222.
Generating 768 bit RSA key.
RSA key generation complete.
debug: Server will not fork when running in debugging mode.
Connection from 127.0.0.1 port 1053
debug: Client protocol version 1.5; client software version OpenSSH-1.2.3
debug: Sent 768 bit public key and 1024 bit host key.
debug: Encryption type: 3des
debug: Received session key; encryption turned on.
debug: Installing crc compensation attack detector.
debug: Attempting authentication for paul.
Failed password for paul from 127.0.0.1 port 1053
Failed password for paul from 127.0.0.1 port 1053


[paul@chime paul]$ ssh -p 2222 localhost
paul@localhost's password:
Permission denied, please try again.
paul@localhost's password:
Permission denied, please try again.
paul@localhost's password:


Also, I don't know if it is related, but if I try to login
via openssh to the localhost machine by hostname or other
hosts with a working sshd in place, I get the following
error message that gets stuck in a loop:

[paul@chime paul]$ ssh chime.cuenet.com
The authenticity of host 'chime.cuenet.com' can't be established.
Key fingerprint is 1024 5c:cf:16:4c:34:80:32:bd:e5:05:2f:1e:a5:fe:08:7e.
Are you sure you want to continue connecting (yes/no)? n
The authenticity of host 'chime.cuenet.com' can't be established.
Key fingerprint is 1024 5c:cf:16:4c:34:80:32:bd:e5:05:2f:1e:a5:fe:08:7e.
Are you sure you want to continue connecting (yes/no)? n
The authenticity of host 'chime.cuenet.com' can't be established.
Key fingerprint is 1024 5c:cf:16:4c:34:80:32:bd:e5:05:2f:1e:a5:fe:08:7e.
Are you sure you want to continue connecting (yes/no)? n
The authenticity of host 'chime.cuenet.com' can't be established.
Key fingerprint is 1024 5c:cf:16:4c:34:80:32:bd:e5:05:2f:1e:a5:fe:08:7e.
Are you sure you want to continue connecting (yes/no)?


Maybe Openssh is not ready for the production environment?

Thanks,

--Paul T.




--
'...if clones are outlawed then only outlaws will have clones...'

On Wed, Mar 29, 2000 at 10:52:09AM -0800, Paul Thomas wrote:
> On Wed, 29 Mar 2000, Mate Wierdl wrote:
>
> > On Tue, Mar 28, 2000 at 04:46:31PM -0800, Paul Thomas wrote:
> > > On Tue, 28 Mar 2000, Mate Wierdl wrote:
> > >
> > > > You can then just look at the spec file for the openss{h,l} srpm's to
> > > > see what to do to compile.
> > >
> > > You may have missed my original post, it compiles fine. Sshd is
> > > not able to find passwords for some reason and the logging
> > > feature in sshd_config does not seem to work in VERBOSE or
> > > DEBUG mode so I don't get very good error messages to work
> > > with.
> >
> > No I did not miss it, but I was not precise either. I meant to say:
> > look at the spec file to see *how* to compile to make openss{h,l}
> > work.
>
> Thanks for your time but you are not addressing my question(s)
> about openssh. Like I previously stated to you, my RH product
> contains no references to ssh anything due to licenesing restrictions
> (RSA?).

Perhaps at this point you want to tell the list how you configured/compiled
openss{h,l}. Seeing the exact command lines can give us hints.

Also, describing your system exactly can help, since we run openssh on
all kinds of systems. I am running it on Solaris 2.6, 2.7, and Redhat
Linux 5.2, 6.0, 6.1, 6.2beta installed from customized rpms that do
not use rsaref.

>
> My questions have been concerned with how to enable debugging,
> etc. in openssh.

Part of the debugging is provided by openssh, but in your case you may
need the mailinglist as well. But I think more info about your setup
is needed.

> If openssh is as flakey as it appears to be so
> far and lacks an adequate support/user base as it seems to, then
> it is a something I may want to avoid.

It certainly is not flaky, only the porting to various platforms
requires smoothing out.

>
> I am well aware I can ask RH about RH products.
>

Are you talking about RH=Redhat ? If that is the case, what does
openssh have to do with RedHat?

On Wed, 29 Mar 2000, Mate Wierdl wrote:

> Perhaps at this point you want to tell the list how you configured/compiled
> openss{h,l}. Seeing the exact command lines can give us hints.

I provided that info in my original post. I will be happy to provide
any further details to anyone who requests something specific so
as not to inundate the list with needless posts/information.

> Also, describing your system exactly can help, since we run openssh on
> all kinds of systems. I am running it on Solaris 2.6, 2.7, and Redhat
> Linux 5.2, 6.0, 6.1, 6.2beta installed from customized rpms that do
> not use rsaref.

See above comment.

> Part of the debugging is provided by openssh, but in your case you may
> need the mailinglist as well. But I think more info about your setup
> is needed.

Duh, please refer once again to my previous post(s) to the _mailinglist_.

> > I am well aware I can ask RH about RH products.
> >
>
> Are you talking about RH=Redhat ? If that is the case, what does
> openssh have to do with RedHat?

Yes, RH refers to Red Hat. Openssh does not have anything to do with
Red Hat and that is what I was telling you in a private email becuase
you are sending me private emails referring me to Red Hat for info
on how to compile Openssh on a Red Hat product.

I will thank you not to further forward my private emails to you
to this or any other mailing lists and at this point do not desire
to correspond with your further as your correspondance so far has
had nothing to do with my situation with Openssh.

