Attachment 599 Details for Bug 837 – output of sshd in debug mode & sshd_config file

output of sshd in debug mode & sshd_config file

sshd_debug.txt (text/plain), 13.29 KB, created by godfrey.anderson on 2004-04-09 01:34:12 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: godfrey.anderson

Created: 2004-04-09 01:34:12 AEST

Size: 13.29 KB

patch

obsolete

>/opt/openssh/sbin/sshd -ddd -p 2222
>
>ssh -p 2022 -vvvl etl_ops unixs348
>
>$root@unixs348:# /opt/openssh/sbin/sshd -ddd -p 2222
>debug1: sshd version OpenSSH_3.4p1
>debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
>debug1: read PEM private key done: type RSA
>debug1: private host key: #0 type 1 RSA
>debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
>debug1: read PEM private key done: type DSA
>debug1: private host key: #1 type 2 DSA
>debug1: Bind to port 2222 on xx.xx.xx.xx.
>Server listening on xx.xx.xx.xx port 2222.
>debug1: Server will not fork when running in debugging mode.
>Connection from yy.yy.yy.yy port 37645
>debug1: Client protocol version 2.0; client software version OpenSSH_3.4p1
>debug1: match: OpenSSH_3.4p1 pat OpenSSH*
>Enabling compatibility mode for protocol 2.0
>debug1: Local version string SSH-2.0-OpenSSH_3.4p1
>debug2: Network child is on pid 5645
>debug3: preauth child monitor started
>debug3: mm_request_receive entering
>debug3: privsep user:group 280:280
>debug1: list_hostkey_types: ssh-rsa,ssh-dss
>debug1: SSH2_MSG_KEXINIT sent
>debug1: SSH2_MSG_KEXINIT received
>debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
>debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>debug2: kex_parse_kexinit: none,zlib
>debug2: kex_parse_kexinit: none,zlib
>debug2: kex_parse_kexinit: 
>debug2: kex_parse_kexinit: 
>debug2: kex_parse_kexinit: first_kex_follows 0 
>debug2: kex_parse_kexinit: reserved 0 
>debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
>debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>debug2: kex_parse_kexinit: none
>debug2: kex_parse_kexinit: none
>debug2: kex_parse_kexinit: 
>debug2: kex_parse_kexinit: 
>debug2: kex_parse_kexinit: first_kex_follows 0 
>debug2: kex_parse_kexinit: reserved 0 
>debug2: mac_init: found hmac-md5
>debug1: kex: client->server aes128-cbc hmac-md5 none
>debug2: mac_init: found hmac-md5
>debug1: kex: server->client aes128-cbc hmac-md5 none
>debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
>debug3: mm_request_send entering: type 0
>debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
>debug3: mm_request_receive_expect entering: type 1
>debug3: monitor_read: checking request 0debug3: mm_request_receive entering
>
>debug3: mm_answer_moduli: got parameters: 1024 2048 8192
>debug3: mm_request_send entering: type 1
>debug2: monitor_read: 0 used once, disabling now
>debug3: mm_request_receive entering
>debug3: mm_choose_dh: remaining 0
>debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
>debug1: dh_gen_key: priv key bits set: 128/256
>debug1: bits set: 1585/3191
>debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
>debug1: bits set: 1555/3191
>debug3: mm_key_sign entering
>debug3: mm_request_send entering: type 4
>debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
>debug3: mm_request_receive_expect entering: type 5
>debug3: mm_request_receive entering
>debug3: monitor_read: checking request 4
>debug3: mm_answer_sign
>debug3: mm_answer_sign: signature 10e448(143)
>debug3: mm_request_send entering: type 5
>debug2: monitor_read: 4 used once, disabling nowdebug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
>debug3: mm_request_receive entering
>
>debug1: kex_derive_keys
>debug1: newkeys: mode 1
>debug1: SSH2_MSG_NEWKEYS sent
>debug1: waiting for SSH2_MSG_NEWKEYS
>debug1: newkeys: mode 0
>debug1: SSH2_MSG_NEWKEYS received
>debug1: KEX done
>debug1: userauth-request for user etl_ops service ssh-connection method none
>debug1: attempt 0 failures 0
>debug3: mm_getpwnamallow entering
>debug3: mm_request_send entering: type 6
>debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
>debug3: mm_request_receive_expect entering: type 7
>debug3: monitor_read: checking request 6debug3: mm_request_receive entering
>
>debug3: mm_answer_pwnamallow
>debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
>debug3: mm_request_send entering: type 7
>debug2: monitor_read: 6 used once, disabling now
