Bugzilla – Attachment 3146 Details for
Bug 2861
LDAP user with public key authentication showing AUTHSTATE=compat
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
sshd password-based authentication logs
sshd_password_based.txt (text/plain), 16.29 KB, created by
Mayank Sharma
on 2018-05-02 19:37:53 AEST
(
hide
)
Description:
sshd password-based authentication logs
Filename:
MIME Type:
Creator:
Mayank Sharma
Created:
2018-05-02 19:37:53 AEST
Size:
16.29 KB
patch
obsolete
># /usr/sbin/sshd -ddd >debug2: load_server_config: filename /etc/ssh/sshd_config >debug2: load_server_config: done config len = 173 >debug2: parse_server_config: config /etc/ssh/sshd_config len 173 >debug3: /etc/ssh/sshd_config:39 setting PermitRootLogin yes >debug3: /etc/ssh/sshd_config:111 setting Subsystem sftp /usr/sbin/sftp-server >debug1: sshd version OpenSSH_7.5, OpenSSL 1.0.2m 2 Nov 2017 >debug1: private host key #0: ssh-rsa SHA256:5Jfv3JQpaNDftFQ6ebVX2F4uRNA4Fh0aWt0WQRe1XoM >debug1: private host key #1: ssh-dss SHA256:6A+aAQvDlcMdsbHU46ajFKHDq944aC/Ryr7Bpgx9SNk >debug1: private host key #2: ecdsa-sha2-nistp256 SHA256:zBwFcpi5bIompaYrRb510kkwqL3lo3ttMYspIgupZBw >debug1: key_load_private: No such file or directory >debug1: key_load_public: No such file or directory >Could not load host key: /etc/ssh/ssh_host_ed25519_key >debug1: rexec_argv[0]='/usr/sbin/sshd' >debug1: rexec_argv[1]='-dddd' >debug2: fd 3 setting O_NONBLOCK >debug1: Bind to port 22 on 0.0.0.0. >Server listening on 0.0.0.0 port 22. >debug2: fd 4 setting O_NONBLOCK >debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY >debug1: Bind to port 22 on ::. >Server listening on :: port 22. >debug1: fd 5 clearing O_NONBLOCK >debug1: Server will not fork when running in debugging mode. >debug3: send_rexec_state: entering fd = 8 config len 173 >debug3: ssh_msg_send: type 0 >debug3: send_rexec_state: done >debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 >debug1: inetd sockets after dupping: 3, 3 >Connection from 127.0.0.1 port 35661 on 127.0.0.1 port 22 >debug1: Client protocol version 2.0; client software version OpenSSH_7.5 >debug1: match: OpenSSH_7.5 pat OpenSSH* compat 0x04000000 >debug1: Local version string SSH-2.0-OpenSSH_7.5 >debug1: Enabling compatibility mode for protocol 2.0 >debug2: fd 3 setting O_NONBLOCK >debug3: ssh_sandbox_init: preparing rlimit sandbox >debug2: Network child is on pid 10813526 >debug3: preauth child monitor started >debug3: privsep user:group 212:207 [preauth] >debug1: permanently_set_uid: 212/207 [preauth] >debug3: list_hostkey_types: ssh-dss key not permitted by HostkeyAlgorithms [preauth] >debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256 [preauth] >debug3: send packet: type 20 [preauth] >debug1: SSH2_MSG_KEXINIT sent [preauth] >debug3: receive packet: type 20 [preauth] >debug1: SSH2_MSG_KEXINIT received [preauth] >debug2: local server KEXINIT proposal [preauth] >debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth] >debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256 [preauth] >debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth] >debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth] >debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] >debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] >debug2: compression ctos: none,zlib@openssh.com [preauth] >debug2: compression stoc: none,zlib@openssh.com [preauth] >debug2: languages ctos: [preauth] >debug2: languages stoc: [preauth] >debug2: first_kex_follows 0 [preauth] >debug2: reserved 0 [preauth] >debug2: peer client KEXINIT proposal [preauth] >debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c [preauth] >debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa [preauth] >debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc [preauth] >debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc [preauth] >debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] >debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] >debug2: compression ctos: none,zlib@openssh.com,zlib [preauth] >debug2: compression stoc: none,zlib@openssh.com,zlib [preauth] >debug2: languages ctos: [preauth] >debug2: languages stoc: [preauth] >debug2: first_kex_follows 0 [preauth] >debug2: reserved 0 [preauth] >debug1: kex: algorithm: curve25519-sha256 [preauth] >debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth] >debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth] >debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth] >debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth] >debug3: receive packet: type 30 [preauth] >debug3: mm_key_sign entering [preauth] >debug3: mm_request_send entering: type 6 [preauth] >debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth] >debug3: mm_request_receive_expect entering: type 7 [preauth] >debug3: mm_request_receive entering [preauth] >debug3: mm_request_receive entering >debug3: monitor_read: checking request 6 >debug3: mm_answer_sign >debug3: mm_answer_sign: hostkey proof signature 20061888(101) >debug3: mm_request_send entering: type 7 >debug2: monitor_read: 6 used once, disabling now >debug3: send packet: type 31 [preauth] >debug3: send packet: type 21 [preauth] >debug2: set_newkeys: mode 1 [preauth] >debug1: rekey after 134217728 blocks [preauth] >debug1: SSH2_MSG_NEWKEYS sent [preauth] >debug1: expecting SSH2_MSG_NEWKEYS [preauth] >debug3: send packet: type 7 [preauth] >debug3: receive packet: type 21 [preauth] >debug1: SSH2_MSG_NEWKEYS received [preauth] >debug2: set_newkeys: mode 0 [preauth] >debug1: rekey after 134217728 blocks [preauth] >debug1: KEX done [preauth] >debug3: receive packet: type 5 [preauth] >debug3: send packet: type 6 [preauth] >debug3: receive packet: type 50 [preauth] >debug1: userauth-request for user ldapuser service ssh-connection method none [preauth] >debug1: attempt 0 failures 0 [preauth] >debug3: mm_getpwnamallow entering [preauth] >debug3: mm_request_send entering: type 8 [preauth] >debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth] >debug3: mm_request_receive_expect entering: type 9 [preauth] >debug3: mm_request_receive entering [preauth] >debug3: mm_request_receive entering >debug3: monitor_read: checking request 8 >debug3: mm_answer_pwnamallow >debug2: parse_server_config: config reprocess config len 173 >debug3: AIX/setauthdb set registry 'LDAP' >debug3: aix_restoreauthdb: restoring old registry '' >debug3: AIX/loginrestrictions returned 0 msg (none) >debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 >debug3: mm_request_send entering: type 9 >debug2: monitor_read: 8 used once, disabling now >debug2: input_userauth_request: setting up authctxt for ldapuser [preauth] >debug3: mm_inform_authserv entering [preauth] >debug3: mm_request_send entering: type 4 [preauth] >debug2: input_userauth_request: try method none [preauth] >debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth] >debug3: send packet: type 51 [preauth] >debug3: mm_request_receive entering >debug3: monitor_read: checking request 4 >debug3: mm_answer_authserv: service=ssh-connection, style= >debug2: monitor_read: 4 used once, disabling now >debug3: receive packet: type 50 [preauth] >debug1: userauth-request for user ldapuser service ssh-connection method publickey [preauth] >debug1: attempt 1 failures 0 [preauth] >debug2: input_userauth_request: try method publickey [preauth] >debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:kz6/wTPmQPFUkwCrD8f717BClyG1N3Vfe+TtR4JRcgw [preauth] >debug3: mm_key_allowed entering [preauth] >debug3: mm_request_send entering: type 22 [preauth] >debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth] >debug3: mm_request_receive_expect entering: type 23 [preauth] >debug3: mm_request_receive entering [preauth] >debug3: mm_request_receive entering >debug3: monitor_read: checking request 22 >debug3: mm_answer_keyallowed entering >debug3: mm_answer_keyallowed: key_from_blob: 20061808 >debug1: temporarily_use_uid: 33712/1 (e=0/0) >debug1: trying public key file /home/ldapuser/.ssh/authorized_keys >debug1: Could not open authorized keys '/home/ldapuser/.ssh/authorized_keys': A file or directory in the path name does not exist. >debug1: restore_uid: 0/0 >debug1: temporarily_use_uid: 33712/1 (e=0/0) >debug1: trying public key file /home/ldapuser/.ssh/authorized_keys2 >debug1: Could not open authorized keys '/home/ldapuser/.ssh/authorized_keys2': A file or directory in the path name does not exist. >debug1: restore_uid: 0/0 >debug3: mm_answer_keyallowed: key 20061808 is not allowed >Failed publickey for ldapuser from 127.0.0.1 port 35661 ssh2: RSA SHA256:kz6/wTPmQPFUkwCrD8f717BClyG1N3Vfe+TtR4JRcgw >debug3: mm_request_send entering: type 23 >debug2: userauth_pubkey: authenticated 0 pkalg rsa-sha2-512 [preauth] >debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth] >debug3: send packet: type 51 [preauth] >debug3: receive packet: type 50 [preauth] >debug1: userauth-request for user ldapuser service ssh-connection method keyboard-interactive [preauth] >debug1: attempt 2 failures 1 [preauth] >debug2: input_userauth_request: try method keyboard-interactive [preauth] >debug1: keyboard-interactive devs [preauth] >debug1: auth2_challenge: user=ldapuser devs= [preauth] >debug1: kbdint_alloc: devices '' [preauth] >debug2: auth2_challenge_start: devices [preauth] >debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth] >debug3: send packet: type 51 [preauth] >debug3: receive packet: type 50 [preauth] >debug1: userauth-request for user ldapuser service ssh-connection method password [preauth] >debug1: attempt 3 failures 2 [preauth] >debug2: input_userauth_request: try method password [preauth] >debug3: mm_auth_password entering [preauth] >debug3: mm_request_send entering: type 12 [preauth] >debug3: mm_request_receive entering >debug3: monitor_read: checking request 12 >debug3: AIX/authenticate result 0, authmsg >debug3: AIX SYSTEM attribute KRB5files OR compat OR LDAP >debug3: AIX/setauthdb set registry 'LDAP' >debug3: AIX/passwdexpired returned 0 msg >debug3: aix_restoreauthdb: restoring old registry '' >debug3: mm_answer_authpassword: sending result 1 >debug3: mm_request_send entering: type 13 >Accepted password for ldapuser from 127.0.0.1 port 35661 ssh2 >debug3: AIX/setauthdb set registry 'LDAP' >debug1: AIX/loginsuccess: msg Last unsuccessful login: Wed May 2 03:16:40 CDT 2018 on ssh from 127.0.0.1 >Last login: Wed May 2 03:16:45 CDT 2018 on /dev/pts/3 from 127.0.0.1 > >debug3: aix_restoreauthdb: restoring old registry '' >debug1: monitor_child_preauth: ldapuser has been authenticated by privileged process >debug3: mm_get_keystate: Waiting for new keys >debug3: mm_request_receive_expect entering: type 26 >debug3: mm_request_receive entering >debug3: mm_get_keystate: GOT new keys >debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth] >debug3: mm_request_receive_expect entering: type 13 [preauth] >debug3: mm_request_receive entering [preauth] >debug3: mm_auth_password: user authenticated [preauth] >debug3: send packet: type 52 [preauth] >debug3: mm_request_send entering: type 26 [preauth] >debug3: mm_send_keystate: Finished sending state [preauth] >debug1: monitor_read_log: child log fd closed >debug3: ssh_sandbox_parent_finish: finished >debug3: AIX/UsrInfo: set len 