[Bug 874518] Re: ssh fails after upgrade to 11.10
Jason Nett
874518 at bugs.launchpad.net
Sat Oct 15 04:27:00 UTC 2011
Hi Clint,
I think I figures something out:
If I do a "ssh -vv jnett80 at fcdflnx3.fnal.gov" (the computer I'm trying
to log into), towards the end of the output I get:
Jason Nett11:06:38 PM
debug1: Authentications that can continue:
gssapi-keyex,gssapi-with-mic,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug1: Next authentication method: gssapi-with-mic
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentication succeeded (gssapi-with-mic).
Authenticated to fcdflnx3.fnal.gov ([131.225.240.129]:22).
Notice that "gssapi-with-mic" is in the list of "Authentications that
can continue" and is the one that succeeded. When I try on the machine
that lost it's ability to ssh, this output is:
------------------------------------
debug1: Authentications that can continue:
gssapi-keyex,gssapi-with-mic,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue:
gssapi-keyex,gssapi-with-mic,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (gssapi-keyex,gssapi-with-mic,keyboard-interactive).
-----------------------------------
So on this machine, "gssapi-keyex" and "gssapi-with-mic" are never
attempted--according to the verbose output--and only
"keyboard-interactive" is attempted. From my online searches, I gather
that gssapi-with-mic has something to do with communicating my kerberos
authentication, but I'm not quite sure where to go from here, at the moment.
Hopefully this extra info can help us rectify the issue quickly.
Jason
On 10/14/2011 04:42 PM, Clint Byrum wrote:
> Hi Jason, thanks for taking the time to file a bug report, and I'm sorry
> you're having trouble.
>
> The sshd -ddd needs to be run as root to be able to listen on port 22.
>
> Also, an output from your laptop of
>
> ssh -vv your.desktop.address
>
> Will help to debug this issue.
>
> ** Changed in: openssh (Ubuntu)
> Status: New => Incomplete
>
> ** Changed in: openssh (Ubuntu)
> Importance: Undecided => High
>
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/874518
Title:
ssh fails after upgrade to 11.10
Status in “openssh” package in Ubuntu:
Incomplete
Bug description:
I upgraded from 11.04 to 11.10 and upon completion found that I could no longer ssh into other computers that I routinely do so. There are several things I've checked:
1. Kerberos authentication is working fine, that's not the problem.
2. I tried restarting and reinstalling ssh, but neither helped.
3. I tried copying over all ssh related files from my laptop (with a properly function ssh in 11.04) and replace what is on my 11.10 malfunctioning OS, but that did not help.
4. I tried deleting the .ssh/known_hosts file. On my next attempt, I received the normal message about connecting somewhere for the first time, but was still refused a connection.
5.
jason:~$ /usr/sbin/sshd -ddd
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 682
debug2: parse_server_config: config /etc/ssh/sshd_config len 682
debug3: /etc/ssh/sshd_config:5 setting Port 22
debug3: /etc/ssh/sshd_config:9 setting Protocol 2
debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key
debug3: /etc/ssh/sshd_config:13 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: /etc/ssh/sshd_config:15 setting UsePrivilegeSeparation yes
debug3: /etc/ssh/sshd_config:18 setting KeyRegenerationInterval 3600
debug3: /etc/ssh/sshd_config:19 setting ServerKeyBits 768
debug3: /etc/ssh/sshd_config:22 setting SyslogFacility AUTH
debug3: /etc/ssh/sshd_config:23 setting LogLevel INFO
debug3: /etc/ssh/sshd_config:26 setting LoginGraceTime 120
debug3: /etc/ssh/sshd_config:27 setting PermitRootLogin no
debug3: /etc/ssh/sshd_config:28 setting StrictModes yes
debug3: /etc/ssh/sshd_config:30 setting RSAAuthentication yes
debug3: /etc/ssh/sshd_config:31 setting PubkeyAuthentication yes
debug3: /etc/ssh/sshd_config:35 setting IgnoreRhosts yes
debug3: /etc/ssh/sshd_config:37 setting RhostsRSAAuthentication no
debug3: /etc/ssh/sshd_config:39 setting HostbasedAuthentication no
debug3: /etc/ssh/sshd_config:44 setting PermitEmptyPasswords no
debug3: /etc/ssh/sshd_config:48 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:63 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:64 setting X11DisplayOffset 10
debug3: /etc/ssh/sshd_config:65 setting PrintMotd no
debug3: /etc/ssh/sshd_config:66 setting PrintLastLog yes
debug3: /etc/ssh/sshd_config:67 setting TCPKeepAlive yes
debug3: /etc/ssh/sshd_config:74 setting AcceptEnv LANG LC_*
debug3: /etc/ssh/sshd_config:76 setting Subsystem sftp /usr/lib/openssh/sftp-server
debug3: /etc/ssh/sshd_config:87 setting UsePAM yes
debug1: sshd version OpenSSH_5.8p1 Debian-7ubuntu1
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type RSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: private host key: #0 type 1 RSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type DSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: private host key: #1 type 2 DSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type ECDSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256
debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256
debug1: private host key: #2 type 3 ECDSA
debug1: setgroups() failed: Operation not permitted
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug3: oom_adjust_setup
Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Bind to port 22 on 0.0.0.0 failed: Permission denied.
debug2: fd 3 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Bind to port 22 on :: failed: Permission denied.
Cannot bind any address.
Maybe the problem is in that readout, but I'm not familiar enough with
this output to know.
My laptop which still has Ubuntu 11.04 still can successfully log into
the computers I need to, so the problem is definitely related to the
upgrade of my desktop to 11.10.
ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: ssh (not installed)
ProcVersionSignature: Ubuntu 3.0.0-12.20-generic-pae 3.0.4
Uname: Linux 3.0.0-12-generic-pae i686
NonfreeKernelModules: wl
ApportVersion: 1.23-0ubuntu3
Architecture: i386
Date: Fri Oct 14 13:40:37 2011
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5)
ProcEnviron:
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: openssh
UpgradeStatus: Upgraded to oneiric on 2011-10-14 (0 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518/+subscriptions
More information about the foundations-bugs
mailing list