Hi Robert. Yes, I saw the note about the host keys. The reason for trying the Fink port of openssh is an issue with Apple's port related to kerberos logins and kerberos ticket caching. This kerberos functionality is working OK in the Fink port so I don't want people to get confused. What is NOT working in the fink port is normal password authentication. I just want to get some feedback from anyone who is using the fink or macport version of openssh.
------- Yemi On Aug 12, 2009, at 3:02 PM, Robert Wyatt wrote: > > Yemi, > Sorry that I'm not really helping, but did you read the output of > fink info openssh > regarding the notes about host keys? > > ... and what motivated you to use openssh instead of the built-in > sshd? I have to confess that I use the built in and am not familiar > with the finer points of the fink openssh implementation, which > means that I would be better able to help you debug the built-in. > > On the other hand, you DID come to the right mailing list, so it's > possible that someone else might chime in with a better answer. > > I believe this is the relevant section of your log. > > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received > debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT > debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: KEX done > debug1: userauth-request for user yemilocal service ssh-connection > method none > debug1: attempt 0 failures 0 > Failed none for yemilocal from 127.0.0.1 port 49304 ssh2 > debug1: userauth-request for user yemilocal service ssh-connection > method keyboard-interactive > debug1: attempt 1 failures 0 > debug1: keyboard-interactive devs > debug1: auth2_challenge: user=yemilocal devs= > debug1: kbdint_alloc: devices '' > debug1: userauth-request for user yemilocal service ssh-connection > method password > debug1: attempt 2 failures 1 > > > > Adeyemi Adesanya wrote: >> Hi Robert. >> >> Sorry for any confusion! I'll try and simplify matters and keep >> kerberos out of the discuss for now. The problem is related to >> normal password authentication and does not involve kerberos. >> >> Basically I have an account 'yemilocal' on an OS X 10.5.x system >> called 'mymac'. I can ssh to yemilo...@mymac just fine when I run >> the default sshd on mymac (as supplied with OS X 10.5.x). However, >> when I run the MacPort or Fink sshd version 5.2, I am unable to >> login - my password is not authenticated correctly. >> >> Here's the debug output of the sshd (invoked using '/sw/bin/sshd - >> d). Note that I am trying to connect using the account name >> yemilocal from localhost. UsePAM is disabled and >> KerberosAuthentication is disabled: >> >> ------ >> Yemi >> >> >> >> On Aug 12, 2009, at 12:59 PM, Robert Wyatt wrote: >> >>> Hi Adeyemi, >>> >>> It seems I misunderstood your original question. I'm familiar with >>> using ssh to login from a remote computer to a local account (and >>> with >>> preventing unwanted logins of this type), it seems that's not your >>> goal and I'm not familiar with using Kerberos except that I know the >>> machine's clocks must be synchronized. Are you using verbose logging >>> to help debug your situation? >>> >>> Adeyemi Adesanya wrote: >>>> >>>> Hi Robert. >>>> >>>> UsePAM is disabled. Kerberos logins work great with >>>> KerberosAuthentication enabled but local logins do not work. >>>> >>>> I tried enabling UsePAM and things got interesting......both >>>> kerberos >>>> and local login attempts resulted in the motd (message of the day) >>>> output followed by immediate disconnection. Probably best if I >>>> try and >>>> get things working without PAM first?? >>>> >>>> ------- >>>> Yemi >>>> >>>> On Aug 12, 2009, at 12:21 PM, Robert Wyatt wrote: >>>> >>>>> Have you enabled UsePAM? >>>>> >>>>> Adeyemi Adesanya wrote: >>>>>> Hi There. >>>>>> >>>>>> I am considering running a non-Apple port of OpenSSH because the >>>>>> implementation of sshd that ships with OS X 10.5.x does not >>>>>> correctly >>>>>> cache forwarded Kerberos tickets. >>>>>> >>>>>> I started taking a look at the MacPorts and Fink port of OpenSSH >>>>>> 5.2p1. I had no problems installing it using MacPorts or Fink >>>>>> but I am >>>>>> unable to login to sshd daemon using a regular, local (not >>>>>> kerberos >>>>>> account). Has anyone had any luck with sshd? If so, could you >>>>>> share >>>>>> your sshd_config file with me? Kerberos logins work fine with the >>>>>> KerberosAuthentication option enabled but I'm having no luck with >>>>>> local account password authentication. >>>>>> >>>>>> -------- >>>>>> Yemi > ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Fink-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fink-users
