Bugzilla – Attachment 463 Details for
Bug 696
PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Debug output from the server and verbose o/p from the client side(both f-secure and openssh)
ssh_verbose_output.txt (text/plain), 12.26 KB, created by
Swami
on 2003-09-24 07:54:49 AEST
(
hide
)
Description:
Debug output from the server and verbose o/p from the client side(both f-secure and openssh)
Filename:
MIME Type:
Creator:
Swami
Created:
2003-09-24 07:54:49 AEST
Size:
12.26 KB
patch
obsolete
>ON THE SSH SERVER WHEN COMING IN FROM F-SECURE CLIENT >debug2: read_server_config: filename /etc/ssh/sshd_config >debug1: sshd version OpenSSH_3.7.1p2 >debug1: private host key: #0 type 0 RSA1 >debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. >debug1: read PEM private key done: type RSA >debug1: private host key: #1 type 1 RSA >debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. >debug1: read PEM private key done: type DSA >debug1: private host key: #2 type 2 DSA >debug1: Bind to port 22 on ::. >Server listening on :: port 22. >debug1: Bind to port 22 on 0.0.0.0. >Server listening on 0.0.0.0 port 22. >Generating 768 bit RSA key. >RSA key generation complete. >debug1: Server will not fork when running in debugging mode. >Connection from test_host port 939 >debug1: Client protocol version 1.5; client software version 1.2.26 >debug1: no match: 1.2.26 >debug1: Local version string SSH-1.99-OpenSSH_3.7.1p2 >debug1: Sent 768 bit server key and 1024 bit host key. >debug1: Encryption type: 3des >debug2: cipher_init: set keylen (16 -> 32) >debug2: cipher_init: set keylen (16 -> 32) >debug1: Received session key; encryption turned on. >debug1: Installing crc compensation attack detector. >debug1: PAM: initializing for "test_user" >debug3: Trying to reverse map address X.X.X.X >debug1: PAM: setting PAM_RHOST to "test_host" >debug1: PAM: setting PAM_TTY to "ssh" >debug1: Attempting authentication for test_user. >Connection closed by 192.168.10.9 >debug1: Calling cleanup 0x58f60(0x0) >debug1: PAM: cleanup >debug1: Calling cleanup 0x6da60(0x0) > > >FROM THE f-SECURE CLIENT(VERBOSE OUTPUT) >SSH Version 1.2.26 [sparc-sun-solaris2.6], protocol version 1.5. >Standard version. Does not use RSAREF. >SSH Version 1.2.26 [sparc-sun-solaris2.6], protocol version 1.5. >Standard version. Does not use RSAREF. >SSH Version 1.2.26 [sparc-sun-solaris2.6], protocol version 1.5. >Standard version. Does not use RSAREF. >test_host: ssh_connect: getuid 4141 geteuid 0 anon 0 >test_host: Connecting to ssh_server [192.168.10.10] port 22. >test_host: Allocated local port 1022. >test_host: Connection established. >test_host: Remote protocol version 1.99, remote software version OpenSSH_3.7.1p2 >test_host: Waiting for server public key. >test_host: Received server public key (768 bits) and host key (1024 bits). >test_host: Host 'ssh_server' is known and matches the host key. >test_host: Initializing random; seed file /home/test_user/.ssh/random_seed >test_host: IDEA not supported, using 3des instead. >test_host: Encryption type: 3des >test_host: Sent encrypted session key. >test_host: Installing crc compensation attack detector. >test_host: Received encrypted confirmation. >Permission denied. >> > > > > > > > > > > > > > > > > >ON THE SSH SERVER WHEN COMING IN FROM OPENSSH CLIENT >ssh_server:/etc/ssh# /sbin/sshd -d -d -d >debug2: read_server_config: filename /etc/ssh/sshd_config >debug1: sshd version OpenSSH_3.7.1p2 >debug1: private host key: #0 type 0 RSA1 >debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. >debug1: read PEM private key done: type RSA >debug1: private host key: #1 type 1 RSA >debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. >debug1: read PEM private key done: type DSA >debug1: private host key: #2 type 2 DSA >debug1: Bind to port 22 on ::. >Server listening on :: port 22. >debug1: Bind to port 22 on 0.0.0.0. >Server listening on 0.0.0.0 port 22. >Generating 768 bit RSA key. >RSA key generation complete. >debug1: Server will not fork when running in debugging mode. >Connection from test_host port 54137 >debug1: Client protocol version 2.0; client software version OpenSSH_3.4p1 >debug1: match: OpenSSH_3.4p1 pat OpenSSH_3.2*,OpenSSH_3.3*,OpenSSH_3.4*,OpenSSH_3.5* >debug1: Enabling compatibility mode for protocol 2.0 >debug1: Local version string SSH-1.99-OpenSSH_3.7.1p2 >debug1: list_hostkey_types: ssh-rsa,ssh-dss >debug1: SSH2_MSG_KEXINIT sent >debug1: SSH2_MSG_KEXINIT received >debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 >debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr >debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr >debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 >debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: first_kex_follows 0 >debug2: kex_parse_kexinit: reserved 0 >debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 >debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se >debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se >debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 >debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 >debug2: kex_parse_kexinit: none >debug2: kex_parse_kexinit: none >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: first_kex_follows 0 >debug2: kex_parse_kexinit: reserved 0 >debug2: mac_init: found hmac-md5 >debug1: kex: client->server aes128-cbc hmac-md5 none >debug2: mac_init: found hmac-md5 >debug1: kex: server->client aes128-cbc hmac-md5 none >debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received >debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent >debug2: dh_gen_key: priv key bits set: 130/256 >debug2: bits set: 1646/3191 >debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT >debug2: bits set: 1608/3191 >debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent >debug2: kex_derive_keys >debug2: set_newkeys: mode 1 >debug1: SSH2_MSG_NEWKEYS sent >debug1: expecting SSH2_MSG_NEWKEYS >debug2: set_newkeys: mode 0 >debug1: SSH2_MSG_NEWKEYS received >debug1: KEX done >debug1: userauth-request for user test_user service ssh-connection method none >debug1: attempt 0 failures 0 >debug2: input_userauth_request: setting up authctxt for test_user >debug1: PAM: initializing for "test_user" >debug3: Trying to reverse map address test_host. >debug1: PAM: setting PAM_RHOST to "wmau-core-fw1a.cambma1-dc1.cscehub.com" >debug1: PAM: setting PAM_TTY to "ssh" >debug2: input_userauth_request: try method none >Failed none for test_user from test_host port 54137 ssh2 >debug1: userauth-request for user test_user service ssh-connection method keyboard-interactive >debug1: attempt 1 failures 1 >debug2: input_userauth_request: try method keyboard-interactive >debug1: keyboard-interactive devs >debug1: auth2_challenge: user=test_user devs= >debug1: kbdint_alloc: devices 'pam' >debug2: auth2_challenge_start: devices pam >debug2: kbdint_next_device: devices <empty> >debug1: auth2_challenge_start: trying authentication method 'pam' >debug3: ssh_msg_send: type 1 >debug3: ssh_msg_recv entering >debug3: ssh_msg_recv entering >Postponed keyboard-interactive for test_user from test_host port 54137 ssh2 >Connection closed by test_host >debug1: Calling cleanup 0x58ea0(0x16c360) >debug1: Calling cleanup 0x58f60(0x0) >debug1: PAM: cleanup >debug1: Calling cleanup 0x6da60(0x0) > > > > >FROM THE OPENSSH CLIENT(VERBOSE OUTPUT) >OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f >debug1: Reading configuration data /etc/ssh/ssh_config >debug1: Rhosts Authentication disabled, originating port will not be trusted. >debug1: ssh_connect: needpriv 0 >debug1: Connecting to ssh_server [192.168.10.10] port 22. >debug1: Connection established. >debug1: identity file /home/test_user/.ssh/identity type 0 >debug1: identity file /home/test_user/.ssh/id_rsa type -1 >debug1: identity file /home/test_user/.ssh/id_dsa type -1 >debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7.1p2 >debug1: match: OpenSSH_3.7.1p2 pat OpenSSH* >Enabling compatibility mode for protocol 2.0 >debug1: Local version string SSH-2.0-OpenSSH_3.4p1 >debug1: SSH2_MSG_KEXINIT sent >debug1: SSH2_MSG_KEXINIT received >debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 >debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se >debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se >debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 >debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 >debug2: kex_parse_kexinit: none >debug2: kex_parse_kexinit: none >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: first_kex_follows 0 >debug2: kex_parse_kexinit: reserved 0 >debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 >debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr >debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr >debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 >debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: none,zlib >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: first_kex_follows 0 >debug2: kex_parse_kexinit: reserved 0 >debug2: mac_init: found hmac-md5 >debug1: kex: server->client aes128-cbc hmac-md5 none >debug2: mac_init: found hmac-md5 >debug1: kex: client->server aes128-cbc hmac-md5 none >debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent >debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP >debug1: dh_gen_key: priv key bits set: 130/256 >debug1: bits set: 1608/3191 >debug1: SSH2_MSG_KEX_DH_GEX_INIT sent >debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY >debug3: check_host_in_hostfile: filename /home/test_user/.ssh/known_hosts >debug2: key_type_from_name: unknown key type '1024' >debug3: key_read: no key found >debug3: check_host_in_hostfile: match line 447 >debug3: check_host_in_hostfile: filename /home/test_user/.ssh/known_hosts >debug3: check_host_in_hostfile: match line 447 >debug1: Host 'ssh_server' is known and matches the RSA host key. >debug1: Found key in /home/test_user/.ssh/known_hosts:447 >debug1: bits set: 1646/3191 >debug1: ssh_rsa_verify: signature correct >debug1: kex_derive_keys >debug1: newkeys: mode 1 >debug1: SSH2_MSG_NEWKEYS sent >debug1: waiting for SSH2_MSG_NEWKEYS >debug1: newkeys: mode 0 >debug1: SSH2_MSG_NEWKEYS received >debug1: done: ssh_kex2. >debug1: send SSH2_MSG_SERVICE_REQUEST >debug1: service_accept: ssh-userauth >debug1: got SSH2_MSG_SERVICE_ACCEPT >debug1: authentications that can continue: publickey,keyboard-interactive >debug3: start over, passed a different list publickey,keyboard-interactive >debug3: preferred publickey,keyboard-interactive,password >debug3: authmethod_lookup publickey >debug3: remaining preferred: keyboard-interactive,password >debug3: authmethod_is_enabled publickey >debug1: next auth method to try is publickey >debug1: try privkey: /home/test_user/.ssh/id_rsa >debug3: no such identity: /home/test_user/.ssh/id_rsa >debug1: try privkey: /home/test_user/.ssh/id_dsa >debug3: no such identity: /home/test_user/.ssh/id_dsa >debug2: we did not send a packet, disable method >debug3: authmethod_lookup keyboard-interactive >debug3: remaining preferred: password >debug3: authmethod_is_enabled keyboard-interactive >debug1: next auth method to try is keyboard-interactive >debug2: userauth_kbdint >debug2: we sent a keyboard-interactive packet, wait for reply >debug2: input_userauth_info_req >debug2: input_userauth_info_req: num_prompts 1 >Enter SecurID PASSCODE: > > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=463">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 696
: 463