Bugzilla – Attachment 1036 Details for
Bug 1065
password expiration and SSH keys don't go well together
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Debugging output of the issue
traces_ssh (text/plain), 36.01 KB, created by
Josselin Mouette
on 2005-12-06 22:31:30 AEDT
(
hide
)
Description:
Debugging output of the issue
Filename:
MIME Type:
Creator:
Josselin Mouette
Created:
2005-12-06 22:31:30 AEDT
Size:
36.01 KB
patch
obsolete
>1) Normal operation: login with a public key > >Server trace: > >[root@tantal237 ssh]# /usr/local/sbin/sshd -ddd >debug2: load_server_config: filename /etc/ssh/sshd_config >debug2: load_server_config: done config len = 342 >debug2: parse_server_config: config /etc/ssh/sshd_config len 342 >debug1: sshd version OpenSSH_4.1p1 >debug1: private host key: #0 type 0 RSA1 >debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. >debug1: read PEM private key done: type RSA >debug1: private host key: #1 type 1 RSA >debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. >debug1: read PEM private key done: type DSA >debug1: private host key: #2 type 2 DSA >debug1: rexec_argv[0]='/usr/local/sbin/sshd' >debug1: rexec_argv[1]='-ddd' >socket: Address family not supported by protocol >debug2: fd 3 setting O_NONBLOCK >debug1: Bind to port 22 on 0.0.0.0. >Server listening on 0.0.0.0 port 22. >Generating 768 bit RSA key. >RSA key generation complete. >debug3: fd 4 is not O_NONBLOCK >debug1: Server will not fork when running in debugging mode. >debug3: send_rexec_state: entering fd = 7 config len 342 >debug3: ssh_msg_send: type 0 >debug3: send_rexec_state: done >debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7 >debug1: inetd sockets after dupping: 3, 3 >Connection from 132.165.91.101 port 50554 >debug1: Client protocol version 2.0; client software version OpenSSH_3.8.1p1 Debian-8.sarge.4 >debug1: match: OpenSSH_3.8.1p1 Debian-8.sarge.4 pat OpenSSH_3.* >debug1: Enabling compatibility mode for protocol 2.0 >debug1: Local version string SSH-1.99-OpenSSH_4.1 >debug2: fd 3 setting O_NONBLOCK >debug1: list_hostkey_types: ssh-rsa,ssh-dss >debug1: SSH2_MSG_KEXINIT sent >debug1: SSH2_MSG_KEXINIT received >debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 >debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr >debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr >debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 >debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: first_kex_follows 0 >debug2: kex_parse_kexinit: reserved 0 >debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 >debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr >debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr >debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 >debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: first_kex_follows 0 >debug2: kex_parse_kexinit: reserved 0 >debug2: mac_init: found hmac-md5 >debug1: kex: client->server aes128-cbc hmac-md5 none >debug2: mac_init: found hmac-md5 >debug1: kex: server->client aes128-cbc hmac-md5 none >debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received >debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent >debug2: dh_gen_key: priv key bits set: 116/256 >debug2: bits set: 520/1024 >debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT >debug2: bits set: 521/1024 >debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent >debug2: kex_derive_keys >debug2: set_newkeys: mode 1 >debug1: SSH2_MSG_NEWKEYS sent >debug1: expecting SSH2_MSG_NEWKEYS >debug2: set_newkeys: mode 0 >debug1: SSH2_MSG_NEWKEYS received >debug1: KEX done >debug1: userauth-request for user jmouette service ssh-connection method none >debug1: attempt 0 failures 0 >debug2: input_userauth_request: setting up authctxt for jmouette >debug1: PAM: initializing for "jmouette" >debug3: Trying to reverse map address 132.165.91.101. >debug1: PAM: setting PAM_RHOST to "silicium.ccc.cea.fr" >debug1: PAM: setting PAM_TTY to "ssh" >debug2: input_userauth_request: try method none >Failed none for jmouette from 132.165.91.101 port 50554 ssh2 >debug1: userauth-request for user jmouette service ssh-connection method publickey >debug1: attempt 1 failures 1 >debug2: input_userauth_request: try method publickey >debug1: test whether pkalg/pkblob are acceptable >debug1: temporarily_use_uid: 12064/500 (e=0/0) >debug1: trying public key file /home/jmouette/.ssh/authorized_keys >debug3: secure_filename: checking '/home/jmouette/.ssh' >debug3: secure_filename: checking '/home/jmouette' >debug3: secure_filename: terminating check at '/home/jmouette' >debug1: matching key found: file /home/jmouette/.ssh/authorized_keys, line 1 >Found matching DSA key: 27:89:20:73:f7:0f:be:cb:0c:b7:2e:1c:a2:6e:f7:65 >debug1: restore_uid: 0/0 >debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss >Postponed publickey for jmouette from 132.165.91.101 port 50554 ssh2 >debug1: userauth-request for user jmouette service ssh-connection method publickey >debug1: attempt 2 failures 1 >debug2: input_userauth_request: try method publickey >debug1: temporarily_use_uid: 12064/500 (e=0/0) >debug1: trying public key file /home/jmouette/.ssh/authorized_keys >debug3: secure_filename: checking '/home/jmouette/.ssh' >debug3: secure_filename: checking '/home/jmouette' >debug3: secure_filename: terminating check at '/home/jmouette' >debug1: matching key found: file /home/jmouette/.ssh/authorized_keys, line 1 >Found matching DSA key: 27:89:20:73:f7:0f:be:cb:0c:b7:2e:1c:a2:6e:f7:65 >debug1: restore_uid: 0/0 >debug1: ssh_dss_verify: signature correct >debug2: userauth_pubkey: authenticated 1 pkalg ssh-dss >debug1: do_pam_account: called >debug3: PAM: do_pam_account pam_acct_mgmt = 0 (Success) >Accepted publickey for jmouette from 132.165.91.101 port 50554 ssh2 >debug1: Entering interactive session for SSH2. >debug2: fd 6 setting O_NONBLOCK >debug2: fd 7 setting O_NONBLOCK >debug1: server_init_dispatch_20 >debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384 >debug1: input_session_request >debug1: channel 0: new [server-session] >debug1: session_new: init >debug1: session_new: session 0 >debug1: session_open: channel 0 >debug1: session_open: session 0: link with channel 0 >debug1: server_input_channel_open: confirm session >debug1: server_input_channel_req: channel 0 request pty-req reply 0 >debug1: session_by_channel: session 0 channel 0 >debug1: session_input_channel_req: session 0 req pty-req >debug1: Allocating pty. >debug1: session_pty_req: session 0 alloc /dev/pts/3 >debug3: tty_parse_modes: SSH2 n_bytes 256 >debug3: tty_parse_modes: ospeed 38400 >debug3: tty_parse_modes: ispeed 38400 >debug3: tty_parse_modes: 1 3 >debug3: tty_parse_modes: 2 28 >debug3: tty_parse_modes: 3 127 >debug3: tty_parse_modes: 4 21 >debug3: tty_parse_modes: 5 4 >debug3: tty_parse_modes: 6 255 >debug3: tty_parse_modes: 7 255 >debug3: tty_parse_modes: 8 17 >debug3: tty_parse_modes: 9 19 >debug3: tty_parse_modes: 10 26 >debug3: tty_parse_modes: 12 18 >debug3: tty_parse_modes: 13 23 >debug3: tty_parse_modes: 14 22 >debug3: tty_parse_modes: 18 15 >debug3: tty_parse_modes: 30 0 >debug3: tty_parse_modes: 31 0 >debug3: tty_parse_modes: 32 0 >debug3: tty_parse_modes: 33 0 >debug3: tty_parse_modes: 34 0 >debug3: tty_parse_modes: 35 0 >debug3: tty_parse_modes: 36 1 >debug3: tty_parse_modes: 37 0 >debug3: tty_parse_modes: 38 1 >debug3: tty_parse_modes: 39 1 >debug3: tty_parse_modes: 40 0 >debug3: tty_parse_modes: 41 1 >debug3: tty_parse_modes: 50 1 >debug3: tty_parse_modes: 51 1 >debug3: tty_parse_modes: 52 0 >debug3: tty_parse_modes: 53 1 >debug3: tty_parse_modes: 54 1 >debug3: tty_parse_modes: 55 1 >debug3: tty_parse_modes: 56 0 >debug3: tty_parse_modes: 57 0 >debug3: tty_parse_modes: 58 0 >debug3: tty_parse_modes: 59 1 >debug3: tty_parse_modes: 60 1 >debug3: tty_parse_modes: 61 1 >debug3: tty_parse_modes: 62 0 >debug3: tty_parse_modes: 70 1 >debug3: tty_parse_modes: 71 0 >debug3: tty_parse_modes: 72 1 >debug3: tty_parse_modes: 73 0 >debug3: tty_parse_modes: 74 0 >debug3: tty_parse_modes: 75 0 >debug3: tty_parse_modes: 90 1 >debug3: tty_parse_modes: 91 1 >debug3: tty_parse_modes: 92 0 >debug3: tty_parse_modes: 93 0 >debug1: server_input_channel_req: channel 0 request x11-req reply 0 >debug1: session_by_channel: session 0 channel 0 >debug1: session_input_channel_req: session 0 req x11-req >debug1: x11_create_display_inet: Socket family 10 not supported >debug2: bind port 6010: Address already in use >debug1: x11_create_display_inet: Socket family 10 not supported >debug2: bind port 6011: Address already in use >debug1: x11_create_display_inet: Socket family 10 not supported >debug2: fd 10 setting O_NONBLOCK >debug3: fd 10 is O_NONBLOCK >debug1: channel 1: new [X11 inet listener] >debug1: