Hi Alexander. Thanks for responding. Let me know if you find anything useful.
------- Yemi On Aug 13, 2009, at 1:05 PM, Alexander Hansen wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I've had similar problems with sshd from Fink's openssh off and on > for a > long time. (check the mailing list archives) Copying the host keys > doesn't help. > > I just tried this out, and I see what appears to be the same thing, > even > when trying to log in on my local machine. > > I'll post the 'sshd -d' and 'ssh -vvv' output logs later. > > Adeyemi Adesanya wrote: >> Hi Robert. >> >> Yes, I saw the note about the host keys. The reason for trying the >> Fink port of openssh is an issue with Apple's port related to >> kerberos >> logins and kerberos ticket caching. This kerberos functionality is >> working OK in the Fink port so I don't want people to get confused. >> What is NOT working in the fink port is normal password >> authentication. I just want to get some feedback from anyone who is >> using the fink or macport version of openssh. >> >> ------- >> Yemi >> >> On Aug 12, 2009, at 3:02 PM, Robert Wyatt wrote: >> >>> Yemi, >>> Sorry that I'm not really helping, but did you read the output of >>> fink info openssh >>> regarding the notes about host keys? >>> >>> ... and what motivated you to use openssh instead of the built-in >>> sshd? I have to confess that I use the built in and am not familiar >>> with the finer points of the fink openssh implementation, which >>> means that I would be better able to help you debug the built-in. >>> >>> On the other hand, you DID come to the right mailing list, so it's >>> possible that someone else might chime in with a better answer. >>> >>> I believe this is the relevant section of your log. >>> >>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received >>> debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent >>> debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT >>> debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent >>> debug1: SSH2_MSG_NEWKEYS sent >>> debug1: expecting SSH2_MSG_NEWKEYS >>> debug1: SSH2_MSG_NEWKEYS received >>> debug1: KEX done >>> debug1: userauth-request for user yemilocal service ssh-connection >>> method none >>> debug1: attempt 0 failures 0 >>> Failed none for yemilocal from 127.0.0.1 port 49304 ssh2 >>> debug1: userauth-request for user yemilocal service ssh-connection >>> method keyboard-interactive >>> debug1: attempt 1 failures 0 >>> debug1: keyboard-interactive devs >>> debug1: auth2_challenge: user=yemilocal devs= >>> debug1: kbdint_alloc: devices '' >>> debug1: userauth-request for user yemilocal service ssh-connection >>> method password >>> debug1: attempt 2 failures 1 >>> >>> >>> >>> Adeyemi Adesanya wrote: >>>> Hi Robert. >>>> >>>> Sorry for any confusion! I'll try and simplify matters and keep >>>> kerberos out of the discuss for now. The problem is related to >>>> normal password authentication and does not involve kerberos. >>>> >>>> Basically I have an account 'yemilocal' on an OS X 10.5.x system >>>> called 'mymac'. I can ssh to yemilo...@mymac just fine when I run >>>> the default sshd on mymac (as supplied with OS X 10.5.x). However, >>>> when I run the MacPort or Fink sshd version 5.2, I am unable to >>>> login - my password is not authenticated correctly. >>>> >>>> Here's the debug output of the sshd (invoked using '/sw/bin/sshd - >>>> d). Note that I am trying to connect using the account name >>>> yemilocal from localhost. UsePAM is disabled and >>>> KerberosAuthentication is disabled: >>>> >>>> ------ >>>> Yemi >>>> >>>> >>>> >>>> On Aug 12, 2009, at 12:59 PM, Robert Wyatt wrote: >>>> >>>>> Hi Adeyemi, >>>>> >>>>> It seems I misunderstood your original question. I'm familiar with >>>>> using ssh to login from a remote computer to a local account (and >>>>> with >>>>> preventing unwanted logins of this type), it seems that's not your >>>>> goal and I'm not familiar with using Kerberos except that I know >>>>> the >>>>> machine's clocks must be synchronized. Are you using verbose >>>>> logging >>>>> to help debug your situation? >>>>> >>>>> Adeyemi Adesanya wrote: >>>>>> Hi Robert. >>>>>> >>>>>> UsePAM is disabled. Kerberos logins work great with >>>>>> KerberosAuthentication enabled but local logins do not work. >>>>>> >>>>>> I tried enabling UsePAM and things got interesting......both >>>>>> kerberos >>>>>> and local login attempts resulted in the motd (message of the >>>>>> day) >>>>>> output followed by immediate disconnection. Probably best if I >>>>>> try and >>>>>> get things working without PAM first?? >>>>>> >>>>>> ------- >>>>>> Yemi >>>>>> >>>>>> On Aug 12, 2009, at 12:21 PM, Robert Wyatt wrote: >>>>>> >>>>>>> Have you enabled UsePAM? >>>>>>> >>>>>>> Adeyemi Adesanya wrote: >>>>>>>> Hi There. >>>>>>>> >>>>>>>> I am considering running a non-Apple port of OpenSSH because >>>>>>>> the >>>>>>>> implementation of sshd that ships with OS X 10.5.x does not >>>>>>>> correctly >>>>>>>> cache forwarded Kerberos tickets. >>>>>>>> >>>>>>>> I started taking a look at the MacPorts and Fink port of >>>>>>>> OpenSSH >>>>>>>> 5.2p1. I had no problems installing it using MacPorts or Fink >>>>>>>> but I am >>>>>>>> unable to login to sshd daemon using a regular, local (not >>>>>>>> kerberos >>>>>>>> account). Has anyone had any luck with sshd? If so, could you >>>>>>>> share >>>>>>>> your sshd_config file with me? Kerberos logins work fine with >>>>>>>> the >>>>>>>> KerberosAuthentication option enabled but I'm having no luck >>>>>>>> with >>>>>>>> local account password authentication. >>>>>>>> >>>>>>>> -------- >>>>>>>> Yemi >> >> >> > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkqEcfoACgkQB8UpO3rKjQ+apACghrUpv8eeXngfdAK5TWS6uF/q > P/cAnA+LXdjxU4EFsLJommN1MBQWKi9I > =Dc3i > -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Fink-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fink-users