>debug2: input_userauth_request: setting up authctxt for etl_opsdebug3: mm_request_receive entering
>debug3: mm_start_pam entering
>
>debug3: mm_request_send entering: type 37
>debug3: mm_inform_authserv enteringdebug3: monitor_read: checking request 37
>
>debug3: mm_request_send entering: type 3
>debug1: Starting up PAM with username "etl_ops"
>debug2: input_userauth_request: try method none
>debug3: mm_auth2_read_banner entering
>debug3: mm_request_send entering: type 8
>debug3: mm_request_receive_expect entering: type 9
>debug3: mm_request_receive entering
>debug3: Trying to reverse map address yy.yy.yy.yy.
>Could not reverse map address yy.yy.yy.yy.
>debug1: PAM setting rhost to "yy.yy.yy.yy"
>debug2: monitor_read: 37 used once, disabling now
>debug3: mm_request_receive entering
>debug3: monitor_read: checking request 3
>debug3: mm_answer_authserv: service=ssh-connection, style=
>debug2: monitor_read: 3 used once, disabling now
>debug3: mm_request_receive entering
>debug3: monitor_read: checking request 8
>debug3: mm_request_send entering: type 9
>debug2: monitor_read: 8 used once, disabling now
>debug3: mm_request_receive enteringdebug1: userauth_banner: sent
>
>debug3: mm_auth_password entering
>debug3: mm_request_send entering: type 10
>debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
>debug3: monitor_read: checking request 10debug3: mm_request_receive_expect entering: type 11
>debug3: mm_answer_authpassword: sending result 0
>debug3: mm_request_send entering: type 11
>
>debug3: mm_request_receive entering
>debug3: mm_auth_password: user not authenticatedFailed none for etl_ops from yy.yy.yy.yy port 37645 ssh2
>
>debug3: mm_request_receive entering
>Failed none for etl_ops from yy.yy.yy.yy port 37645 ssh2
>debug1: userauth-request for user etl_ops service ssh-connection method publickey
>debug1: attempt 1 failures 1
>debug2: input_userauth_request: try method publickey
>debug1: test whether pkalg/pkblob are acceptable
>debug3: mm_key_allowed entering
>debug3: mm_request_send entering: type 20
>debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
>debug3: monitor_read: checking request 20debug3: mm_request_receive_expect entering: type 21
>debug3: mm_request_receive entering
>
>debug3: mm_answer_keyallowed entering
>debug3: mm_answer_keyallowed: key_from_blob: 115c30
>debug1: temporarily_use_uid: 231/101 (e=0)
>debug1: trying public key file /export/home/etl_ops/.ssh/authorized_keys
>debug3: secure_filename: checking '/export/home/etl_ops/.ssh'
>debug3: secure_filename: checking '/export/home/etl_ops'
>debug3: secure_filename: terminating check at '/export/home/etl_ops'
>debug1: matching key found: file /export/home/etl_ops/.ssh/authorized_keys, line 1
>Found matching RSA key: 61:ff:c1:f1:05:24:73:8d:8b:63:e0:4b:db:68:3e:61
>debug1: restore_uid
>debug3: mm_answer_keyallowed: key 115c30 is allowed
>debug3: mm_request_send entering: type 21
>debug3: mm_request_receive entering
>debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
>Postponed publickey for etl_ops from yy.yy.yy.yy port 37645 ssh2
>debug1: userauth-request for user etl_ops service ssh-connection method publickey
>debug1: attempt 2 failures 1
>debug2: input_userauth_request: try method publickey
>debug3: mm_key_allowed entering
>debug3: mm_request_send entering: type 20
>debug3: monitor_read: checking request 20debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
>debug3: mm_request_receive_expect entering: type 21
>debug3: mm_answer_keyallowed entering
>debug3: mm_answer_keyallowed: key_from_blob: 115c48
>
>debug3: mm_request_receive entering
>debug1: temporarily_use_uid: 231/101 (e=0)
>debug1: trying public key file /export/home/etl_ops/.ssh/authorized_keys
>debug3: secure_filename: checking '/export/home/etl_ops/.ssh'
>debug3: secure_filename: checking '/export/home/etl_ops'
>debug3: secure_filename: terminating check at '/export/home/etl_ops'
>debug1: matching key found: file /export/home/etl_ops/.ssh/authorized_keys, line 1
>Found matching RSA key: 61:ff:c1:f1:05:24:73:8d:8b:63:e0:4b:db:68:3e:61
>debug1: restore_uid
>debug3: mm_answer_keyallowed: key 115c48 is allowed
>debug3: mm_request_send entering: type 21
>debug3: mm_request_receive entering
>debug3: mm_key_verify entering
>debug3: mm_request_send entering: type 22
>debug3: monitor_read: checking request 22debug3: mm_key_verify: waiting for MONITOR_ANS_KEYVERIFY