server_input_channel_req: channel 0 request shell reply 0 >debug1: session_by_channel: session 0 channel 0 >debug1: session_input_channel_req: session 0 req shell >debug1: PAM: setting PAM_TTY to "/dev/pts/3" >debug1: PAM: establishing credentials >debug1: Setting controlling tty using TIOCSCTTY. >debug2: fd 3 setting TCP_NODELAY >debug2: channel 0: rfd 9 isatty >debug2: fd 9 setting O_NONBLOCK >debug3: fd 8 is O_NONBLOCK >debug1: Received SIGCHLD. >debug1: session_by_pid: pid 15435 >debug1: session_exit_message: session 0 channel 0 pid 15435 >debug2: channel 0: request exit-status confirm 0 >debug1: session_exit_message: release channel 0 >debug2: channel 0: write failed >debug2: channel 0: close_write >debug2: channel 0: output open -> closed >debug1: session_close: session 0 pid 15435 >debug1: session_pty_cleanup: session 0 release /dev/pts/3 >debug2: channel 0: read<=0 rfd 9 len -1 >debug2: channel 0: read failed >debug2: channel 0: close_read >debug2: channel 0: input open -> drain >debug2: channel 0: ibuf empty >debug2: channel 0: send eof >debug2: channel 0: input drain -> closed >debug2: channel 0: send close >debug2: notify_done: reading >debug3: channel 0: will not send data after close >debug2: channel 0: rcvd close >debug3: channel 0: will not send data after close >debug2: channel 0: is dead >debug2: channel 0: garbage collecting >debug1: channel 0: free: server-session, nchannels 2 >debug3: channel 0: status: The following connections are open: > #0 server-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1) > >debug3: channel 0: close_fds r -1 w -1 e -1 c -1 >Connection closed by 132.165.91.101 >debug1: channel 1: free: X11 inet listener, nchannels 1 >debug3: channel 1: status: The following connections are open: > >debug3: channel 1: close_fds r 10 w 10 e -1 c -1 >debug1: do_cleanup >debug1: PAM: cleanup >debug3: PAM: sshpam_thread_cleanup entering >Closing connection to 132.165.91.101 >debug1: PAM: cleanup > >Client trace: > >11:41 jmouette@silicium ~ > ssh tantale-usr2 >Last login: Tue Dec 6 10:36:40 2005 from tantal239 >******************************************************************************** >* Calculateur parallele TANTALE * >******************************************************************************** >debug3: PAM: opening session >debug1: PAM: reinitializing credentials >debug1: permanently_set_uid: 12064/500 >Environment: > USER=jmouette > LOGNAME=jmouette > HOME=/home/jmouette > PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin > MAIL=/var/mail/jmouette > SHELL=/bin/bash > SSH_CLIENT=132.165.91.101 50554 22 > SSH_CONNECTION=132.165.91.101 50554 132.167.130.82 22 > SSH_TTY=/dev/pts/3 > TERM=xterm > DISPLAY=tantal237:12.0 >debug3: channel 0: close_fds r -1 w -1 e -1 c -1 >debug3: channel 1: close_fds r 10 w 10 e -1 c -1 >Running /usr/bin/X11/xauth remove tantal237:12.0 >/usr/bin/X11/xauth add tantal237:12.0 MIT-MAGIC-COOKIE-1 b33c34935ef7359e0ef9de4a02f42662 >debug1: Received SIGCHLD. >11:57 jmouette@tantal237 ~ > logout >Connection to tantale-usr2 closed. > > >2) Login with a public key, when the LDAP password is expired > >Server trace: > >[root@tantal237 ssh]# /usr/local/sbin/sshd -ddd >debug2: load_server_config: filename /etc/ssh/sshd_config >debug2: load_server_config: done config len = 342 >debug2: parse_server_config: config /etc/ssh/sshd_config len 342 >debug1: sshd version OpenSSH_4.1p1 >debug1: private host key: #0 type 0 RSA1 >debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. >debug1: read PEM private key done: type RSA >debug1: private host key: #1 type 1 RSA >debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. >debug1: read PEM private key done: type DSA >debug1: private host key: #2 type 2 DSA >debug1: rexec_argv[0]='/usr/local/sbin/sshd' >debug1: rexec_argv[1]='-ddd' >socket: Address family not supported by protocol >debug2: fd 3 setting O_NONBLOCK >debug1: Bind to port 22 on 0.0.0.0. >Server listening on 0.0.0.0 port 22. >Generating 768 bit RSA key. >RSA key generation complete. >debug3: fd 4 is not O_NONBLOCK >debug1: Server will not fork when running in debugging mode. >debug3: send_rexec_state: entering fd = 7 config len 342 >debug3: ssh_msg_send: type 0 >debug3: send_rexec_state: done >debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7 >debug1: inetd sockets after dupping: 3, 3 >Connection from 132.165.91.101 port 50584 >debug1: Client protocol version 2.0; client software version OpenSSH_3.8.1p1 Debian-8.sarge.4 >debug1: match: OpenSSH_3.8.1p1 Debian-8.sarge.4 pat OpenSSH_3.