Thanks,

--Paul T.

--
'...if clones are outlawed then only outlaws will have clones...'

On Wed, Mar 29, 2000 at 12:55:25PM -0800, Paul Thomas wrote:
> On Wed, 29 Mar 2000, Mate Wierdl wrote:
>
> > Perhaps at this point you want to tell the list how you configured/compiled
> > openss{h,l}. Seeing the exact command lines can give us hints.
>
> I provided that info in my original post. I will be happy to provide
> any further details to anyone who requests something specific so
> as not to inundate the list with needless posts/information.

I am aware of your original post; it is

http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=95421642721481&w=2

and I cannot find the line where you told us how you ran
configure/make of openssh, and config/make for openssl.

>
> > Also, describing your system exactly can help, since we run openssh on
> > all kinds of systems. I am running it on Solaris 2.6, 2.7, and Redhat
> > Linux 5.2, 6.0, 6.1, 6.2beta installed from customized rpms that do
> > not use rsaref.
>
> See above comment.

Saying RH 6.1 is not enough obviously, since many of us run openssh on
RH 6.1 without a glitch. So there must be something about your setup
that is special---or the way you compiled openss{h,l}.

>
> Yes, RH refers to Red Hat. Openssh does not have anything to do with
> Red Hat and that is what I was telling you in a private email becuase
> you are sending me private emails referring me to Red Hat for info
> on how to compile Openssh on a Red Hat product.

I have never referred you to RH. I told you to look at the openssh
and openssl rpm packages *made by openssh's maintainer*. In
particular, to look at the spec file, which would tell you how openssh
can be compiled to make it work for sure on RH systems.

You decided not to use the rpms, and compile the progs yourself, but I
thought it is important info to those on the list who are trying to
help you to see that you are not using the "standard" rpm installation
on your RH system. Hence I forwarded part of our conversation to the
openssh list.

I think in this case, you got upset, because you wanted to figure out
what is wrong with your ssh setup by reading logs and running ssh in
debug mode, while I suggested to go back one step, and see how you
compiled ssh in the first place.

Best,

Mate
---
Mate Wierdl | Dept. of Math. Sciences | University of Memphis

On Thu, 30 Mar 2000, Damien Miller wrote:

> Have you tried the RPM versions? I build these myself on Redhat 6.1
> and they work perfectly. If you want to rebuild from source, consider
> rebuilding the SRPM.

For one thing there does not seem to be an Openssh RPM included
in my 6.1 distribution CD's and there is no reference to it
in the texts they supply with that product. Besides, this is not
going to help better understand Openssh, I also need to do an
install on a couple older Slackware machines.

Thanks, but maybe the old ssh-1.2.17 is adequate for basic
functions. I have not had any trouble with it whatsoever to
date.

Cheers,

--Paul T.

--
'...if clones are outlawed then only outlaws will have clones...'

Paul, i think you misunderstand. The OpenSSH RPMs are not provided by
Red Hat. They're built by Damien Miller (who also coordinates the
non-BSD port of OpenSSH) and are available in the same location you
downloaded the OpenSSH source from.

I don't think anyone here is trying to waste your time or imply anything
about your level of knowledge or intelligence; they're mostly trying to
understand the nature of the problem you're experiencing.

Since Damien builds OpenSSH and uses it on Red Hat Linux 6.1 systems,
there must be something funky about either the configuration of your
system or the way you configured and compiled OpenSSH. Please help us
help you and discover what the differences are.

--
jim knoble
jmknoble@pobox.com

På 2000-Mar-29 klokka 14:46:30 -0800 skrivet Paul Thomas:

: For one thing there does not seem to be an Openssh RPM included
: in my 6.1 distribution CD's and there is no reference to it
: in the texts they supply with that product. Besides, this is not
: going to help better understand Openssh, I also need to do an
: install on a couple older Slackware machines.
:
: Thanks, but maybe the old ssh-1.2.17 is adequate for basic
: functions. I have not had any trouble with it whatsoever to
: date.

On Wed, Mar 29, 2000 at 11:04:24AM -0800, Paul Thomas wrote:
> Also, I don't know if it is related, but if I try to login
> via openssh to the localhost machine by hostname or other
> hosts with a working sshd in place, I get the following
> error message that gets stuck in a loop:
>
> [paul@chime paul]$ ssh chime.cuenet.com
> The authenticity of host 'chime.cuenet.com' can't be established.
> Key fingerprint is 1024 5c:cf:16:4c:34:80:32:bd:e5:05:2f:1e:a5:fe:08:7e.
> Are you sure you want to continue connecting (yes/no)? n
> The authenticity of host 'chime.cuenet.com' can't be established.
> Key fingerprint is 1024 5c:cf:16:4c:34:80:32:bd:e5:05:2f:1e:a5:fe:08:7e.
> Are you sure you want to continue connecting (yes/no)? n
> The authenticity of host 'chime.cuenet.com' can't be established.
> Key fingerprint is 1024 5c:cf:16:4c:34:80:32:bd:e5:05:2f:1e:a5:fe:08:7e.
> Are you sure you want to continue connecting (yes/no)? n
> The authenticity of host 'chime.cuenet.com' can't be established.
> Key fingerprint is 1024 5c:cf:16:4c:34:80:32:bd:e5:05:2f:1e:a5:fe:08:7e.
> Are you sure you want to continue connecting (yes/no)?

This is an important question, so you are supposed
to answer with 'yes' or 'no'

> Maybe Openssh is not ready for the production environment?

why not?

-markus