>
>debug3: mm_request_receive_expect entering: type 23
>debug3: mm_request_receive entering
>debug1: ssh_rsa_verify: signature correct
>debug3: mm_answer_keyverify: key 115c30 signature verified
>debug3: mm_request_send entering: type 23
>debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa
>Accepted publickey for etl_ops from yy.yy.yy.yy port 37645 ssh2
>debug3: mm_send_keystate: Sending new keys: 10cb30 113b50
>debug3: mm_newkeys_to_blob: converting 10cb30
>debug3: mm_newkeys_to_blob: converting 113b50
>debug3: mm_send_keystate: New keys have been sent
>debug3: mm_send_keystate: Sending compression state
>debug3: mm_request_send entering: type 24
>debug3: mm_send_keystate: Finished sending state
>debug2: pam_acct_mgmt() = 0
>Accepted publickey for etl_ops from yy.yy.yy.yy port 37645 ssh2
>debug1: monitor_child_preauth: etl_ops has been authenticated by privileged process
>debug3: mm_get_keystate: Waiting for new keys
>debug3: mm_request_receive_expect entering: type 24
>debug3: mm_request_receive entering
>debug3: mm_newkeys_from_blob: 1170d8(118)
>debug2: mac_init: found hmac-md5
>debug3: mm_get_keystate: Waiting for second key
>debug3: mm_newkeys_from_blob: 1170d8(118)
>debug2: mac_init: found hmac-md5
>debug3: mm_get_keystate: Getting compression state
>debug3: mm_get_keystate: Getting Network I/O buffers
>debug3: mm_share_sync: Share sync
>debug3: mm_share_sync: Share sync end
>debug2: User child is on pid 5646
>debug3: mm_request_receive entering
>debug1: PAM establishing creds
>setuid 231: Not owner
>debug1: Calling cleanup 0x23844(0x0)
>debug1: Calling cleanup 0x23844(0x0)
>debug1: Calling cleanup 0x3eac4(0x0)
>$root@unixs348: # 
>
>
>The sshd_config file looks like this(ListenAddress has been changed to protect the innocence:
>
>#       $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $
>
># This is the sshd server system-wide configuration file.  See
># sshd_config(5) for more information.
>
># This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin:/opt/openssh/bi
>n
>
># The strategy used for options in the default sshd_config shipped with
># OpenSSH is to specify options with their default value where
># possible, but leave them commented.  Uncommented options change a
># default value.
>
>Port 22
>Protocol 2
>ListenAddress xx.xx.xx.xx
>#ListenAddress ::
>
># HostKey for protocol version 1
>#HostKey /etc/ssh/ssh_host_key
># HostKeys for protocol version 2
>#HostKey /etc/ssh/ssh_host_rsa_key
>#HostKey /etc/ssh/ssh_host_dsa_key
>
># Lifetime and size of ephemeral version 1 server key
>#KeyRegenerationInterval 3600
>ServerKeyBits 1024
>
># Logging
>#obsoletes QuietMode and FascistLogging
>#SyslogFacility AUTH
>#LogLevel INFO
>
># Authentication:
>
>#LoginGraceTime 600
>PermitRootLogin no
>#StrictModes yes
>
>#RSAAuthentication yes
>#PubkeyAuthentication yes
>#AuthorizedKeysFile     .ssh/authorized_keys
>
># rhosts authentication should not be used
>#RhostsAuthentication no
># Don't read the user's ~/.rhosts and ~/.shosts files
>#IgnoreRhosts yes
># For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
>#RhostsRSAAuthentication no
># similar for protocol version 2
>#HostbasedAuthentication no
># Change to yes if you don't trust ~/.ssh/known_hosts for
># RhostsRSAAuthentication and HostbasedAuthentication
>#IgnoreUserKnownHosts no
>
># To disable tunneled clear text passwords, change to no here!
>#PasswordAuthentication yes
>#PermitEmptyPasswords no
>
># Change to no to disable s/key passwords
>#ChallengeResponseAuthentication yes
>
># Kerberos options
>#KerberosAuthentication no
>#KerberosOrLocalPasswd yes
>#KerberosTicketCleanup yes
>
>#AFSTokenPassing no
>
># Kerberos TGT Passing only works with the AFS kaserver
>#KerberosTgtPassing no
>
># Set this to 'yes' to enable PAM keyboard-interactive authentication 
># Warning: enabling this may bypass the setting of 'PasswordAuthentication'
>#PAMAuthenticationViaKbdInt yes
>
>X11Forwarding yes
>#X11DisplayOffset 10
>#X11UseLocalhost yes
>PrintMotd yes
>#PrintLastLog yes
>#KeepAlive yes
>#UseLogin no
>#UsePrivilegeSeparation yes
>#Compression yes
>
>#MaxStartups 10
># no default banner path
>Banner /etc/issue
>#VerifyReverseMapping no
>
># override default of no subsystems
>Subsystem       sftp    /opt/openssh/libexec/sftp-server
>

Actions: View

Attachments on bug 837: 599 | 601