* >debug1: Enabling compatibility mode for protocol 2.0 >debug1: Local version string SSH-1.99-OpenSSH_4.1 >debug2: fd 3 setting O_NONBLOCK >debug1: list_hostkey_types: ssh-rsa,ssh-dss >debug1: SSH2_MSG_KEXINIT sent >debug1: SSH2_MSG_KEXINIT received >debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 >debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr >debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr >debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 >debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: first_kex_follows 0 >debug2: kex_parse_kexinit: reserved 0 >debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 >debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr >debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr >debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 >debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: first_kex_follows 0 >debug2: kex_parse_kexinit: reserved 0 >debug2: mac_init: found hmac-md5 >debug1: kex: client->server aes128-cbc hmac-md5 none >debug2: mac_init: found hmac-md5 >debug1: kex: server->client aes128-cbc hmac-md5 none >debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received >debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent >debug2: dh_gen_key: priv key bits set: 119/256 >debug2: bits set: 502/1024 >debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT >debug2: bits set: 528/1024 >debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent >debug2: kex_derive_keys >debug2: set_newkeys: mode 1 >debug1: SSH2_MSG_NEWKEYS sent >debug1: expecting SSH2_MSG_NEWKEYS >debug2: set_newkeys: mode 0 >debug1: SSH2_MSG_NEWKEYS received >debug1: KEX done >debug1: userauth-request for user jmouette service ssh-connection method none >debug1: attempt 0 failures 0 >debug2: input_userauth_request: setting up authctxt for jmouette >debug1: PAM: initializing for "jmouette" >debug3: Trying to reverse map address 132.165.91.101. >debug1: PAM: setting PAM_RHOST to "silicium.ccc.cea.fr" >debug1: PAM: setting PAM_TTY to "ssh" >debug2: input_userauth_request: try method none >Failed none for jmouette from 132.165.91.101 port 50584 ssh2 >debug1: userauth-request for user jmouette service ssh-connection method publickey >debug1: attempt 1 failures 1 >debug2: input_userauth_request: try method publickey >debug1: test whether pkalg/pkblob are acceptable >debug1: temporarily_use_uid: 12064/500 (e=0/0) >debug1: trying public key file /home/jmouette/.ssh/authorized_keys >debug3: secure_filename: checking '/home/jmouette/.ssh' >debug3: secure_filename: checking '/home/jmouette' >debug3: secure_filename: terminating check at '/home/jmouette' >debug1: matching key found: file /home/jmouette/.ssh/authorized_keys, line 1 >Found matching DSA key: 27:89:20:73:f7:0f:be:cb:0c:b7:2e:1c:a2:6e:f7:65 >debug1: restore_uid: 0/0 >debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss >Postponed publickey for jmouette from 132.165.91.101 port 50584 ssh2 >debug1: userauth-request for user jmouette service ssh-connection method publickey >debug1: attempt 2 failures 1 >debug2: input_userauth_request: try method publickey >debug1: temporarily_use_uid: 12064/500 (e=0/0) >debug1: trying public key file /home/jmouette/.ssh/authorized_keys >debug3: secure_filename: checking '/home/jmouette/.ssh' >debug3: secure_filename: checking '/home/jmouette' >debug3: secure_filename: terminating check at '/home/jmouette' >debug1: matching key found: file /home/jmouette/.ssh/authorized_keys, line 1 >Found matching DSA key: 27:89:20:73:f7:0f:be:cb:0c:b7:2e:1c:a2:6e:f7:65 >debug1: restore_uid: 0/0 >debug1: ssh_dss_verify: signature correct >debug2: userauth_pubkey: authenticated 1 pkalg ssh-dss >debug1: do_pam_account: called >debug3: PAM: sshpam_store_conv called with 1 messages >debug3: PAM: do_pam_account pam_acct_mgmt = 12 (Authentication token is no longer valid; new one required.) >debug3: sshpam_password_change_required 1 >Accepted publickey for jmouette from 132.165.91.101 port 50584 ssh2 >debug1: Entering interactive session for SSH2. >debug2: fd 6 setting O_NONBLOCK >debug2: fd 7 setting O_NONBLOCK >debug1: server_init_dispatch_20 >debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384 >debug1: input_session_request >debug1: channel 0: new [server-session] >debug1: session_new: init >debug1: session_new: session 0 >debug1: session_open: channel 0 >debug1: session_open: session 0: link with channel 0 >debug1: server_input_channel_open: confirm session >debug1: server_input_channel_req: channel 0 request pty-req reply 0 >debug1: session_by_channel: session 0 channel 0 >debug1: session_input_channel_req: session 0 req pty-req >debug1: Allocating pty. >debug1: session_pty_req: session 0 alloc /dev/pts/3 >debug3: tty_parse_modes: SSH2 n_bytes 256 >debug3: tty_parse_modes: ospeed 38400 >debug3: tty_parse_modes: ispeed 38400 >debug3: tty_parse_modes: 1 3 >debug3: tty_parse_modes: 2 28 >debug3: tty_parse_modes: 3 127 >debug3: tty_parse_modes: 4 21 >debug3: tty_parse_modes: 5 4 >debug3: tty_parse_modes: 6 255 >debug3: tty_parse_modes: 7 255 >debug3: tty_parse_modes: 8 17 >debug3: tty_parse_modes: 9 19 >debug3: tty_parse_modes: 10 26 >debug3: tty_parse_modes: 12 18 >debug3: tty_parse_modes: 13 23 >debug3: tty_parse_modes: 14 22 >debug3: tty_parse_modes: 18 15 >debug3: tty_parse_modes: 30 0 >debug3: tty_parse_modes: 31 0 >debug3: tty_parse_modes: 32 0 >debug3: tty_parse_modes: 33 0 >debug3: tty_parse_modes: 34 0 >debug3: tty_parse_modes: 35 0 >debug3: tty_parse_modes: 36 1 >debug3: tty_parse_modes: 37 0 >debug3: tty_parse_modes: 38 1 >debug3: tty_parse_modes: 39 1 >debug3: tty_parse_modes: 40 0 >debug3: tty_parse_modes: 41 1 >debug3: tty_parse_modes: 50 1 >debug3: tty_parse_modes: 51 1 >debug3: tty_parse_modes: 52 0 >debug3: tty_parse_modes: 53 1 >debug3: tty_parse_modes: 54 1 >debug3: tty_parse_modes: 55 1 >debug3: tty_parse_modes: 56 0 >debug3: tty_parse_modes: 57 0 >debug3: tty_parse_modes: 58 0 >debug3: tty_parse_modes: 59 1 >debug3: tty_parse_modes: 60 1 >debug3: tty_parse_modes: 61 1 >debug3: tty_parse_modes: 62 0 >debug3: tty_parse_modes: 70 1 >debug3: tty_parse_modes: 71 0 >debug3: tty_parse_modes: 72 1 >debug3: tty_parse_modes: 73 0 >debug3: tty_parse_modes: 74 0 >debug3: tty_parse_modes: 75 0 >debug3: tty_parse_modes: 90 1 >debug3: tty_parse_modes: 91 1 >debug3: tty_parse_modes: 92 0 >debug3: tty_parse_modes: 93 0 >debug1: server_input_channel_req: channel 0 request x11-req reply 0 >debug1: session_by_channel: session 0 channel 0 >debug1: session_input_channel_req: session 0 req x11-req >debug1: server_input_channel_req: channel 0 request shell reply 0 >debug1: session_by_channel: session 0 channel 0 >debug1: session_input_channel_req: session 0 req shell >debug1: PAM: setting PAM_TTY to "/dev/pts/3" >debug1: PAM: establishing credentials >debug1: Setting controlling tty using TIOCSCTTY. >debug2: fd 3 setting TCP_NODELAY >debug2: channel 0: rfd 9 isatty >debug2: fd 9 setting O_NONBLOCK >debug3: fd 8 is O_NONBLOCK >debug1: Received SIGCHLD. >debug2: channel 0: read failed >debug2: channel 0: close_read >debug2: channel 0: input open -> drain >debug2: channel 0: ibuf empty >debug2: channel 0: send eof >debug2: channel 0: input drain -> closed >debug2: notify_done: reading >debug1: session_by_pid: pid 15697 >debug1: session_exit_message: session 0 channel 0 pid 15697 >debug2: channel 0: request exit-status confirm 0 >debug1: session_exit_message: release channel 0 >debug2: channel 0: write failed >debug2: channel 0: close_write >debug2: channel 0: output open -> closed >debug1: session_close: session 0 pid 15697 >debug1: session_pty_cleanup: session 0 release /dev/pts/3 >debug2: channel 0: send close >debug3: channel 0: will not send data after close >debug2: channel 0: rcvd close >debug3: channel 0: will not send data after close >debug2: channel 0: is dead >debug2: channel 0: garbage collecting >debug1: channel 0: free: server-session, nchannels 1 >debug3: channel 0: status: The following connections are open: > #0 server-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1) > >debug3: channel 0: close_fds r -1 w -1 e -1 c -1 >Connection closed by 132.165.91.101 >debug1: do_cleanup >debug1: PAM: cleanup >debug3: PAM: sshpam_thread_cleanup entering >Closing connection to 132.165.91.101 >debug1: PAM: cleanup > >Client trace: > >11:59 jmouette@silicium ~ > ssh tantale-usr2 >You are required to change your LDAP password immediately. >Last login: Tue Dec 6 11:57:52 2005 from silicium.ccc.cea.fr >debug1: PAM: changing password >debug3: PAM: sshpam_store_conv called with 1 messages >PAM: pam_chauthtok(): User not known to the underlying authentication module >debug1: do_cleanup >Connection to tantale-usr2 closed. > > >3) Login without public key, with expired password > >Server trace: > >[root@tantal237 ssh]# /usr/local/sbin/sshd -ddd >debug2: load_server_config: filename /etc/ssh/sshd_config >debug2: load_server_config: done config len = 342 >debug2: parse_server_config: config /etc/ssh/sshd_config len 342 >debug1: sshd version OpenSSH_4.1p1 >debug1: private host key: #0 type 0 RSA1 >debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. >debug1: read PEM private key done: type RSA >debug1: private host key: #1 type 1 RSA >debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. >debug1: read PEM private key done: type DSA >debug1: private host key: #2 type 2 DSA >debug1: rexec_argv[0]='/usr/local/sbin/sshd' >debug1: rexec_argv[1]='-ddd' >socket: Address family not supported by protocol >debug2: fd 3 setting O_NONBLOCK >debug1: Bind to port 22 on 0.0.0.0. >Server listening on 0.0.0.0 port 22. >Generating 768 bit RSA key. >RSA key generation complete. >debug3: fd 4 is not O_NONBLOCK >debug1: Server will not fork when running in debugging mode. >debug3: send_rexec_state: entering fd = 7 config len 342 >debug3: ssh_msg_send: type 0 >debug3: send_rexec_state: done >debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7 >debug1: inetd sockets after dupping: 3, 3 >Connection from 132.165.91.101 port 50623 >debug1: Client protocol version 2.0; client software version OpenSSH_3.8.1p1 Debian-8.sarge.4 >debug1: match: OpenSSH_3.8.1p1 Debian-8.sarge.4 pat OpenSSH_3.* >debug1: Enabling compatibility mode for protocol 2.0 >debug1: Local version string SSH-1.99-OpenSSH_4.1 >debug2: fd 3 setting O_NONBLOCK >debug1: list_hostkey_types: ssh-rsa,ssh-dss >debug1: SSH2_MSG_KEXINIT sent >debug1: SSH2_MSG_KEXINIT received >debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 >debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr >debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr >debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 >debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: first_kex_follows 0 >debug2: kex_parse_kexinit: reserved 0 >debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 >debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr >debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr >debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 >debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: first_kex_follows 0 >debug2: kex_parse_kexinit: reserved 0 >debug2: mac_init: found hmac-md5 >debug1: kex: client->server aes128-cbc hmac-md5 none >debug2: mac_init: found hmac-md5 >debug1: kex: server->client aes128-cbc hmac-md5 none >debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received >debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent >debug2: dh_gen_key: priv key bits set: 131/256 >debug2: bits set: 496/1024 >debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT >debug2: bits set: 493/1024 >debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent >debug2: kex_derive_keys >debug2: set_newkeys: mode 1 >debug1: SSH2_MSG_NEWKEYS sent >debug1: expecting SSH2_MSG_NEWKEYS >debug2: set_newkeys: mode 0 >debug1: SSH2_MSG_NEWKEYS received >debug1: KEX done >debug1: userauth-request for user jmouette service ssh-connection method none >debug1: attempt 0 failures 0 >debug2: input_userauth_request: setting up authctxt for jmouette >debug1: PAM: initializing for "jmouette" >debug3: Trying to reverse map address 132.165.91.101. >debug1: PAM: setting PAM_RHOST to "silicium.ccc.cea.fr" >debug1: PAM: setting PAM_TTY to "ssh" >debug2: input_userauth_request: try method none >Failed none for jmouette from 132.165.91.101 port 50623 ssh2 >debug1: userauth-request for user jmouette service ssh-connection method keyboard-interactive >debug1: attempt 1 failures 1 >debug2: input_userauth_request: try method keyboard-interactive >debug1: keyboard-interactive devs >debug1: auth2_challenge: user=jmouette devs= >debug1: kbdint_alloc: devices 'pam' >debug2: auth2_challenge_start: devices pam >debug2: kbdint_next_device: devices <empty> >debug1: auth2_challenge_start: trying authentication method 'pam' >debug3: PAM: sshpam_init_ctx entering >debug3: PAM: sshpam_query entering >debug3: ssh_msg_recv