Mailinglist Archive: opensuse-security (128 mails)

< Previous Next >
Re: [opensuse-security] ssh-ing to an old suse.
  • From: "Carlos E. R." <robin.listas@xxxxxxxxxxxxxx>
  • Date: Mon, 19 Nov 2007 21:16:21 +0100 (CET)
  • Message-id: <alpine.LSU.0.9999.0711192044480.19087@xxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The Monday 2007-11-19 at 14:54 +0100, Lukas Ocilka wrote:

Try this:

ssh -v telperion.valinor

or even

ssh -vv telperion.valinor

Debug output should tell you more.

Ah, I forgot that one.

Ok, single "-v":

cer@nimrodel:~> ssh -v telperion.valinor OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /home/cer/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to telperion.valinor [192.168.1.11] port 22.
debug1: Connection established.
debug1: identity file /home/cer/.ssh/id_rsa type 1
debug1: identity file /home/cer/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'telperion.valinor' is known and matches the DSA host key.
debug1: Found key in /home/cer/.ssh/known_hosts:13
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received




And there it stops. Lets try double -vv.



cer@nimrodel:~> ssh -vv telperion.valinor OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /home/cer/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to telperion.valinor [192.168.1.11] port 22.
debug1: Connection established.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/cer/.ssh/id_rsa type 1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/cer/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib
debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib
debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@xxxxxxxxxxxxxx
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@xxxxxxxxxxxxxx
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 145/256
debug2: bits set: 530/1026
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'telperion.valinor' is known and matches the DSA host key.
debug1: Found key in /home/cer/.ssh/known_hosts:13
debug2: bits set: 510/1026
debug1: ssh_dss_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received


I have also enabled debug mode in the server side (7.3). I'll have to do tricks
to paste the server log here...

[...] (scp-ing /var/log/messages from 7.3 to 10.3)

Importing server side log:

Nov 19 21:08:39 telperion sshd[2387]: Connection closed by ::ffff:192.168.1.12
Nov 19 21:09:39 telperion sshd[2388]: Connection closed by ::ffff:192.168.1.12
Nov 19 21:12:05 telperion sshd[974]: Received signal 15; terminating.
Nov 19 21:12:06 telperion sshd[2414]: debug1: Bind to port 22 on ::.
Nov 19 21:12:06 telperion sshd[2414]: Server listening on :: port 22.
Nov 19 21:12:06 telperion sshd[2414]: debug1: Bind to port 22 on 0.0.0.0.
Nov 19 21:12:06 telperion sshd[2414]: error: Bind to port 22 on 0.0.0.0 failed:
Address already in use.
Nov 19 21:12:06 telperion sshd[2414]: Generating 768 bit RSA key.
Nov 19 21:12:07 telperion sshd[2414]: RSA key generation complete.
Nov 19 21:12:26 telperion sshd[2422]: Connection from ::ffff:192.168.1.12 port
29244
Nov 19 21:12:26 telperion sshd[2414]: debug1: Forked child 2422.
Nov 19 21:12:26 telperion sshd[2422]: debug1: Client protocol version 2.0;
client software version OpenSSH_4.6
Nov 19 21:12:26 telperion sshd[2422]: debug1: match: OpenSSH_4.6 pat ^OpenSSH
Nov 19 21:12:26 telperion sshd[2422]: Enabling compatibility mode for protocol
2.0
Nov 19 21:12:26 telperion sshd[2422]: debug1: Local version string
SSH-1.99-OpenSSH_2.9p2
Nov 19 21:12:26 telperion sshd[2422]: debug1: Rhosts Authentication disabled,
originating port not trusted.
Nov 19 21:12:26 telperion sshd[2422]: debug1: list_hostkey_types: ssh-dss
Nov 19 21:12:26 telperion sshd[2422]: debug1: SSH2_MSG_KEXINIT sent
Nov 19 21:12:26 telperion sshd[2422]: debug1: SSH2_MSG_KEXINIT received
Nov 19 21:12:26 telperion sshd[2422]: debug1: kex: client->server aes128-cbc
hmac-md5 none
Nov 19 21:12:26 telperion sshd[2422]: debug1: kex: server->client aes128-cbc
hmac-md5 none
Nov 19 21:12:26 telperion sshd[2422]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST
received
Nov 19 21:12:26 telperion sshd[2422]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Nov 19 21:12:26 telperion sshd[2422]: debug1: dh_gen_key: priv key bits set:
122/256
Nov 19 21:12:26 telperion sshd[2422]: debug1: bits set: 531/1026
Nov 19 21:12:26 telperion sshd[2422]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Nov 19 21:12:26 telperion sshd[2422]: debug1: bits set: 525/1026
Nov 19 21:12:26 telperion sshd[2422]: debug1: sig size 20 20
Nov 19 21:12:26 telperion sshd[2422]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Nov 19 21:12:26 telperion sshd[2422]: debug1: kex_derive_keys
Nov 19 21:12:26 telperion sshd[2422]: debug1: newkeys: mode 1
Nov 19 21:12:26 telperion sshd[2422]: debug1: SSH2_MSG_NEWKEYS sent
Nov 19 21:12:26 telperion sshd[2422]: debug1: waiting for SSH2_MSG_NEWKEYS
Nov 19 21:12:26 telperion sshd[2422]: debug1: newkeys: mode 0
Nov 19 21:12:26 telperion sshd[2422]: debug1: SSH2_MSG_NEWKEYS received
Nov 19 21:12:26 telperion sshd[2422]: debug1: KEX done
Nov 19 21:13:09 telperion sshd[2422]: Connection closed by ::ffff:192.168.1.12
Nov 19 21:13:09 telperion sshd[2422]: debug1: Calling cleanup 0x8068e70(0x0)
Nov 19 21:14:32 telperion login: FAILED LOGIN 1 FROM /dev/tty2 FOR cer,
Authentication failure


(the connection closes when I type ^C)


Well, it seems that it is the client side, 10.3, which is stuck. Both logs are very similar, I think, to the best of my limited knowledge.

- -- Cheers,
Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFHQe8etTMYHG2NR9URAlPdAJ9vcZJSuKbDTXLPGs/dkGuFgdpkWACaAowY
O4ygS0dC3R4o3l0eqc7P6M0=
=KV+J
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >