RE: [SLE] ssh problem with passwd on SUSE 9.0
Just to be complete since there is another thread... This is what fixed it for me in /etc/ssh/sshd_config: # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes #PermitEmptyPasswords no # Change to no to disable s/key passwords ChallengeResponseAuthentication yes I un-remmed the PasswordAuthentication yes and the ChallengeResponseAuthentication yes (for one broken client on a different system, normally I'd leave that remmed out or disabled). -----Original Message----- From: Greg Freemyer [mailto:freemyer-ml@NorcrossGroup.com] Sent: Monday, December 29, 2003 3:13 PM To: SuSE Linux E Subject: Re: [SLE] ssh problem with passwd on SUSE 9.0 On Mon, 2003-12-29 at 14:40, Greg Freemyer wrote:
I assume sshd works in general for SUSE 9.0?
I have just tried to use the ssh daemon for the first time and it is not working for me.
In /var/log/messages I'm getting:
"Dec 29 14:23:23 david sshd[20290]: Failed password for root from::ffff:10.0.1.100 port 1995"
What else should I check?
FYI: With both boxes I can connect as a normal user via the console and sux to root. No problems, so I know I have the passwords right.
Thanks Greg -- Greg Freemyer
More Info: I just manually started sshd with the -d (debug) argument. I'm getting:
david:/home/gaf # /usr/sbin/sshd -d -o PidFile=/var/run/sshd.init.pid debug1: sshd version OpenSSH_3.7.1p2 debug1: private host key: #0 type 0 RSA1 debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 22 on ::. Server listening on :: port 22. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from ::ffff:10.0.1.100 port 4539 debug1: Client protocol version 1.5; client software version PuTTY-Release-0.53b debug1: no match: PuTTY-Release-0.53b debug1: Local version string SSH-1.99-OpenSSH_3.7.1p2 debug1: Sent 768 bit server key and 1024 bit host key. debug1: Encryption type: blowfish debug1: Received session key; encryption turned on. debug1: Installing crc compensation attack detector. debug1: PAM: initializing for "root" debug1: PAM: setting PAM_RHOST to "10.0.1.100" debug1: PAM: setting PAM_TTY to "ssh" debug1: Attempting authentication for root. Password authentication disabled. Failed password for root from ::ffff:10.0.1.100 port 4539
I don't know if that is meaningfull, but the "Password authentication disabled." line looks pretty suspicious to me. Do I have to enable that somewhere in 9.0? I have not had to in 8.x. Greg -- Greg Freemyer -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
Stephen, Further reading on the SUSE Security list archives says that the issue (bug?) only shows up if you are using putty with protocol 1. I have reverted my sshd_config to the shipping config and setup putty to use SSH protocal 2 only: new session load existing expand connection SSH 2 only save It seems to be working fine. HTH Greg -- Greg Freemyer On Mon, 2003-12-29 at 20:07, Stephen Villano wrote:
Just to be complete since there is another thread... This is what fixed it for me in /etc/ssh/sshd_config: # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes #PermitEmptyPasswords no
# Change to no to disable s/key passwords ChallengeResponseAuthentication yes
I un-remmed the PasswordAuthentication yes and the ChallengeResponseAuthentication yes (for one broken client on a different system, normally I'd leave that remmed out or disabled).
-----Original Message----- From: Greg Freemyer [mailto:freemyer-ml@NorcrossGroup.com] Sent: Monday, December 29, 2003 3:13 PM To: SuSE Linux E Subject: Re: [SLE] ssh problem with passwd on SUSE 9.0
On Mon, 2003-12-29 at 14:40, Greg Freemyer wrote:
I assume sshd works in general for SUSE 9.0?
I have just tried to use the ssh daemon for the first time and it is not working for me.
In /var/log/messages I'm getting:
"Dec 29 14:23:23 david sshd[20290]: Failed password for root from::ffff:10.0.1.100 port 1995"
What else should I check?
FYI: With both boxes I can connect as a normal user via the console and sux to root. No problems, so I know I have the passwords right.
Thanks Greg -- Greg Freemyer
More Info:
I just manually started sshd with the -d (debug) argument.
I'm getting:
david:/home/gaf # /usr/sbin/sshd -d -o PidFile=/var/run/sshd.init.pid debug1: sshd version OpenSSH_3.7.1p2 debug1: private host key: #0 type 0 RSA1 debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 22 on ::. Server listening on :: port 22. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from ::ffff:10.0.1.100 port 4539 debug1: Client protocol version 1.5; client software version PuTTY-Release-0.53b debug1: no match: PuTTY-Release-0.53b debug1: Local version string SSH-1.99-OpenSSH_3.7.1p2 debug1: Sent 768 bit server key and 1024 bit host key. debug1: Encryption type: blowfish debug1: Received session key; encryption turned on. debug1: Installing crc compensation attack detector. debug1: PAM: initializing for "root" debug1: PAM: setting PAM_RHOST to "10.0.1.100" debug1: PAM: setting PAM_TTY to "ssh" debug1: Attempting authentication for root. Password authentication disabled. Failed password for root from ::ffff:10.0.1.100 port 4539
I don't know if that is meaningfull, but the "Password authentication disabled." line looks pretty suspicious to me.
Do I have to enable that somewhere in 9.0? I have not had to in 8.x.
Greg -- Greg Freemyer
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
participants (2)
-
Greg Freemyer -
Stephen Villano