31 >User child is on pid 10813528 >debug1: permanently_set_uid: 33712/1 >debug3: monitor_apply_keystate: packet_set_state >debug2: set_newkeys: mode 0 >debug1: rekey after 134217728 blocks >debug2: set_newkeys: mode 1 >debug1: rekey after 134217728 blocks >debug1: ssh_packet_set_postauth: called >debug3: ssh_packet_set_state: done >debug3: notify_hostkeys: key 0: ssh-rsa SHA256:5Jfv3JQpaNDftFQ6ebVX2F4uRNA4Fh0aWt0WQRe1XoM >debug3: notify_hostkeys: key 1: ssh-dss SHA256:6A+aAQvDlcMdsbHU46ajFKHDq944aC/Ryr7Bpgx9SNk >debug3: notify_hostkeys: key 2: ecdsa-sha2-nistp256 SHA256:zBwFcpi5bIompaYrRb510kkwqL3lo3ttMYspIgupZBw >debug3: notify_hostkeys: sent 3 hostkeys >debug3: send packet: type 80 >debug1: Entering interactive session for SSH2. >debug2: fd 9 setting O_NONBLOCK >debug2: fd 10 setting O_NONBLOCK >debug1: server_init_dispatch >debug3: receive packet: type 90 >debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384 >debug1: input_session_request >debug1: channel 0: new [server-session] >debug2: session_new: allocate (allocated 0 max 10) >debug3: session_unused: session id 0 unused >debug1: session_new: session 0 >debug1: session_open: channel 0 >debug1: session_open: session 0: link with channel 0 >debug1: server_input_channel_open: confirm session >debug3: send packet: type 91 >debug3: receive packet: type 80 >debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0 >debug3: receive packet: type 98 >debug1: server_input_channel_req: channel 0 request pty-req reply 1 >debug1: session_by_channel: session 0 channel 0 >debug1: session_input_channel_req: session 0 req pty-req >debug1: Allocating pty. >debug3: mm_request_send entering: type 28 >debug3: mm_pty_allocate: waiting for MONITOR_ANS_PTY >debug3: mm_request_receive_expect entering: type 29 >debug3: mm_request_receive entering >debug3: mm_request_receive entering >debug3: monitor_read: checking request 28 >debug3: mm_answer_pty entering >debug2: session_new: allocate (allocated 0 max 10) >debug3: session_unused: session id 0 unused >debug1: session_new: session 0 >debug3: AIX/setauthdb set registry 'LDAP' >debug1: AIX/loginsuccess: msg Last unsuccessful login: Wed May 2 03:16:40 CDT 2018 on ssh from 127.0.0.1 >Last login: Wed May 2 03:17:00 CDT 2018 on ssh from 127.0.0.1 > >debug3: aix_restoreauthdb: restoring old registry '' >debug3: mm_request_send entering: type 29 >debug3: mm_answer_pty: tty /dev/pts/3 ptyfd 5 >debug1: session_pty_req: session 0 alloc /dev/pts/3 >debug3: send packet: type 99 >debug3: receive packet: type 98 >debug1: server_input_channel_req: channel 0 request shell reply 1 >debug1: session_by_channel: session 0 channel 0 >debug1: session_input_channel_req: session 0 req shell >Starting session: shell on pts/3 for ldapuser from 127.0.0.1 port 35661 id 0 >setsid: Operation not permitted. >debug2: fd 3 setting TCP_NODELAY >debug3: ssh_packet_set_tos: set IP_TOS 0x10 >debug2: channel 0: rfd 13 isatty >debug2: fd 13 setting O_NONBLOCK >debug3: fd 11 is O_NONBLOCK >debug3: send packet: type 99 > >Environment: > USER=ldapuser > LOGNAME=ldapuser > LOGIN=ldapuser > HOME=/home/ldapuser > PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin:/usr/java6/jre/bin:/usr/java6/bin > MAIL=/var/spool/mail/ldapuser > SHELL=/usr/bin/ksh > TZ=CST6CDT > SSH_CLIENT=127.0.0.1 35661 22 > SSH_CONNECTION=127.0.0.1 35661 127.0.0.1 22 > SSH_TTY=/dev/pts/3 > TERM=xterm > AUTHSTATE=LDAP > LANG=en_US > LOCPATH=/usr/lib/nls/loc > NLSPATH=/usr/lib/nls/msg/%L/%N:/usr/lib/nls/msg/%L/%N.cat:/usr/lib/nls/msg/%l.%c/%N:/usr/lib/nls/msg/%l.%c/%N.cat > LC__FASTMSG=true > ODMDIR=/etc/objrepos > CLCMD_PASSTHRU=1 > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3146">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 2861
:
3144
| 3146 |
3147