entering >debug3: PAM: sshpam_thread_conv entering, 1 messages >debug3: ssh_msg_send: type 1 >debug3: ssh_msg_recv entering >Postponed keyboard-interactive for jmouette from 132.165.91.101 port 50623 ssh2 >debug2: PAM: sshpam_respond entering, 1 responses >debug3: ssh_msg_send: type 6 >debug3: PAM: sshpam_query entering >debug3: ssh_msg_recv entering >debug1: do_pam_account: called >debug3: PAM: sshpam_thread_conv entering, 1 messages >debug3: ssh_msg_send: type 3 >debug3: PAM: do_pam_account pam_acct_mgmt = 12 (Authentication token is no longer valid; new one required.) >debug3: sshpam_password_change_required 1 >debug3: ssh_msg_recv entering >debug3: PAM: sshpam_thread_conv entering, 1 messages >debug3: ssh_msg_send: type 1 >debug3: ssh_msg_recv entering >Postponed keyboard-interactive/pam for jmouette from 132.165.91.101 port 50623 ssh2 >debug2: PAM: sshpam_respond entering, 1 responses >debug3: ssh_msg_send: type 6 >debug3: PAM: sshpam_query entering >debug3: ssh_msg_recv entering >debug3: PAM: sshpam_thread_conv entering, 1 messages >debug3: ssh_msg_send: type 1 >debug3: ssh_msg_recv entering >Postponed keyboard-interactive/pam for jmouette from 132.165.91.101 port 50623 ssh2 >debug2: PAM: sshpam_respond entering, 1 responses >debug3: ssh_msg_send: type 6 >debug3: PAM: sshpam_query entering >debug3: ssh_msg_recv entering >debug3: PAM: sshpam_thread_conv entering, 1 messages >debug3: ssh_msg_send: type 1 >debug3: ssh_msg_recv entering >Postponed keyboard-interactive/pam for jmouette from 132.165.91.101 port 50623 ssh2 >debug2: PAM: sshpam_respond entering, 1 responses >debug3: ssh_msg_send: type 6 >debug3: PAM: sshpam_query entering >debug3: ssh_msg_recv entering >debug3: PAM: sshpam_thread_conv entering, 1 messages >debug3: ssh_msg_send: type 4 >debug3: ssh_msg_recv entering >debug3: sshpam_password_change_required 0 >debug3: ssh_msg_send: type 0 >debug1: PAM: LDAP password information changed for jmouette > >debug3: PAM: import_environments entering >debug3: sshpam_password_change_required 0 >debug3: PAM: num env strings 0 >debug1: PAM: num PAM env strings 0 >Postponed keyboard-interactive/pam for jmouette from 132.165.91.101 port 50623 ssh2 >debug2: PAM: sshpam_respond entering, 0 responses >debug3: PAM: sshpam_free_ctx entering >debug3: PAM: sshpam_thread_cleanup entering >debug1: do_pam_account: called >Accepted keyboard-interactive/pam for jmouette from 132.165.91.101 port 50623 ssh2 >debug1: Entering interactive session for SSH2. >debug2: fd 4 setting O_NONBLOCK >debug2: fd 5 setting O_NONBLOCK >debug1: server_init_dispatch_20 >debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384 >debug1: input_session_request >debug1: channel 0: new [server-session] >debug1: session_new: init >debug1: session_new: session 0 >debug1: session_open: channel 0 >debug1: session_open: session 0: link with channel 0 >debug1: server_input_channel_open: confirm session >debug1: server_input_channel_req: channel 0 request pty-req reply 0 >debug1: session_by_channel: session 0 channel 0 >debug1: session_input_channel_req: session 0 req pty-req >debug1: Allocating pty. >debug1: session_pty_req: session 0 alloc /dev/pts/3 >debug3: tty_parse_modes: SSH2 n_bytes 256 >debug3: tty_parse_modes: ospeed 38400 >debug3: tty_parse_modes: ispeed 38400 >debug3: tty_parse_modes: 1 3 >debug3: tty_parse_modes: 2 28 >debug3: tty_parse_modes: 3 127 >debug3: tty_parse_modes: 4 21 >debug3: tty_parse_modes: 5 4 >debug3: tty_parse_modes: 6 255 >debug3: tty_parse_modes: 7 255 >debug3: tty_parse_modes: 8 17 >debug3: tty_parse_modes: 9 19 >debug3: tty_parse_modes: 10 26 >debug3: tty_parse_modes: 12 18 >debug3: tty_parse_modes: 13 23 >debug3: tty_parse_modes: 14 22 >debug3: tty_parse_modes: 18 15 >debug3: tty_parse_modes: 30 0 >debug3: tty_parse_modes: 31 0 >debug3: tty_parse_modes: 32 0 >debug3: tty_parse_modes: 33 0 >debug3: tty_parse_modes: 34 0 >debug3: tty_parse_modes: 35 0 >debug3: tty_parse_modes: 36 1 >debug3: tty_parse_modes: 37 0 >debug3: tty_parse_modes: 38 1 >debug3: tty_parse_modes: 39 1 >debug3: tty_parse_modes: 40 0 >debug3: tty_parse_modes: 41 1 >debug3: tty_parse_modes: 50 1 >debug3: tty_parse_modes: 51 1 >debug3: tty_parse_modes: 52 0 >debug3: tty_parse_modes: 53 1 >debug3: tty_parse_modes: 54 1 >debug3: tty_parse_modes: 55 1 >debug3: tty_parse_modes: 56 0 >debug3: tty_parse_modes: 57 0 >debug3: tty_parse_modes: 58 0 >debug3: tty_parse_modes: 59 1 >debug3: tty_parse_modes: 60 1 >debug3: tty_parse_modes: 61 1 >debug3: tty_parse_modes: 62 0 >debug3: tty_parse_modes: 70 1 >debug3: tty_parse_modes: 71 0 >debug3: tty_parse_modes: 72 1 >debug3: tty_parse_modes: 73 0 >debug3: tty_parse_modes: 74 0 >debug3: tty_parse_modes: 75 0 >debug3: tty_parse_modes: 90 1 >debug3: tty_parse_modes: 91 1 >debug3: tty_parse_modes: 92 0 >debug3: tty_parse_modes: 93 0 >debug1: server_input_channel_req: channel 0 request x11-req reply 0 >debug1: session_by_channel: session 0 channel 0 >debug1: session_input_channel_req: session 0 req x11-req >debug1: x11_create_display_inet: Socket family 10 not supported >debug2: bind port 6010: Address already in use >debug1: x11_create_display_inet: Socket family 10 not supported >debug2: bind port 6011: Address already in use >debug1: x11_create_display_inet: Socket family 10 not supported >debug2: fd 8 setting O_NONBLOCK >debug3: fd 8 is O_NONBLOCK >debug1: channel 1: new [X11 inet listener] >debug1: server_input_channel_req: channel 0 request shell reply 0 >debug1: session_by_channel: session 0 channel 0 >debug1: session_input_channel_req: session 0 req shell >debug1: PAM: setting PAM_TTY to "/dev/pts/3" >debug1: PAM: establishing credentials >debug2: fd 3 setting TCP_NODELAY >debug1: Setting controlling tty using TIOCSCTTY. >debug2: channel 0: rfd 7 isatty >debug2: fd 7 setting O_NONBLOCK >debug3: fd 6 is O_NONBLOCK >debug1: Received SIGCHLD. >debug2: channel 0: read<=0 rfd 7 len -1 >debug2: channel 0: read failed >debug2: channel 0: close_read >debug2: channel 0: input open -> drain >debug2: channel 0: ibuf empty >debug2: channel 0: send eof >debug2: channel 0: input drain -> closed >debug2: notify_done: reading >debug1: session_by_pid: pid 15982 >debug1: session_exit_message: session 0 channel 0 pid 15982 >debug2: channel 0: request exit-status confirm 0 >debug1: session_exit_message: release channel 0 >debug2: channel 0: write failed >debug2: channel 0: close_write >debug2: channel 0: output open -> closed >debug1: session_close: session 0 pid 15982 >debug1: session_pty_cleanup: session 0 release /dev/pts/3 >debug2: channel 0: send close >debug3: channel 0: will not send data after close >debug2: channel 0: rcvd close >debug3: channel 0: will not send data after close >debug2: channel 0: is dead >debug2: channel 0: garbage collecting >debug1: channel 0: free: server-session, nchannels 2 >debug3: channel 0: status: The following connections are open: > #0 server-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1) > >debug3: channel 0: close_fds r -1 w -1 e -1 c -1 >Connection closed by 132.165.91.101 >debug1: channel 1: free: X11 inet listener, nchannels 1 >debug3: channel 1: status: The following connections are open: > >debug3: channel 1: close_fds r 8 w 8 e -1 c -1 >debug1: do_cleanup >debug1: PAM: cleanup >debug3: PAM: sshpam_thread_cleanup entering >Closing connection to 132.165.91.101 >debug1: PAM: cleanup > >Client trace : > >11:59 jmouette@silicium ~ > ssh -o PubkeyAuthentication=no tantale-usr2 >Password: >You are required to change your LDAP password immediately. >Enter login(LDAP) password: >New password: >Retype new password: >LDAP password information changed for jmouette >Last login: Tue Dec 6 11:59:36 2005 from silicium.ccc.cea.fr >******************************************************************************** >* Calculateur parallele TANTALE * >******************************************************************************** >debug3: PAM: opening session >debug1: PAM: reinitializing credentials >debug1: permanently_set_uid: 12064/500 >Environment: > USER=jmouette > LOGNAME=jmouette > HOME=/home/jmouette > PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin > MAIL=/var/mail/jmouette > SHELL=/bin/bash > SSH_CLIENT=132.165.91.101 50623 22 > SSH_CONNECTION=132.165.91.101 50623 132.167.130.82 22 > SSH_TTY=/dev/pts/3 > TERM=xterm > DISPLAY=tantal237:12.0 >debug3: channel 0: close_fds r -1 w -1 e -1 c -1 >debug3: channel 1: close_fds r 8 w 8 e -1 c -1 >Running /usr/bin/X11/xauth remove tantal237:12.0 >/usr/bin/X11/xauth add tantal237:12.0 MIT-MAGIC-COOKIE-1 09032b4c0a93ec80bd194907c544312e >debug1: Received SIGCHLD. >12:02 jmouette@tantal237 ~ > logout >Connection to tantale-usr2 closed. >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 1065
: 1036